NotesFAQContact Us
Collection
Advanced
Search Tips
Peer reviewed Peer reviewed
Direct linkDirect link
ERIC Number: EJ971762
Record Type: Journal
Publication Date: 2012
Pages: 12
Abstractor: As Provided
Reference Count: 40
ISBN: N/A
ISSN: ISSN-2165-3151
Disaster at a University: A Case Study in Information Security
Ayyagari, Ramakrishna; Tyks, Jonathan
Journal of Information Technology Education: Innovations in Practice, v11 p85-96 2012
Security and disaster training is identified as a top Information Technology (IT) required skill that needs to be taught in Information Systems (IS) curriculums. Accordingly, information security and privacy have become core concepts in information system education. Providing IT security on a shoestring budget is always difficult and many small universities are challenged with balancing cost and effectiveness. Many colleges and universities have additional security challenges, such as relaxed working environments, less formalized policies and procedures, and employees that "wear many hats." Therefore, it is not surprising to note that majority of data breaches since 2005 occur in educational settings. So, it is imperative that this segment (i.e., educational settings) be represented in classroom discussions to prepare future employees. To this end, we present a case that addresses a data breach at a university caused by lax security policies and includes an element of social engineering. The data breach at the university resulted in a number of students' losing personally identifiable information. The resulting aftermath placed a significant financial burden on the university as it was not prepared to handle an information security disaster. This case can be used as a pedagogical tool as it uniquely captured a data breach in a university setting. Readers of the case will identify that at the management level the case raised a number of issues regarding the security culture at the university and management of security function. The case also highlights the issues of lack of training and access control. (Contains 2 figures and 1 table.)
Informing Science Institute. 131 Brookhill Court, Santa Rosa, CA 95409. Tel: 707-531-4925; Fax: 480-247-5724; e-mail: contactus@informingscience.org; Web site: http://www.informingscience.us/icarus/journals/jiteiip
Publication Type: Journal Articles; Reports - Research
Education Level: Higher Education
Audience: N/A
Language: English
Sponsor: N/A
Authoring Institution: N/A
Identifiers - Location: Idaho