Every year, more news outlets report cybersecurity?breaches--and higher education is not immune from these sinister trends. Cyberattacks on colleges, universities, and foundations have become more frequent, more sophisticated, and more dangerous. Successful cyberattacks can compromise an institution's reputation, result in substantial financial…

Many current investigations have analysed adolescents' risky ICT behaviours (such as excessive or addictive use), but few have explored the characteristics of low-risk behaviour in this regard. This study aimed to explore the psychosocial profile of a sample of 593 Spanish adolescents aged 13 to 18 who have been categorized as low-risk ICT users.…

This paper describes the use of two different risk assessment strategies during the design and development of a complex authentic task-based e-learning program developed by the World Health Organization (WHO). The first strategy involved the use of expert reviewers and the second strategy employed the engagement of a risk assessment expert…

This dissertation examines the risk-based approach to privacy and data protection and the role of information sensitivity within risk management. Determining what information carries the greatest risk is a multi-layered challenge that involves balancing the rights and interests of multiple actors, including data controllers, data processors, and…

Governance, risk, and compliance (GRC) issues are increasingly pervading the IT space, with these concepts transcending silos such as central and distributed IT units, information security, and service management. As campus investment in information technology and campus reliance on information systems have grown, so has the need for reliable…

Higher education IT governance, risk, and compliance (GRC) programs are in the development stage. Few institutions have all three programs in place, and many institutions are unclear where they should start when instituting or maturing their IT GRC programs. In addition, they are often uncertain as to whether GRC programs should be developed in…

This article provides a case study of work performed at King's College London to survey information management practices, policies, and procedures applied by data creators and managers within three research units and three business units, and to determine the risk factors that may limit access and use of their digital assets over time. The…

In 2013, compliance issues march, unceasingly, through every aspect of higher education. Yet the intricacies of privacy, information security, data governance, and IT policy as compliance and risk areas within the IT organization can reverberate and impact every other department within the higher education institution. The primary focus is always…

An increasing number of firms rely on highly interconnected information networks. In such environments, defense against cyber attacks is complicated by residual risks caused by the interdependence of information security decisions of firms. IT security is affected not only by a firm's own management strategies but also by those of others. This…

Insiders are one of the most serious threats to an organization's information assets. Generally speaking, there are two types of insider threats based on the insiders' intents. Malicious Insiders are individuals with varying degrees of harmful intentions. Inadvertent Insiders are individuals without malicious intent. In this dissertation, I…

The role of the Chief Information Officer (CIO), one of the newer positions in higher education senior leadership, continues to transform and evolve, often heading in surprising directions. Not only are the technologies changing at a dizzying pace, but it often feels as if the role itself, as well as what institutions need and expect from the CIO,…

Enterprise Resource Planning (ERP) systems have been regarded as one of the most important information technology developments in the past decades. While ERP systems provide the potential to bring substantial benefits, their implementations are characterized with large capital outlay, long duration, and high risks of failure including…

Current research in health care lacks a systematic investigation to identify and classify various sources of threats to information privacy when sharing health data. Identifying and classifying such threats would enable the development of effective information security risk monitoring and management policies. In this research I put the first step…

Information technology (IT) certifiers evaluate risk and develop mitigations ensuring IT infrastructures remain protected within acceptable levels of operation, which if not properly maintained can potentially result in loss of life within Department of Defense (DoD) and federal environments. This qualitative phenomenological exploratory study…

The University of Washington (UW) adopted a dual-provider cloud-computing strategy, focusing initially on software as a service. The original project--to replace an obsolete alumni e-mail system--resulted in a cloud solution that soon grew to encompass the entire campus community. The policies and contract terms UW developed, focusing on…