Cybersecurity leadership policy and compliance for institutions of higher education

Abstract

Cybersecurity pairs with information asset storage and security for institutions of higher education. When institutions of higher education lack effective cybersecurity leadership, cyber incidents escalate. Worldwide, institutions of higher education are experiencing threats and vulnerabilities woven in their information systems and technology applications. This requires strategic resolutions. One strategy is cybersecurity and information security policy. Research collected worldwide proves usage of cybersecurity policy aligned with federal international law, establishes a cyber culture of compliance. Furthermore, personnel, internally and externally, are the bridge to managing access to data assets, and unless they are knowledgeable of the policy mandated by the institution and its cybersecurity infrastructure, the results of non-compliance can be catastrophic. Since the United States National Institute of Standards and Technology enacted cybersecurity policy for federal information systems. Institutions of higher education must adhere to these standards and guidelines to manage threats and vulnerabilities programmed in their hardware, software, and cloud. Therefore, why are so many institutions of higher education neglecting to align policy and enforcement of policy with these standards? What problems are creating non-compliance among institutions of higher education personnel and executive leadership? How can cybersecurity leadership improve policy and compliance to control risks factors programmed in information systems, technology, and cloud applications, institutions of higher education rely on to reduce human error? To assess and answer these questions, the researcher deployed qualitative grounded theory lite research to assess trends of cybersecurity leadership at institutions of higher education and to improve policy development and compliance.