Challenges Facing Information Systems Security Management in Higher Learning Institutions: A Case Study of the Catholic University of Eastern Africa - Kenya

Authors

  • Bichanga Walter Okibo Jomo Kenyatta University of Agriculture and Technology
  • Obara Brigit Ochiche

DOI:

https://doi.org/10.17722/ijme.v3i1.122

Keywords:

Challenges, Information Systems Security, Higher learning Institutions, Performance Indicators, Management and Internet

Abstract

With the popularity of internet applications, many organizations are facing unprecedented security challenges. Security techniques and management tools have caught a lot of attention from both academia and practitioners. However, there is lacking a theoretical framework for the challenges facing information security management in higher learning institutions. Thus this research looked into the challenges facing information systems security management in higher learning institutions. The study was guided by understanding the major challenges facing Information Systems Security Management and establishing the extent of the use of Information Systems Security Management in higher learning institutions. The study used descriptive survey design. It targeted information systems projects managers, administrators or top management and other users (staff) of the systems in key departments. Systematic sampling strategy was used. Descriptive statistics of SPSS were used to analyze the data. Factor analysis technique was used to identify the major challenges that affect management of an institution’s information system security. Pearson’s Chi-Square was used to test the relationships that exist between the categorical variables. The study found out that system vulnerability, computer crime and abuse, environmental security and financial backing/security are key challenges institutions of higher learning are experiencing in the management of their information systems. The study recommends the implementation of new policies and procedures to guide information system security. Programs for monitoring and evaluating information systems security in relation to performance indicators should be put in place. Institutions should invest heavily in developing their staff through training programmes such as seminars, workshops and conferences to further develop staff skills and abilities on information systems security issues.

References

Adamkiewicz, S. L. (2005). The correlation between productivity and the use of information security controls in small business. The George Washington University, United States –District of Columbia

Anand, S. (2008). Information security implications of Sarbanes-Oxley. Information Systems Journal: A Global Perspective Vol. 17(2). pp. 70–75.

Azah A. N., and Norizan M.Y. (2010). An Analysis of Information Systems Security Management (ISSM): The Hierarchical Organizations vs. Emergent Organization, International Journal of Digital Society (IJDS)., Vol.1(3). pp. 1- 6

Ba, S. and Pavlou, P. A. (2002). "Evidence of the Effects of Trust Building Technology in Electronic Markets: Price Premiums and Buyer Behavior," MIS Quarterly. Vol 31(2). pp. 295 – 315

Bateson, J. (1997). Essential of Service marketing: The Dryden Press, Fort Worth, TX. Vol. 19(5). pp. 191-201

Borg, W.R. and Gall M.D. (1989). Educational Research. White Plains, New York: Longman.

Broucek, V. and Turner P. (2003). "A Forensic Computing Perspective on the Need to Improve User Education for Information Security Management," in Current Security Management & Ethical Issues of Information Technology. IRM Press, pp.42-49

Camp, L. J. and Lewis, S. (2004). Economics of Information Security, Dordrecht: Kluwer

Chen, E. (1997), “Active X and Java: the nest virus carriers?” Computer Technology Review, pp. 38-41.

COBIT (2007), COBIT: Control Objectives, ISACA, Rolling Meadows, IL., Cybercrime, Webster’s New Millennium(tm) Dictionary of English, 2006, Preview Edition, (V0l.9:6) http://dictionary.reference.com/browse/cybercrime, retrieved March 15, 2012

Drazin, R. and VandeVen, A.H., (1985), "Alternative forms of fit in contingency theory", Administrative

Dhillon, G. (2007). Principles of Information Systems Security: text and cases. NY: John Wiley & Sons.

