Educational Administration, Department of


Date of this Version



Gordon, C. (2015) Addressing Security Risks for Mobile Devices: What Higher Education Leaders Should Know (Doctoral dissertation). Retrieved from DigitalCommons@University of Nebraska - Lincoln.


A DISSERTATION Presented to the Faculty of The Graduate College at the University of Nebraska In Partial Fulfillment of Requirements For the Degree of Doctor of Philosophy, Major: Education Studies (Educational Leadership and Higher Education), Under the Supervision of Professor Miles Bryant. Lincoln, Nebraska: December, 2015

Copyright (c) 2015 Casey J. Gordon


This qualitative study examined the topic of mobile device security at higher education institutions in the Midwestern United States. This study sought to answer the question of how higher education institutions have responded to threats to campus data security posed by mobile devices. It explored the questions of what institutions are doing currently, the policies and procedures they have in place, and what leaders should do in the future.

This research study consisted of four case studies, compiled through interviews with key Information Technology (IT) professionals and faculty at each of the four institutions studied as well as an examination of the web sites of each institution.

Themes from the research included:

  • Frequent communication with faculty, staff, and students is absolutely critical to the success of security initiatives.
  • The creation of a security awareness program and security policies are critical to mitigating the highest risk area, which is the end users themselves.
  • Institutions lack the resources, both financial and staffing, to handle these growing needs.
  • There is a high need to balance access with security to ensure that the mission of higher education can still be completed.
  • As the variety of devices grows, it is critical to protect the data at the source rather than try to control the device itself.
  • Three of the four institutions studied had newly created or newly restructured Chief Information Security Officer roles.

Recommendations for future research included studying the changing dynamics of how mobile devices are used for education specifically, exploring various ways to move the emphasis of security from the device to the data itself. Research should also narrowly focus on the particular issues of passcode usage among faculty, staff, and students, as well as studying what makes a successful security awareness program. It is also necessary to examine actual security breaches that have occurred at higher education institutions and what qualities are needed in a successful Chief Information Security Officer (CISO) position.

Adviser: Miles Bryant