Information Security : A Comprehensive Security Framework

1097 Words3 Pages

Institutions of higher learning are increasingly using Information and Communication systems in administration, teaching, learning and research. This infrastructure needs to be available, secure and well protected. It therefore becomes crucial for information security practitioners in public universities to implement effective information security programs. Information security focuses on technological issues and important elements of an organization such as people, process, business strategies etc., which also mandates the need for information security. A comprehensive security framework incorporates three basic components: people, technology, and process. When correctly assembled, the people, technology, and process elements of an information security framework work together to secure the environment and remain consistent with an institutions business objectives. (Mark, C.A. Wiley & A. John Wiley, 2011)

Figure 1: Concept of People, Process and Technology
Attacks upon information security infrastructures have continued to evolve steadily overtime making the management of information security more complex and challenging than ever before (Deloitte East Africa, 2011).
Information security management systems should be implemented, maintained, monitored and reviewed regularly to ensure their effectiveness. This is according to the best practices in information security. (Amason and Willet, 2008). Information management System’s failure is very critical and would lead to losses for a university. For example, the failure of the integrated Financial Management System could lead to the process of admission of students and recruitment of new staff coming to a standstill as this system crucial. Failure of examination systems that p...

... middle of paper ...

...rol security measures. Mwakalinga hence concludes that security frameworks should be aligned with the major information systems security standards and mapped with reported ICT crimes cases. Beaudin (2015) further notes that these Colleges and universities require information security policies in place, and breach response plans to ensure that they will decrease their potential liability in the event of a breach. Ellucian (2013) confirms that cyber-attacks on colleges and universities now account for some 17 percent of all data breaches, second to the medical industry. The rise in data breaches and cyber-attacks on universities and colleges in frequency and sophistication shows there is need to investigate the current information security implementation. The study therefore seeks to assess information security system implementation in public universities in Kenya.

Open Document