The purpose of this research was to know the degree of administrative knowledge, the degree of training of human resources, the degree of commitment of administrators and the degree of effectiveness of the administration for information security risk based on ISO/IEC 27001.The population consisted of 81 subjects (66 administrators and 15 ITD personnel). Those evaluated were employers of the administrative office of the university and also staff of the Information Technology Department (ITD). To make the comparisons, three groups of managers were formed according to classifications of administrative staff, the classification was as follows: (a) first-line manager, (b) middle management and (c) top management. About the results, it can be corroborated that administrative staff with a lower rank have more problems in making the best decisions in relation to the implementation of an ISMS, it should be noted that the first-line manager is the one who has more contact with the students and is the one who is less involved in the implementation of an ISMS. It can also be inferred that the institution\'s planners are not fully trained in the institution\'s information security efforts. This in turn prevents the generation of proposals for initiatives to implement an ISMS. With this shortcoming, it is possible that security breaches could be generated.

翻译：本研究旨在了解基于ISO/IEC 27001的信息安全风险管理中，管理层知识水平、人力资源培训程度、管理者承诺度及管理有效性。研究对象包括81名受试者（66名管理人员和15名信息技术部门人员），评估对象为大学行政办公室的雇主及信息技术部门员工。为进行比较分析，根据行政人员分类标准将管理者分为三组：（a）一线管理者、（b）中层管理者和（c）高层管理者。研究结果证实，较低职级的行政人员在信息安全管理体系实施相关决策方面面临更大困难，值得注意的是，一线管理者与学生接触最频繁，但参与信息安全管理体系实施的程度最低。此外可推断，该机构的规划人员未能在信息安全工作中得到充分培训，进而阻碍了信息安全管理体系实施倡议的提出。这一缺陷可能导致安全漏洞的产生。