College Planning & Management is the information resource for professionals serving the college and university market. Covering facilities, security, technology and business.
Issue link: http://collegeplanning.epubxp.com/i/122090
EMERGING TECHNOLOGY B Y D AV I D W. D O D D Top Information Technology Risks 2013 INFORMATION TECHNOLOGY NECESSITATES EFFECTIVE RISK MA NAGEMENT. E nterprise risk management (ERM) is a continuing responsibility that requires monitoring the environment for changes in the nature and severity of risks, and responding accordingly. In this column we'll consider some of the top risks relating to information technology for 2013. 1. Cyber-threats including malware. The ever-escalating "arms race" of malware continues and is in fact increasing. The global community of hackers is highly coordinated and highly effective. This requires an effective enterprise response including security software, user training, and policies and procedures in order to safeguard our systems, networks, and information. 2. Social media technology. Use of social media has become increasingly important to efforts in areas including student recruitment and alumni relations. Risks associated with social media are twofold: unfavorable content and a pathway for introducing malicious software, particularly since commercial software providers are now integrating their products with social media sites, making risk mitigation very difﬁcult. 3. Identity management (IdM) and user authentication. Achieving an effective posture in this area requires several components. Authoritative administrative functions and systems that certify students, employees, and other members of our institutional communities are vital. A fundamental shift in recent years demonstrates another critical component: a central user authentication system, or directory. security software hasn't adequately addressed mobile OSs, this is an area of signiﬁcant concern. 6. Distributed computing technology and concomitant distributed information. Nearly all of us now "take the ofﬁce 7. 8. 9. with us." But that means we also take information, including passwords. User education, virtualized access to systems and information, data encryption, and other strategies need to be pursued aggressively to mitigate risks in this area. Espionage and sabotage. The increase in state-sponsored cyber-terrorism is extremely concerning. Most of our institutions depend upon foreign students and provide them with substantial research opportunities, while simultaneously maintaining security and safeguarding intellectual property. This is critical for those of us whose institutions conduct research involving national security. Very likely this will ultimately result in increasing federal oversight and inter-institutional collaboration. Cloud computing. Cloud computing remains more connotation than deﬁnition, and while the concept has great potential, most current implementations are an area of signiﬁcant concern. Both software as a service (SaaS) and cloud-based data storage such as Google and DropBox should be reviewed on many levels that include security, conﬁdentiality, disposition of intellectual property, e-discovery fulﬁllment, and others. Human error. Human error is still considered by many analysts to be among the main causes of system and network outages. While it is essentially impossible to eliminate this as a risk factor, implementing best-practices to minimize likelihood and severity is important; rigorous internal audits and self-assessments policies and procedures can be enormously helpful if done well. Business continuity and disaster recovery. Disasters of both foreseen and unforeseen types are inevitable. The ﬁrst level of response involves identiﬁcation, preparedness, and avoidance or minimization of impact. Beyond this are the critical requirements for incident response, business continuity of missioncritical operations, and full recovery. Develop, implement, and formally test your protocol at regular intervals. 4. Integrity of institutional systems and data, particularly concerning compliance and decision-making. Our institutions 10. have become increasingly dependent upon data that supports decision-making. This is in addition to our requirements for accurate compliance reporting to state and federal agencies. All of this information comes directly from our systems and databases. If these lack integrity for any reason, our compliance is jeopardized and our decision-making compromised. 5. Mobile technology. Mobile technology is increasingly an area of risk because of the malware being produced speciﬁcally for mobile operating systems, including the iPhone and Android. Because mobile devices are user-owned and because most Information technology is a highly dynamic, rapidly evolving sector. So are the risks and threats that surround it, and the functions it provides for our institutions. Effective risk management is essential. CPM David W. Dodd is vice president of Information Technology and CIO at the Stevens Institute of Technology. He can be reached at 201/216-5491 or firstname.lastname@example.org. 64 COLLEGE PLANNING & MANAGEMENT / APRIL 2013 WWW.PLANNING 4EDUCATION.COM