Top Information Technology Risks 2013

Enterprise risk management (ERM) is a continuing responsibility that requires monitoring the environment for changes in the nature and severity of risks, and responding accordingly. In this column we’ll consider some of the top risks relating to information technology for 2013.


1.    Cyber-threats including malware. The ever-escalating “arms race” of malware continues and is in fact increasing. The global community of hackers is highly coordinated and highly effective. This requires an effective enterprise response including security software, user training, and policies and procedures in order to safeguard our systems, networks, and information.

2.   Social media technology. Use of social media has become increasingly important to efforts in areas including student recruitment and alumni relations. Risks associated with social media are twofold: unfavorable content and a pathway for introducing malicious software, particularly since commercial software providers are now integrating their products with social media sites, making risk mitigation very difficult.

3.   Identity management (IdM) and user authentication. Achieving an effective posture in this area requires several components. Authoritative administrative functions and systems that certify students, employees, and other members of our institutional communities are vital. A fundamental shift in recent years demonstrates another critical component: a central user authentication system, or directory.

4.    Integrity of institutional systems and data, particularly concerning compliance and decision-making. Our institutions have become increasingly dependent upon data that supports decision-making. This is in addition to our requirements for accurate compliance reporting to state and federal agencies. All of this information comes directly from our systems and databases. If these lack integrity for any reason, our compliance is jeopardized and our decision-making compromised.

5.   Mobile technology. Mobile technology is increasingly an area of risk because of the malware being produced specifically for mobile operating systems, including the iPhone and Android. Because mobile devices are user-owned and because most security software hasn’t adequately addressed mobile OSs, this is an area of significant concern.

6.   Distributed computing technology and concomitant distributed information. Nearly all of us now “take the office with us.” But that means we also take information, including passwords. User education, virtualized access to systems and information, data encryption, and other strategies need to be pursued aggressively to mitigate risks in this area.

7.   Espionage and sabotage. The increase in state-sponsored cyber-terrorism is extremely concerning. Most of our institutions depend upon foreign students and provide them with substantial research opportunities, while simultaneously maintaining security and safeguarding intellectual property. This is critical for those of us whose institutions conduct research involving national security. Very likely this will ultimately result in increasing federal oversight and inter-institutional collaboration.

8.   Cloud computing. Cloud computing remains more connotation than definition, and while the concept has great potential, most current implementations are an area of significant concern. Both software as a service (SaaS) and cloud-based data storage such as Google and DropBox should be reviewed on many levels that include security, confidentiality, disposition of intellectual property, e-discovery fulfillment, and others.

9.   Human error. Human error is still considered by many analysts to be among the main causes of system and network outages. While it is essentially impossible to eliminate this as a risk factor, implementing best-practices to minimize likelihood and severity is important; rigorous internal audits and self-assessments policies and procedures can be enormously helpful if done well.

10.  Business continuity and disaster recovery. Disasters of both foreseen and unforeseen types are inevitable. The first level of response involves identification, preparedness, and avoidance or minimization of impact. Beyond this are the critical requirements for incident response, business continuity of mission-critical operations, and full recovery. Develop, implement, and formally test your protocol at regular intervals.

Information technology is a highly dynamic, rapidly evolving sector. So are the risks and threats that surround it, and the functions it provides for our institutions. Effective risk management is essential.  

David W. Dodd is vice president of Information Technology and CIO at the Stevens Institute of Technology. He can be reached at 201/216-5491 or [email protected].

About the Author

David W. Dodd is vice president of Information Technology and CIO at the Stevens Institute of Technology in Hoboken, NJ. He can be reached at 201/216-5491 or [email protected].

Featured

  • KI Wall Demonstrates New Solutions at NeoCon 2025

    KI Wall attended NeoCon 2025 in Chicago, Ill., last month to showcase its new architectural wall systems and collaborations, according to a news release. Its customizable, design-forward wall solutions are intended to support creativity in work, education, and healthcare environments.

  • Midland ISD Starts Construction on Two New High Schools

    The Midland Independent School District recently announced that it will break ground on two new high schools in Midland, Texas, according to a news release. The district is partnering with Pfluger Architects, Lee Lewis Construction, and Satterfield & Pontikes to create a total of over 1.5 million square feet for 8,400 students in grades 9–12.

  • Image courtesy of MiEN Company

    6 Ways to Pull Off a Major District Construction Project

    Designing and building a large-scale project on a K–12 campus is a monumental undertaking that requires the right blend of ideas, funding, design and execution to get it right. The process also relies on multiple partners, each of which has to handle its respective aspect of the project while also keeping the district’s broader mission and goals in mind.

  • Texas K–12 District to Build New Elementary, High Schools

    The High Island Independent School District on the Bolivar Peninsula in Southeast Texas recently announced that construction on a new elementary school and a new high school will begin in January 2026, according to local news. Funding will come from a $27.9-million bond passed in May 2025.

Digital Edition