Doherty, N. F. and Fulford, H. (2006). "Aligning the Information Security Policy with the Strategic Information Systems Plan," Computers & Security (23:1), pp. 55 – 63

Doherty, N. F. and Fulford, H. (2005). "Do Information Security Policies Reduce the Incidence of Security Breaches: An Exploratory Analysis," Information Resources Management Journal (18:4), pp. 20 – 38

EC, Commission of the European Communities 2007. Towards a General Policy on the Fight Against Cyber Crime. Brussels. Vol. 23(5). pp. 267

Eloff, J. H and Solms (2000). "What makes an effective information security policy?" Network Security, (20:6), pp. 14-16.

Ernst and young (2010). Borderless Security: Global Information Security Survey, Ernst and Young, London.

Field, A. (2005). Discovering statistics using SPSS, (2nd Ed.). London: Sage Publishers

Flynn, N.L. (2001). The E-policy Handbook: Designing and Implementing Effective E-mail, Internet and Software Policies, American Management Association, New York, NY.

Gaunt N (2000). Practical approaches to creating a security culture. International Journal of Medical Informatics 60(2): 151-157.

Gefen, D. (2004). "What Makes an ERP Implementation Relationship Worthwhile: Linking Trust Mechanisms and ERP Usefulness," Journal of Management Information Systems (21:1), pp. 263 – 288.

Gollmann, D. (1999), Computer Security, John Wiley & Sons, New York, NY.,

Grabner-Kräuter, S. (2002). "The Role of Consumers' Trust in Online-Shopping," Journal of Business Ethics 39, pp. 43 – 50

Gupta, M., Charturvedi, A.R., Metha, S., Valeri, L. (2001). "The experimental analysis of Information security management issues for online financial services", ICIS 2000, pp.667-675

Harris, S. (2010). CISSP Certification passport,(6th ed.). Berkeley (CA): McGraw - Hill.

Information Today Inc. (2005), Information Today: newspaper for users and producers of electronic information services vol. 22(7). http://www.infotoday.com. Retrieved September 27, 2011

Introna, L. (1997). Management, Information and Power: A narrative of the involved manager, London: MacMillan

Kabay, M.E. (1996), The NCSA Guide to Enterprise Security, McGraw-Hill, New York, NY.

Kajava, J. and Siponen, M.T. (1997). Effectively Implemented IS security Awareness – An Example from University Environment. Proceedings of IFIP-TC 11 (Sec'97/WG 11.1), 13th International

Kothari, C.R. (2004). Research methodology-Methods and Techniques, 2nd Revised ed. New Age International Ltd publishers New Delhi.

Lax and Stephen, (2000). Access Denied in the Information Age. New York: Palgrave. pp. 253Pages, index. ISBN 0-333-92019-8.

Lee, S.M., Luthans, F., Olson, D.L. (1982). "A management science approach to contingency models of organizational structure", Academy of Management Journal, Vol. 25 No.3, pp.553-66.

Lili S, Rajendra P and Theodore J, (2006). An Information System Risk Assessment Model under Dempster – Shafer Theory of Belief function. Journal of Management Information System Vol 22, No. 4 pp. 109-142.

Luthans, F. (1976), Introduction to Management: A Contingency Approach, McGraw-Hill, New York, NY

Mahnic V.; Zabkar N.: The Role of Information System Audits in the Improvement of University Information Systems. In Proc. 6th International Conference of European University Information Systems (EUNIS), Poznan, Poland, 2000; pp 101-110.

Martins A and Eloff JHP (2002). IS security Culture. Proceedings of IFIP TC-11 17th International Conference on IS security (SEC2002).

Morse, Neil J., “Protecting Against ‘Hactivists,’” Mortgage Banking, November 2006, Vol 67(1)

Mugenda, O.M. and Mugenda, A.G. (2003). Research Methods. Quantitative and Qualitative approaches. Nairobi: Africa Center for Technology Studies Press.

Nachenberg, C. (1997). “Computer virus – co-evolution”, Communications of the ACM,January pp 46-51.

