Journal of Cases on Information Technology, 15(3), 1-22, July-September 2013 Copyright © 2013, IGI Global. Copying or distributing in print or electronic forms without written permission of IGI Global is prohibited. EXECUTIVE SUMMARY Information Security breaches today affect a large number of organizations including universities, globally. They pose an immense threat to the C-I-A (confdentiality, integrity and availability) of information. Hence, it is important to have proper Information Security Management System (ISMS) designed in accordance with industry adopted standards for risk management. The current case explores the IT infrastructure at a premier Indian business school where internet support is required round the clock. The entire ISMS framework of the organization, including security policy, security budget and network components, is described. Though the security infrastructure apparently seemed to be adequate, a spate of hacking attacks targeted at the SMTP server attempted to cripple the extremely crucial email services for the period of the attack by generating spam. The primary security challenges facing the organization including nature and appropriateness of ISMS, adequacy of the security policy, budget allocation for IT security, etc., are left open for discussion. Today’s Action is Better than Tomorrow’s Cure - Evaluating Information Security at a Premier Indian Business School Saini Das, Indian Institute of Management, Indore, Madhya Pradesh, India Arunabha Mukhopadhyay, Indian Institute of Management, Lucknow, Uttar Pradesh, India Bharat Bhasker, Indian Institute of Management, Lucknow, Uttar Pradesh, India Keywords: Confdentiality, Integrity and Availability (CIA) of Information, Information Security Management System (ISMS), Network Security Components, Security Policy, Simple Mail Transfer Protocol (SMTP) DOI: 10.4018/jcit.2013070101 INTRODUCTION Mr. Rajesh Ghosh 1 , the Chairman, Computer Advisory Committee (CAC) at the ABC Institute of Management, Lucknow (AIML) 1 looked at the dark brown, wooden foor of his offce, immersed in thought about the latest hacking attempts on the Institute’s network. There was a knock on his partially open offce door. Mr. Deepak Jha, the Computer Centre (CC) manager stood at the door with a pile of documents in his hand, smiled and said “It is not that bad after all. Our Computer Centre employees are trying their best to handle the attack and the situation will soon be under control.” Mr. Ghosh however, was more worried than relieved. It was the computer centre’s