Research Publications

This ECAR research bulletin discusses the trend to use a variety of risk assessment frameworks and standards to create an information security program that is sufficiently comprehensive for colle…

This April 2008 survey is a critical component of the EDUCAUSE Center on Applied Research (ECAR) study of information security officers in higher education. It seeks to understand the important c…

This research bulletin presents a methodology, used successfully at the University of Technology, Sydney (UTS) in Australia, for managing and assessing risks related to information technology sys…

Researchers conducted this in-depth case study to complement the ECAR study, Safeguarding the Tower: IT Security in Higher Education 2006. The case study examines how four higher education instit…

This case study examines ways in which the Virginia Alliance for Secure Computing and Networking (VA SCAN) provides a blueprint for higher education institutions interested in collaboratively pro…

Presentation at EDUCAUSE 2006, October 9-12, 2006, Dallas, Texas. This presentation summarizes the findings of the EDUCAUSE Center for Applied Research 2006 study of information technology securi…

This case study examines Baylor University's risk assessment program for information technology security, which was established in the face of the escalating demands that security places on …

Successful implementation of an effective information, data, and system "security blanket" for higher education institutions requires recognition of and action upon the cultural, politi…

A well-managed security program starts at the top and must provide strong governance, business risk management, auditing, and control processes. This Burton Group study proposes a security techn…

Information security is a process of business risk management that must be performed on an ongoing basis. It is critical to take an approach to information security that examines the risks and s…