集中式IT决策与网络安全漏洞:来自美国高等教育机构的证据

Centralized IT Decision Making and Cybersecurity Breaches: Evidence from U.S. Higher Education Institutions

Journal of Management Information Systems · 2020
被引 83
FT 50ABS 4

中文导读

研究了504所美国高校四年数据,发现集中式IT治理能减少网络安全漏洞,尤其在IT基础设施多样、公立或研究密集型大学中效果更明显。

Abstract

Despite the consensus that information security should become an important consideration in information technology (IT) governance rather than the sole responsibility of the IT department, important IT governance decisions are often made on the basis of fulfilling business needs with a minimal amount of attention paid to their implications for information security. We study how an important IT governance mechanism—the degree of centralized decision making—affects the likelihood of cybersecurity breaches. Examining a sample of 504 U.S. higher-education institutions over a four-year period, we find that a university with centralized IT governance is associated with fewer breaches. Interestingly, the effect of centralized IT governance is contingent on the heterogeneity of a university’s computing environment: Universities with more heterogeneous IT infrastructure benefit more from centralized IT decision making. In addition, we find the relationship between centralized governance and cybersecurity breaches is most pronounced in public universities and those with more intensive research activities. Collectively, these findings highlight the tradeoff between granting autonomy and flexibility in the use of information systems and enforcing standardized, organization-wide security protocols.

公司治理信息安全信息技术治理高等教育网络安全