2021 EDUCAUSE Horizon Report® | Information Security Edition

 2021 EDUCAUSE Horizon Report® | Information Security Edition 

 
           The New Media Consortium (NMC) was an international community of educational technology experts that focused on exploring the use of new media and technologies. One of its notable initiatives was the NMC Horizon Project, which aimed to identify and describe emerging technologies with significant potential impact on education globally, in areas such as teaching, learning, research, and creative expression. In late 2017, the NMC ceased operations, and its assets were acquired by EDUCAUSE in 2018 continuing the work of the Horizon Project. In light of the complex threats and uncertainties in today's world, this report does not provide a definitive set of predictions. Instead, its purpose is to create a resource that empowers innovators to understand, plan for, and respond to the multitude of factors influencing information security in higher education, both present and future (EDUCAUSE Review, 2023).
 
Technology 

           Cloud Vendor Management is one of the key technologies and practices highlighted in the 2021 Horizon Report by EDUCAUSE Information Security Edition. It is recognized as a crucial aspect of balancing higher education and information security frameworks. Cloud Vendor Management refers to the process of effectively managing and overseeing the relationship between higher education institutions and third-party cloud service providers. The report emphasizes the importance of considering in-house management capabilities for systems and decision-making solutions that require third-party support and expertise. By implementing robust Cloud Vendor Management practices, higher education institutions can strike a balance between leveraging the benefits of cloud services and maintaining the security and integrity of their information systems.
           In the context of higher education, institutions often rely on cloud services for various purposes, such as data storage, collaboration tools, learning management systems, and more. While cloud services offer numerous benefits, they also introduce potential security risks and challenges. Therefore, effective management of cloud vendors becomes essential to ensure the security and privacy of institutional data. The report suggests that higher education institutions should establish clear policies and procedures for selecting, contracting, and monitoring cloud vendors. This includes conducting thorough risk assessments, evaluating the vendor's security practices, and ensuring compliance with relevant regulations and standards. Additionally, institutions should establish mechanisms for ongoing monitoring, auditing, and incident response to address any potential security issues that may arise.

                                                          Link to image courtesy of EdSurge

 
Forces 

           Two forces that impact the technology of Cloud Vendor Management in higher education information security are the need for in-house management capabilities and the importance of third-party expertise. Balancing in-house management capabilities with third-party expertise, higher education institutions can effectively manage their cloud vendor relationships and ensure the security and integrity of their information systems.
 
          1. Need for In-House Management Capabilities: The Horizon Report emphasizes the importance of considering in-house management capabilities for systems and decision-making solutions that require third-party support and expertise in Cloud Vendor Management. Higher education institutions need to have the internal capacity and expertise to effectively manage and oversee the relationship with cloud service providers. This includes understanding the security implications of using cloud services, conducting risk assessments, and ensuring compliance with data privacy regulations. By developing in-house management capabilities, institutions can have better control over their information security and make informed decisions regarding the selection and use of cloud vendors.
 
           2. Importance of Third-Party Expertise: While in-house management capabilities are crucial, institutions also need to recognize the value of third-party expertise in Cloud Vendor Management. Cloud service providers have specialized knowledge and resources to ensure the security and reliability of their services. Collaborating with trusted vendors can provide institutions with access to advanced security measures, regular updates and patches, and industry best practices. Engaging with third-party experts can help institutions navigate the complexities of cloud security and leverage the vendor's expertise to enhance their information security frameworks.
 
 
Key Trend (Social)

