Effective information security management (ISM) practices to protect the information assets of organizations from security intrusions and attacks is imperative. In that sense, a systematic literature review of academic articles focused on ISM in higher education institutions (HEIs) is conducted. For this purpose, an empirical study was performed. Studies carried out from 2012 onward reporting results from HEIs data that perform the ISM through various means, such as a set of framework functions, implementation phases, infrastructure services, and securities to their assets, have been explored. The articles found were then analyzed following a methodological procedure consisting of a systematic mapping study with their research questions, inclusion and exclusion criteria, selection of digital libraries, and analysis of the respective search strings. A set of competencies, resources, directives, and strategies that contribute to designing and to developing an ISM framework (ISMF) for HEIs is identified based on standards such as ISO 27000, COBIT, ITIL, NIST, and EDUCAUSE. This study introduces a strategic reference that guides HEIs on the development of an ISMF and provides recommendations that should be considered for its implementation in an era of ever-evolving security threats.

必须采取有效的信息安全管理（ISM）措施来保护组织的信息资产不受安全入侵和攻击。从这个意义上讲，对高等教育机构（HEIs）中针对ISM的学术文章进行了系统的文献综述。为此，进行了一项实证研究。从2012年开始进行的研究均从HEI数据报告结果中进行了研究，这些数据通过多种方法执行ISM，例如一组框架功能，实施阶段，基础设施服务以及对其资产的证券。然后按照一种方法学程序对发现的文章进行分析，包括系统地进行制图研究及其研究问题，纳入和排除标准，选择数字图书馆以及对各个搜索字符串进行分析。根据ISO 27000，COBIT，ITIL，NIST和EDUCAUSE等标准，确定了有助于设计和开发HEI的ISM框架（ISMF）的一组能力，资源，指令和策略。这项研究引入了战略参考，可指导HEI开发ISMF，并提供在不断变化的安全威胁时代对其实施应考虑的建议。