Risk management for information security within ITgovernance in sustainable development projects: case of ESHRA GREEN CAMPUS

Abstract

In today’s sustainability-driven landscape, aligning information security, IT governance, and sustainable development is essential for building ethical and resilient systems. This dissertation explores how information security risk management can support institutional sustainability initiatives, using the Smart Green Campus project at the Algiers Higher School of Hospitality and Restaurant Management (ESHRA) as a case study. Using a qualitative action research methodology, the study evaluates ESHRA’s current IT governance and security practices. It integrates semi-structured interviews, document analysis, and Failure Mode, Effects, and Criticality Analysis (FMECA) to identify and mitigate security risks within the Smart Green Campus initiative. The findings highlight a multidimensional vision of sustainability, encompassing technological, cultural, organizational, and educational dimensions. ESHRA’s information system is shown to operate across layered infrastructure and application domains. The initial FMECA revealed 26 failure modes 3 critical, 15 moderate, and 8 acceptable. Post-intervention results showed a successful mitigation of critical risks and a substantial reduction in moderate risks, achieved through targeted measures such as automated patching, role-based access control, and robust backup solutions. This research contributes to both theory and practice by demonstrating the effectiveness of FMECA in sustainability-oriented information systems and by deepening the understanding of how information security risk management serves as a foundational pillar in achieving sustainable institutional objectives.