Exploring Information Technology Security Requirements for Academic Institutions to Reduce Information Security Attacks, Breaches, and Threats

With most organizations involved in a complex computing environment, managing and protecting information has become a primary concern. The success or failure of many organizations is contingent upon the levels of information technology (IT) and the protection of data. The securing of this information is a major challenge. Incidents of information security attacks, breaches, and threats and the costs associated with these incidents continue to be on the rise. The focus of this study was to examine the computer and information technology security needs and requirements of colleges and universities in order to provide information that may help administrators reduce or eliminate potential information security attacks, breaches, and threats and provide a foundation for future research into these critical issues from the perspectives of IT personnel within institutions of higher education. The purpose of this qualitative holistic multiple case study was to explore factors potentially contributing to improved computer and information security and reduced attacks, breaches, and threats among institutions of higher education. Perspectives gathered from IT personnel from colleges and universities throughout the state of North Carolina were examined. The sample of institutions included community colleges, and private and public colleges and universities that offer associates, bachelors, masters, and doctoral degrees within the state of North Carolina. There were a total of 13 interview participants from 12 distinct and separate institutions of higher education that were included in this study. In-depth open-ended interviews were conducted with at least one member of the institution's IT department to collect data for the study. Ten thematic categories were used to conduct this research and all relate to how institutions of higher education may be involved in computer and information security. Participants revealed various types of attacks, breaches, and threats that are common to colleges and universities and that a major way to avoid having computers and information compromised is through training, educating, and making users aware of their responsibilities. Recommendations for future research include narrowing the units of analysis down to certain colleges or universities and analyzing how the increase usage of mobile devices on institution networks and the security risks involved.