An Analysis of the Preparedness of Educational Institutions to Ensure the Security of Their Institutional Information

The purpose of this exploratory study was to analyze and examine the differences in the preparedness of educational institutions toward ensuring the security of their data by comparing their self-reported perceptions of security risks and their assessments of the corresponding risk-mitigating practices. Factors that were studied with reference to securing institutional data were aligned with the five components of information systems: hardware, software, data, procedures and people. The study examined the perceptions of security threats associated with these factors and explored the perceptions of the effectiveness of critical measures with respect to these factors within the constraints applicable to educational institutions. Given the dynamic nature of the threats to information security, this study further explored mechanisms and frequencies with which the different types of educational institutions conduct key security practices and stay up-to-date in their information security policies and procedures. The population of interest for this study consisted of a cross-sectional representation of the following types of educational institutions in the state of Florida: public and private PK-12 institutions, public and private universities, and virtual schools. At every stage of this exploratory study, comparative analyses were conducted. The researcher found no statistically significant differences between the types of educational institutions in their perceptions of security risks. However, in terms of their perceptions of the effectiveness of security measures, frequencies of key security practices and policy updates, budget allocations, and overall assessment of security preparedness, the educational institutions showed statistically significant differences