National Institute of Standards and Technology Special Publication 800-30, Risk Management Guide for Information Technology Systems (July 2002); pp 8-15

Nissenbaum, H. 2005. "Where Computer Security Meets National Security," Ethics and Information Technology (7:2), pp. 61 – 73.

Owens, L.K. (2002). Introduction to Survey Research Design. SRL Fall 2002 Seminar Series.

Paul J. (2011, December 1). Hackers blamed in KU exam row The Daily Nation. Retrieved [Dec 1, 2011] from http://www.nation.co.ke/News/Hackers+blamed +in+KU+exam+row++/-/1056/1282692/-/113wbgaz/-/index.html

Pennington, R.; Wilcox, H. D. and Grover, V. (2004). "The Role of System Trust in Business-to Consumer Transactions," Journal of Management Information Systems (20:3), pp. 197- 226

Reid, R.C., Floyd, S.A. (2001), "Extending the risk analysis model to include market insurance", Computers & Security, Vol. 20 No.4, pp.331-9.

Robbins, S.P. (1994), Management, 4th ed., Prentice-Hall, Upper Saddle River, NJ.

Simson, G., Gene, S. (1991). Practical UNIX Security, O’Reilly & Associates, Sebastopol, CA.,

Siponen, M. T. (2005). "Analysis of Modern IS Security Development Approaches: Towards the Next Generation of Social and Adaptable ISS Methods," Information and Organization (15:4), pp. 339 – 375

Sitaraman, S. and Venkatesan, S. (2006). "Computer and Network Forensics," in Digital Crime andForensic Science in Cyberspace. Kanellis, P.; Kiountouzis, E.; Kolokotronis, N. & Martakos, D. (eds.), Hershey PA: Idea Group, pp. 55 – 74

Straub, D. W. and Welke R. J. (1998). "Coping with Systems Risk: Security Planning Models for Management Decision Making," MIS Quarterly, (22:4), pp. 441-470.

Symantec. (2008). Small and midsized business products. Retrieved September 26, 2011 from http://www.symantec.com/smb/products/indes.jsp.

Tavani, H. 2000. "Privacy and Security," in: Internet Ethics, Langford, D. (ed.) London: McMillan, pp. 65 – 89.

Thomas, Daniel, “Hack Attacks and Spam Set to Increase,” Computing, October 7, 2004, VNU Business Publications LTD, London.

http://www.computing.co.uk/computing/news/2071100/hack-attacks-spamset-increase, retrieved September 25, 2011.

Trigaux, R., (2000). “A history of Hacking,” St. Petersburg Times. http://www.sptimes.com/Hackers/history.hacking.html, retrieved September 23, 2011.

Tudor, J.K. (2001), Information Security Architecture, CRC Press, Boca Raton, FL.

United States Code, (2008). Public Printing and Documents: Definitions. Title 44, Section 3552. Washington, D.C.: United States Code.

Von Solms, B. (2005), “Information Security governance: COBIT or ISO 17799 or both?” Computer Security, Vol 24(2), pp.99-104.

Von Solms, R., Van Haar, H., S.H., Caelli, W.J. (1994), "A framework for information security evaluation", Information & Management, Vol. 26 No.3, pp.143-53.

Weber, R. (1999), Information System Control and Audit, Prentice-Hall, Englewood Cliffs, NJ.,

Wendy, R. 91997), Strategic Management and Information Systems (2nd edition). Great Britain: Belland Brain Ltd

Wright, M. (1999), "Third generation risk management practices", Computers & Security, Vol. 1999 No.2, pp.9-12

Downloads

Published

30-04-2014

How to Cite

Okibo, B. W., & Ochiche, O. B. (2014). Challenges Facing Information Systems Security Management in Higher Learning Institutions: A Case Study of the Catholic University of Eastern Africa - Kenya. International Journal of Management Excellence (ISSN: 2292-1648), 3(1), 336–349. https://doi.org/10.17722/ijme.v3i1.122