A Risk Management Model for an Academic Institution's Information System

A Risk Management Model for an Academic Institution's Information System

Michael Dreyfuss (Jerusalem College of Technology, Jerusalem, Israel) and Yahel Giat (Jerusalem College of Technology, Jerusalem, Israel)
Copyright: © 2018 |Pages: 14
DOI: 10.4018/IRMJ.2018010104
OnDemand PDF Download:
List Price: $37.50
10% Discount:-$3.75


This article describes a two-step decision support model for investing in information technology security, both development and application. In the first step, the risk level of each of the system's components is mapped, with the aim of identifying the subsystems that pose the highest risk. In the second step, the model determines how much to invest in various technological tools and workplace culture programs to enhance information security. An application of this model to an information system in an academic institution in Israel is described. This system comprises ten subsystems and the authors identify the three that bear the most risk. These findings are used to determine the parameters of the investment allocation problem and find the optimal investment plan. The results of the model's application indicate that hacking for the purpose of cheating is a greater threat than other types of security issues. Additionally, the results support the claim that information security officials tend to overinvest in security technological tools and underinvest in improving security workplace culture.
Article Preview

2. Literature Review

2.1. University IT Security

Due to the universities’ role as knowledge-intensive organizations, protecting their information is a public policy priority (Mok, 2005). Despite the value of the information stored in their systems, Mensch and Wilkie (2011, p. 91) find that “universities openly share a substantial amount of information and data, web sites are rarely banned and message content is not filtered”. Beyond the need to prevent the theft of valuable information, universities must also deal with the growing problem of student cheating. Three of four college students reported cheating at some point during their studies (Dick et al. 2003), with student cheating including hacking into the information systems to change grades (Smith, 2014). Examples of IT security models in academic institutions are Sridhar & Ahuja (2007) who present an implementation of security management infrastructure in a business school in India, and Drevin, Kruger & Steyn (2007) in a South African university.

Researchers have investigated the student features that affect the likelihood of computer-related crime and cheating. Our research is conducted in a college in which the majority of the student body is orthodox (religious) Jews pursuing computer sciences and related engineering degrees. Interestingly, Cronan (2006) reports that computer-savvy students are more likely to commit computer crime whereas Burton, Talpad & Haynes (2011) find that a high level of religiosity is associated with less academic cheating.

Complete Article List

Search this Journal:
Volume 36: 1 Issue (2023): Forthcoming, Available for Pre-Order
Volume 35: 4 Issues (2022): 3 Released, 1 Forthcoming
Volume 34: 4 Issues (2021)
Volume 33: 4 Issues (2020)
Volume 32: 4 Issues (2019)
Volume 31: 4 Issues (2018)
Volume 30: 4 Issues (2017)
Volume 29: 4 Issues (2016)
Volume 28: 4 Issues (2015)
Volume 27: 4 Issues (2014)
Volume 26: 4 Issues (2013)
Volume 25: 4 Issues (2012)
Volume 24: 4 Issues (2011)
Volume 23: 4 Issues (2010)
Volume 22: 4 Issues (2009)
Volume 21: 4 Issues (2008)
Volume 20: 4 Issues (2007)
Volume 19: 4 Issues (2006)
Volume 18: 4 Issues (2005)
Volume 17: 4 Issues (2004)
Volume 16: 4 Issues (2003)
Volume 15: 4 Issues (2002)
Volume 14: 4 Issues (2001)
Volume 13: 4 Issues (2000)
Volume 12: 4 Issues (1999)
Volume 11: 4 Issues (1998)
Volume 10: 4 Issues (1997)
Volume 9: 4 Issues (1996)
Volume 8: 4 Issues (1995)
Volume 7: 4 Issues (1994)
Volume 6: 4 Issues (1993)
Volume 5: 4 Issues (1992)
Volume 4: 4 Issues (1991)
Volume 3: 4 Issues (1990)
Volume 2: 4 Issues (1989)
Volume 1: 1 Issue (1988)
View Complete Journal Contents Listing