            There were six trends listed in Scanning the Horizon: Uber Trend: Remote Work, Social Trend, Technological Trend, Economic Trend, Environmental Trend, and Political Trend. Each trend provides a section for how each influences global higher education regarding the future shape of information security, however, social trends and their impact will be discussed.  According to the Horizon Report by EDUCAUSE, one of the social trends in information security is the impact of the cybersecurity skills gap on global higher education. The report highlights the concern that there is a lack of skilled professionals to meet the demand for evolving educational techniques in the field of information security. This gap affects higher education institutions, as students may not be adequately prepared to enter the workforce and address the challenges posed by emerging technologies. 
           The report emphasizes the need for higher education institutions to address this skills gap by incorporating innovative approaches to cybersecurity education. This includes updating curricula to address emerging technologies, providing hands-on training and practical experiences, and fostering collaboration between academia and industry to ensure that students are equipped with the necessary skills to address the evolving cybersecurity landscape. The impact of the cybersecurity skills gap on higher education is further supported by statistical evidence from the US Bureau of Labor Statistics, which indicates that the demand for information security analysts is projected to outgrow the available talent pool (Kelly et al., 2021, p.9). In summary, the social trend of the cybersecurity skills gap in information security has significant implications for global higher education. It highlights the need for educational institutions to adapt their approaches to cybersecurity education to meet the demands of the digital age and ensure that students are prepared to address the challenges posed by emerging technologies.
 
Forces

            When analyzing the social trend of the cybersecurity skills gap in information security, several forces impact this trend. Two significant forces to consider are the rapid advancement of technology and the increasing sophistication of cyber threats.
            1. Rapid Advancement of Technology: The constant evolution and rapid advancement of technology play a crucial role in shaping the cybersecurity skills gap. As new technologies emerge, such as cloud computing, artificial intelligence, Internet of Things (IoT), and blockchain, the demand for cybersecurity professionals with expertise in these areas increases. Higher education institutions must adapt their curricula to incorporate these emerging technologies and ensure that students are equipped with the necessary skills to secure these systems effectively. Failure to keep up with the pace of technological advancements can widen the skills gap and leave educational institutions struggling to produce graduates who are capable of addressing the latest cybersecurity challenges.
 
            2. Increasing Sophistication of Cyber Threats: Cyber threats are becoming more sophisticated and complex, posing significant challenges for information security professionals. Hackers and cybercriminals continuously develop new techniques and exploit vulnerabilities in systems and networks. As a result, higher education institutions need to provide students with comprehensive training and practical experiences that expose them to real-world cyber threats. This includes simulating cyber-attacks, conducting vulnerability assessments, and teaching incident response strategies. By preparing students to understand and respond effectively to advanced cyber threats, educational institutions can narrow the skills gap and produce cybersecurity professionals who are equipped to protect sensitive data and systems. 
 
            The overall significance of these forces emphasizes the importance of effective cloud vendor management and the need for educational institutions to address the cybersecurity skills gap through innovative approaches to education. By understanding and harnessing these forces, organizations can drive positive change, enhance information security practices, and prepare students to navigate the evolving landscape of cybersecurity.
 
 

Comments

Post a Comment

Popular posts from this blog

Nokia and the Consequences of Utilizing a Traditional Forecasting Model vs Scenario Planning

Image
  Nokia and the Consequences of Utilizing a Traditional Forecasting Model vs Scenario Planning Part I Case Study: Nokia Scenario-type planning, as opposed to standard forecasting, allows organizations to consider a range of potential futures and develop strategies to address each scenario. By exploring different representations of the future and considering various forces driving the market, organizations can better anticipate and respond to potential disruptions or changes. Scenario planning allows organizations to identify key drivers of change, including predetermined elements and critical uncertainties. It helps decision-makers explore different representations of the future and consider a range of potential outcomes (Avin & Goodspeed, 2020, p.3) . By incorporating scenario planning, organizations can better understand the potential impacts of different forces and develop strategies to navigate uncertainty. The forces involved in scenario planning include technologic...
Read more

Group Decision-Making Methods

Image
  Group Decision-Making Methods Link to image courtesy of UpRaise 2024 Delphi Technique (Structured Iterative Process) The Delphi Method is a structured technique that involves a panel of strategically selected experts discussing a complex topic and is NOT considered open-ended in the sense of allowing completely unrestricted and unguided responses (RAND, 2024). It simplifies the complexity of a topic by leveraging the collective opinion of the experts to involve three groups: the anonymous experts who prepare, distribute, collect, and summarize questionnaires, the experts on the subject who provide their responses, and the facilitators who manage the process. One of the key characteristics of the Delphi Method is the anonymity of the experts, ensuring that opinions are based solely on the ideas presented in the consultation, rather than personal biases or influence. The method involves iterative rounds of questionnaires, allowing for controlled feedback and refining of responses...
Read more