Abstract
Academic institutions in Iraq are increasingly challenged to align their digital transformation efforts with international standards for information security, particularly in light of growing cybersecurity threats and inconsistent institutional compliance. This study addresses the gap between the strategic need for digital advancement and the practical implementation of ISO 27001, the international standard for Information Security Management Systems (ISMS), through a case study conducted at Kut University.
The aim of the study is to assess the university’s level of adherence to ISO 27001 requirements and evaluate its role in strengthening information security and institutional trust in digital operations. The study adopts an analytical case study approach, utilizing a checklist composed of 21 items mapped to the core components of ISO 27001. It also incorporates qualitative interviews with key stakeholders and analysis of administrative and technical documentation.
The findings reveal that the overall implementation level of ISO 27001 reached 62.70%, with a recorded gap of 37.30%. This reflects an ongoing institutional commitment to security practices, albeit with significant shortfalls, particularly in documentation, staff training, and performance indicator analysis.
The study recommends adopting a comprehensive and integrated institutional model for information security management, supported by measurable internal policies, expanded training programs, and robust documentation. Such measures would help close existing gaps and enhance cybersecurity resilience across the university environment.
)