This study assessed the information security risk management practices in in Tanzanian Higher Education Institutions (HEIs).  It employed the sequential explanatory research design. Out of 51 HLIs in Tanzania, the study selected 10 HEIs from Dar es Salaam. The researchers computed the sample estimation through the Cochran’s formula for large population with a precision level of ±10 percentage and confidence level of 95%. The actual sample size was 96 ICT professionals in terms of ICT directors, network administrators, system administrators, ICT support staff and lecturers of ICT. The study used a closed-ended questionnaire, which had Yes/No questions and a structured interview, which collect qualitative data. Quantitative data analysis from the questionnaire was done through descriptive statistics using the SPSS whereas qualitative data from interviews was analyzed using the thematic analysis approach. The study uncovered a notable absence of risk management frameworks and inadequate integration of procedures within institutional strategies. While some HEIs demonstrated effective safeguarding of sensitive information, others required enhancements. The study recommend that HEIs should establish formal risk management frameworks and integrate them strategically into institutional plans. To bridge the implementation gap, HEIs should prioritize comprehensive training, require management support and tailor practices according to their specific contexts.