Top Information Technology Risks 2013

Enterprise risk management (ERM) is a continuing responsibility that requires monitoring the environment for changes in the nature and severity of risks, and responding accordingly. In this column we’ll consider some of the top risks relating to information technology for 2013.


1.    Cyber-threats including malware. The ever-escalating “arms race” of malware continues and is in fact increasing. The global community of hackers is highly coordinated and highly effective. This requires an effective enterprise response including security software, user training, and policies and procedures in order to safeguard our systems, networks, and information.

2.   Social media technology. Use of social media has become increasingly important to efforts in areas including student recruitment and alumni relations. Risks associated with social media are twofold: unfavorable content and a pathway for introducing malicious software, particularly since commercial software providers are now integrating their products with social media sites, making risk mitigation very difficult.

3.   Identity management (IdM) and user authentication. Achieving an effective posture in this area requires several components. Authoritative administrative functions and systems that certify students, employees, and other members of our institutional communities are vital. A fundamental shift in recent years demonstrates another critical component: a central user authentication system, or directory.

4.    Integrity of institutional systems and data, particularly concerning compliance and decision-making. Our institutions have become increasingly dependent upon data that supports decision-making. This is in addition to our requirements for accurate compliance reporting to state and federal agencies. All of this information comes directly from our systems and databases. If these lack integrity for any reason, our compliance is jeopardized and our decision-making compromised.

5.   Mobile technology. Mobile technology is increasingly an area of risk because of the malware being produced specifically for mobile operating systems, including the iPhone and Android. Because mobile devices are user-owned and because most security software hasn’t adequately addressed mobile OSs, this is an area of significant concern.

6.   Distributed computing technology and concomitant distributed information. Nearly all of us now “take the office with us.” But that means we also take information, including passwords. User education, virtualized access to systems and information, data encryption, and other strategies need to be pursued aggressively to mitigate risks in this area.

7.   Espionage and sabotage. The increase in state-sponsored cyber-terrorism is extremely concerning. Most of our institutions depend upon foreign students and provide them with substantial research opportunities, while simultaneously maintaining security and safeguarding intellectual property. This is critical for those of us whose institutions conduct research involving national security. Very likely this will ultimately result in increasing federal oversight and inter-institutional collaboration.

8.   Cloud computing. Cloud computing remains more connotation than definition, and while the concept has great potential, most current implementations are an area of significant concern. Both software as a service (SaaS) and cloud-based data storage such as Google and DropBox should be reviewed on many levels that include security, confidentiality, disposition of intellectual property, e-discovery fulfillment, and others.

9.   Human error. Human error is still considered by many analysts to be among the main causes of system and network outages. While it is essentially impossible to eliminate this as a risk factor, implementing best-practices to minimize likelihood and severity is important; rigorous internal audits and self-assessments policies and procedures can be enormously helpful if done well.

10.  Business continuity and disaster recovery. Disasters of both foreseen and unforeseen types are inevitable. The first level of response involves identification, preparedness, and avoidance or minimization of impact. Beyond this are the critical requirements for incident response, business continuity of mission-critical operations, and full recovery. Develop, implement, and formally test your protocol at regular intervals.

Information technology is a highly dynamic, rapidly evolving sector. So are the risks and threats that surround it, and the functions it provides for our institutions. Effective risk management is essential.  

David W. Dodd is vice president of Information Technology and CIO at the Stevens Institute of Technology. He can be reached at 201/216-5491 or [email protected].

About the Author

David W. Dodd is vice president of Information Technology and CIO at the Stevens Institute of Technology in Hoboken, NJ. He can be reached at 201/216-5491 or [email protected].

Featured

  • Florida SouthWestern State College, Skanska Partner for Humanities Hall Renovation

    Florida SouthWestern State College (FSW) in Fort Myers, Fla., recently announced that it is partnering with construction firm Skanska to renovate the school’s Humanities Hall, according to a news release.

  • ECM Technologies Wins ‘Most Innovative Business of the Year’ Award

    HVAC preventative maintenance and efficiency solutions provider ECM Technologies was recently named the “Most Innovative Business of the Year” at the 2025 Champions of Change Awards, according to a news release. The program recognizes Arizona business leaders and organizations taking steps to make a positive impact on the state through innovative thinking and philanthropy.

  • North Dakota State University Completes Music School Renovation

    North Dakota State University in Fargo, N.D., recently announced that construction on the Challey School of Music has finished, according to a news release. The university partnered with Foss Architecture & Interiors for design and Kraus-Anderson for construction services, and construction began in July 2024.

  • University of Kentucky Sees Positive Results from Energy Efficiency Program

    The University of Kentucky in Lexington, Ky., recently announced the results of its Energy Program in Facilities Management, put into place eight years ago, according to a news release. Between the fiscal years of 2017 and 2025, the university’s campus grew by 13.6% while the energy use per square foot dropped by 19.2%.

Digital Edition