AI-ready ICT security for education: a holistic framework to strengthen data integrity at Malaysia’s data centre

AI-enabled learning depends on trustworthy data. Yet, education systems often run security controls as isolated tasks, with weak governance links and few integrity metrics. This study proposes AI-Ready ICT Security for Education, a holistic framework that connects governance maturity, access-control maturity, and risk-management practice to data-integrity outcomes in Malaysia’s MOE data centre. The work is grounded in ISO/IEC 27001:2022 (ISMS and control baselines), ISO 31000/31073 (risk concepts), and the Govern function of NIST CSF 2.0 (policy, roles, accountability, and measurement). Using Design Science Research, we develop three artefacts: a policy-to-control-to-metric traceability map, an integrity indicator dictionary (e.g., MFA coverage, orphan-account rate, mean time to revoke privileged access, detect-to-correct time, checksum mismatch rate), and an implementation roadmap. Expert review and a bounded pilot evaluation support feasibility and clarity. Novelty is the integrity-centred measurement layer that operationalises international standards for an education data-centre context, enabling auditable progress towards safe, inclusive AI-supported e-learning.