Budget-Conscious Information Security Resources

According to the EDUCAUSE Core Data Service, information security spending is roughly 3% of an institution's overall IT budget spending, and there are only 2 central IT information security FTEs per 10,000 institutional FTEs. Only 34% of institutions have a dedicated person whose primary job responsibility is information security. In such an environment, how can institutions that are just starting out with an information security program, or those with even more limited resources, successfully protect institutional IT resources and data?

These resources, prepared by members of the Higher Education Information Security Council, provide budget-conscious advice for IT leaders and managers tasked with developing and delivering institutional information security programs and services.

Reports

Report Information

1. Building Resources on a Budget: Operating information security programs with scarce resources requires a fair amount of creativity and flexibility. This resource offers pragmatic and actionable ideas for building information security resources on a budget.
2. Building Institutional Capability and Sustainability: Investments in information security programs and tools need a deliberate plan for sustainability and success, especially in a budget-strapped environment. This resource provides strategies towards building information security capability and sustainability.
3. Capability Roadmap: Budget-challenged information security programs often must build from nothing. The resource shares resources on how to formulate a roadmap to create a justifiable information security stance.

Related Resources

• Always Moving Forward: Cybersecurity Strategies for Small and Midsized Organizations
• Anatomy of a Sustainable Information Security Program
• Cybersecurity Program
• EDUCAUSE Library Cybersecurity page