MePRiSIA: risk prevention methodology for academic information systems

Information of academic systems can be stolen, modified or erased by attackers, causing losses to institutions. Applying a risk prevention methodology at educational institutions would help to avoid academic information misuse by users or attackers. MePRiSIA was designed as a risk prevention methodology to be simple and easy to understand while including the human factor in each step. This methodology has four steps to be considered in the process: setting the context, risk identification, risk analysis, and risk prevention. After being applied to the academic information system of Universidad de Pamplona (Colombia) called ACADEMUSOFT. MePRiSIA was evaluated by experts. In conclusion, after applying MePRiSIA to ACADEMUSOFT, the human factor was part of its most important assets and involved in the very high-level risks identified. According to the experts, implementation of MePRiSIA is hard when institution directors do not provide staff and financial resources for this purpose.