Date of Conferral



Doctor of Information Technology (D.I.T.)


Information Systems and Technology


Bob Duhainy


School districts are increasingly becoming a prime target for cybercriminals. As a result, information technology (IT) security managers in Texas school districts are concerned about hackers gaining access to network resources that could lead to data breaches on their network. Grounded in the technology threat avoidance theory, the purpose of this qualitative multiple case study was to explore strategies IT security managers use to mitigate data breaches in school district networks in Texas. The participants comprised 6 IT security managers in 3 Texas school districts whose roles involved managing and implementing data security strategies. Data collection involved conducting semistructured interviews (n = 6) and reviewing organizational, technical, district, and public documents (n = 12). Methodological triangulation was suitable for analyzing the emerging themes, and a follow-up member check served to increase data validity. Four major themes emerged: data security breach frequency and risk, data breach safe practices and control attempts, prevention challenges and response setbacks, and recommendations for strengthening data security prevention. Recommendations are for IT security managers to implement multiple security layers, promote mandatory user training, improve existing security policies, and encourage the buy-in by district leadership to support operational, technical, administrative, and physical security control synergy. The implications for positive social change include potential guidance for institutional decision-makers and IT security managers to protect their resources, promote digital transformation, comply with regulatory mandates, and generate user trust and loyalty.