Documents Contributed by ECAR and Security Management

This April 2008 survey is a critical component of the EDUCAUSE Center on Applied Research (ECAR) study of information security officers in higher education. It seeks to understand the important characteristics and career paths of those engaged in day-to-day IT security management in colleges and universities.

How To Cite This Work: EDUCAUSE Center for Applied Research. "IT Security Officer Survey" (Survey Instrument). Boulder, CO: ECAR, 2008, available from http://www.educause.edu/ecar.

This research bulletin explores three of the most compelling views of our longer term future, the role of technology in those possible futures, and the impact these alternative futures may have on higher education. The alternatives range from a future of extreme constraint and possible collapse (Heinberg’s peak oil scenario) to one of unprecedented abundance, where most of the current work of higher education will be automated (Kurzweil’s singularity). Between these extremes is the more immediate future of globalization and the intensified competitive and collaborative world its proponents espouse (Friedman’s flat world).

Citation for this work: Franke, Thomas L. “How Technology Will Shape Our Future: Three Views of the Twenty-First Century” (Research Bulletin, Issue 2). Boulder, CO: EDUCAUSE Center for Applied Research, 2008, available from http://www.educause.edu/ecar.

Presentation at the Sixth Annual ECAR Symposium, December 5-7, 2007, in Boca Raton, Florida. In June 2007 EDUCAUSE Vice President Richard Katz began a personal and organizational voyage of discovery. Katz and University of British Columbia CIO Ted Dodds visited 10 European countries and dozens of universities in four months. This talk summarizes a portion of their findings, both personal and professional.

How to Cite This Work: Katz, Richard N. "IT's a Small World - Observations of a Global Community." Presentation at the ECAR Symposium, Boca Raton, FL, December 5-7, 2007, available from http://www.educause.edu/ecar.

This July 2007 survey is part of a study of identity management and information technology (IT) security in higher education sponsored by CAUDIT in Australasia, by EUNIS in Europe, and by the EDUCAUSE Center for Applied Research (ECAR) in North America. Data from this study will form the basis of a report designed to help institutions position themselves in these evolving areas. Identity management refers to the business processes and infrastructure required to support the use of digital identities. Identity management is not the same as, but is related to, IT security, another top concern of IT leaders in higher education. The survey focuses on the key functions of establishing identity, user authentication, and authorization, as well as supporting infrastructures such as enterprise directory, reduced/single sign-on, and federated identity.

This bulletin discusses some of the lessons learned by the Emory College, Faculty of Arts and Sciences, in developing its information technology security strategy, as well as what other schools grappling with security should consider when implementing a local security strategy. Research in this bulletin is drawn from the experiences of the Emory College, along with interviews of IT lead personnel from five of Emory's graduate and undergraduate schools: the School of Law, the School of Nursing, the School of Medicine, the School of Public Health, and the School of Business.

When ECAR studied IT security in 2003, we discovered that despite efforts to develop a secure IT infrastructure in higher education, uneven management awareness and a culture that equated good IT security with the curtailment of academic freedom constrained IT security options and choices. The results of this 2006 study of IT security in higher education demonstrate that there has been a sea change in less than three years. This study not only assesses the current condition of IT security practice, but documents changes in practice over time among a constant set of respondents. Among 492 total survey respondents, fully 204 institutions responded to both the 2003 and the 2005 surveys. Extraordinary changes in both hard and soft security measures were reported. Nearly one-third of responding institutions now have a chief information security officer, and more than 60 percent of the 2005 respondents have a centralized IT security function. The study is supported with qualitative interviews from 18 higher education institutions and organizations and with three case studies.

This roadmap synthesizes the important issues and recommended actions drawn from the ECAR study, Safeguarding the Tower: IT Security in Higher Education 2006. When ECAR studied IT security in 2003, we discovered that despite efforts to develop a secure IT infrastructure in higher education, uneven management awareness and a culture that equated good IT security with the curtailment of academic freedom constrained IT security options and choices. The results of this 2006 study of IT security in higher education demonstrate that there has been a sea change in less than three years. This study not only assesses the current condition of IT security practice, but documents changes in practice over time among a constant set of respondents. Among 492 total survey respondents, fully 204 institutions responded to both the 2003 and the 2005 surveys.

This document presents the key findings of the ECAR study, Safeguarding the Tower: IT Security in Higher Education 2006. When ECAR studied IT security in 2003, we discovered that despite efforts to develop a secure IT infrastructure in higher education, uneven management awareness and a culture that equated good IT security with the curtailment of academic freedom constrained IT security options and choices. The results of this 2006 study of IT security in higher education demonstrate that there has been a sea change in less than three years. This study not only assesses the current condition of IT security practice, but documents changes in practice over time among a constant set of respondents. Among 492 total survey respondents, fully 204 institutions responded to both the 2003 and the 2005 surveys. Extraordinary changes in both hard and soft security measures were reported. Nearly one-third of responding institutions now have a chief information security officer, and more than 60 percent of the 2005 respondents have a centralized IT security function.

This bulletin is a companion to Campus IT Security: Governance, Strategy, Policy, and Enforcement, ECAR's 2006 bulletin (No. 17) by the same authors. Security technologies provide various types of protection to the campus, including technologies that secure the network, control access, encrypt data, facilitate backups, provide virus protection, and supply enterprise directory services. This research bulletin focuses on the emerging set of technologies that fall under the broad category of identify management. It is based on a literature review, campus interviews, and the firsthand experience of the authors.

Successful implementation of an effective information, data, and system "security blanket" for higher education institutions requires recognition of and action upon the cultural, political, and regulatory fronts. Data stewards; policy makers; central and departmental IT staff; and students, faculties, and staff members all have a role to play. This bulletin is based on the research of current IT security literature and on interviews with representatives from multiple campuses. It offers a broad survey of the current nontechnical issues facing higher education as it attempts to secure information assets and systems.