Documents Contributed by ECAR, Incident Handling and Response, and Research Studies

This study looks at IT unit readiness to foster and support the functioning of colleges and universities that are challenged by disruption. Responding to a well-documented increase of interest in business continuity and disaster recovery issues among higher education CIOs, ECAR designed the study to inform executives about how institutions approach continuity issues and to identify practices that are associated with good BC outcomes. The study methodology included a literature review; consultation with a select group of CIOs and BC experts for the purpose of identifying and validating research questions; a quantitative survey of IT administrators (mostly CIOs) at 340 higher education institutions; post-survey interviews with 15 executives and IT staff members involved in BC; a quantitative survey of institutional business officers (mostly CBOs/CFOs) at 247 member institutions of the National Association of College and University Business Officers (NACUBO); and four case studies looking at BC planning and operations Florida State University, New York University, Pace University, UC–Davis, and UCLA.

This study looks at IT unit readiness to foster and support the functioning of colleges and universities that are challenged by disruption. Responding to a well-documented increase of interest in business continuity and disaster recovery issues among higher education CIOs, ECAR designed the study to inform executives about how institutions approach continuity issues and to identify practices that are associated with good BC outcomes. The study methodology included a literature review; consultation with a select group of CIOs and BC experts for the purpose of identifying and validating research questions; a quantitative survey of IT administrators (mostly CIOs) at 340 higher education institutions; post-survey interviews with 15 executives and IT staff members involved in BC; a quantitative survey of institutional business officers (mostly CBOs/CFOs) at 247 member institutions of the National Association of College and University Business Officers (NACUBO); and four case studies looking at BC planning and operations Florida State University, New York University, Pace University, UC–Davis, and UCLA.

Information security is a process of business risk management that must be performed on an ongoing basis. It is critical to take an approach to information security that examines the risks and security objectives within the environment in which the organization operates. Any comprehensive approach to information security must include a feedback mechanism that measures the performance of the process so that risks are managed appropriately and determines whether the organization's security objectives are being met. Burton Group (www.burtongroup.com) provides technically in-depth research and advisory services for colleges and universities, government agencies, and commercial enterprises. Burton Group's practical and unbiased research and advice helps technologists make smart IT infrastructure decisions in increasingly complex environments. Burton Group covers directories, identity management, application platforms, architecture, and network and telecom infrastructure topics. Like ECAR, Burton Group is an unbiased advocate for the user and more than 80 percent of Burton Group's clients are user organizations rather than suppliers.

U.S. higher education institutions have historically enjoyed a culture of open access to information. The free flow of information faces increasing challenges as concerns about information security continue to mount. This study examines how higher education is coping with the growing cost of information technology security and with the tensions between preserving confidentiality, ensuring data integrity, and maintaining an academic environment in which information is easily available to authorized users. The study reports the results of a quantitative survey of 435 higher education institutions as well as interviews with 42 technology executives, managers, and faculty members at 18 institutions. Companion publications include case studies on incident management and information technology security at six institutions.