Information Technology Security: Governance, Strategy, and Practice in Higher Education



U.S. higher education institutions have historically enjoyed a culture of open access to information. The free flow of information faces increasing challenges as concerns about information security continue to mount. This study examines how higher education is coping with the growing cost of information technology security and with the tensions between preserving confidentiality, ensuring data integrity, and maintaining an academic environment in which information is easily available to authorized users. The study reports the results of a quantitative survey of 435 higher education institutions as well as interviews with 42 technology executives, managers, and faculty members at 18 institutions. Companion publications include case studies on incident management and information technology security at six institutions.

Table of Contents
Entire Study Information Technology Security: Governance, Strategy, and Practice in Higher Education
Ch. 1 Executive Summary
Ch. 2 Introduction
Ch. 3 Methodology and Participant Demographics
Ch. 4 IT Security Technologies Implemented by Higher Education Institutions
Ch. 5 Organization, Leadership, Policies, and Awareness
Ch. 6 IT Security Planning and Practice
Ch. 7 IT Security Incidents, Response Practices, and Procedures
Ch. 8 IT Security Program Success: What Matters
Ch. 9 Effective Practices and Lessons Learned
Ch. 10 Present and Future Alignment of Security Practices
Appendix A Interviewees in Qualitative Research
Appendix B Institutional Respondents to the Online Survey
Appendix C Glossary
Appendix D Bibliography
Case Studies
Incident Response: Lessons Learned from Georgia Tech, the University of Montana, and the University of Texas at Austin
Information Technology Security at Indiana University
Information Technology Security at MIT
Information Technology Security at the University of Washington
Online Supporting Materials
Survey Instrument
Key Findings

Download Resources