Enhancing CIA Triad—Confidentiality, Integrity and Availability in Educational Information Systems Through Next-Generation ISO/IEC 27001:2022-Aligned Security Model

Educational information systems have evolved into highly interconnected digital landscapes that support learning management platforms, student information systems, institutional repositories, and online assessment environments. As these systems increasingly operate across cloud infrastructures and mobile devices, ensuring the confidentiality, integrity, and availability (CIA Triad) of educational data is critical for safeguarding institutional operations and maintaining trust in digital education services. This paper investigates how next-generation security protocols, such as adaptive multi-factor authentication and advanced access control and data protection mechanisms, can reinforce ISO/IEC 27001:2022 requirements within contemporary educational information systems. The analysis maps emerging protocol capabilities to relevant new ISO/IEC 27001:2022 control domains, illustrating how they mitigate threats associated with unauthorized access, data manipulation, and service disruption. The proposed framework is further supported by an implementation-oriented mapping and an illustrative operational architecture that demonstrates the feasibility of translating prioritized security determinants into practical mechanisms. The FAHP analysis identifies access control mechanisms, backup and recovery, and data validation as the three highest-weighted determinants, with aggregate weights of 0.061, 0.059, and 0.057, respectively. These determinants are translated into a determinant-driven Security Operationalization Matrix that connects ISO/IEC 27001:2022 control domains, CIA dimensions, and technology recommendations, and is complemented by implementation feasibility considerations tailored to the budgetary, infrastructural, and resource constraints characteristic of educational institutions. Based on the prioritization results and conceptual operationalization, the proposed integrative approach provides a structured and progressively adoptable foundation for CIA-oriented security governance in digital educational environments.