Documents Contributed by ECAR, IT Governance, and Research Bulletins

This ECAR research bulletin discusses the trend to use a variety of risk assessment frameworks and standards to create an information security program that is sufficiently comprehensive for colleges and universities. These standards include the Control Objectives for Information and related Technology (CobiT) IT control framework, the Information Technology Infrastructure Library (ITIL) service management framework, and the set of information control objectives now commonly referred to as ISO 27001. In specific, the process of implementing this framework at Georgia State University (GSU) is discussed. In addition, the bulletin provides a rationale for an information security governance framework that enables executives to see the degree to which their information security programs are effective in assessing and mitigating risks, protecting confidential data, aligning goals with institutional academic and business objectives, and continuously improving over time.

Citation for this work: Clark, Tammy L., and Toby D. Sitko “Information Security Governance: Standardizing the Practice of Information Security” (Research Bulletin, Issue 17). Boulder, CO: EDUCAUSE Center for Applied Research, 2008, available from http://www.educause.edu/ecar.

 This ECAR research bulletin introduces the Amherst H. Wilder Foundation research on successful collaborative practices in the context of higher education. It details 20 collaborative success factors and maps them to relevant examples gleaned from research on IT collaboration conducted by ECAR.

Citation for this work: Pirani, Judith A., and Toby D. Sitko. “Happy Families, Good Fences, and Winning IT Collaborations” (Research Bulletin, Issue 15). Boulder, CO: EDUCAUSE Center for Applied Research, 2008, available from http://www.educause.edu/ecar.

This research bulletin explores the importance of focusing on innovation in decision-making about IT. Acknowledging the apparent dichotomy between the efficient use of resources in a centralized IT model and the effective application of IT resources toward innovative research and pedagogy, the bulletin presents a model for IT service delivery that can be used or adapted in colleges and universities.

Citation for this work: Frederick, Lawrence W. “Recasting the Centralization–Decentralization Debate: Advancing the Innovation Support Cycle” (Research Bulletin, Issue 10). Boulder, CO: EDUCAUSE Center for Applied Research, 2008, available from http://www.educause.edu/ecar.

This research bulletin examines the ways many research universities govern their IT activities, explores some inherent problems in these processes, identifies several good practices, and suggests changes that may improve the current state of the art. It draws on research conducted by MIT and ECAR on IT alignment and governance; information submitted to the EDUCAUSE Core Data Service survey; the results of an extensive review of IT governance at the University of California, Berkeley; a one-day governance workshop hosted by the Common Solutions Group; the work of a project team participating in the IT Leaders Project; and the observations and results of several external review committees on which the author has served.

Successful implementation of an effective information, data, and system "security blanket" for higher education institutions requires recognition of and action upon the cultural, political, and regulatory fronts. Data stewards; policy makers; central and departmental IT staff; and students, faculties, and staff members all have a role to play. This bulletin is based on the research of current IT security literature and on interviews with representatives from multiple campuses. It offers a broad survey of the current nontechnical issues facing higher education as it attempts to secure information assets and systems.

This bulletin discusses the processes being applied to refine the focus of the University of Toronto's institution-wide Web space to better serve the community in a more coordinated manner. It addresses issues relating to assessment, changing governance, process management, implementation, and feedback.

This research bulletin provides an overview of IT governance, explains why such governance is important, describes the IT governance work at Syracuse University, and outlines how other institutions can model their governance structures. Frameworks, models, and applied research based on the work of Peter Weill and Jeanne Ross provide practical steps toward evaluating and improving institution-wide IT governance structures.