Institutions of higher learning are increasingly using Information and Communication systems in administration, teaching, learning and research. This infrastructure needs to be available, secure and well protected. It therefore becomes crucial for information security practitioners in public universities to implement effective information security programs. Information security focuses on technological issues and important elements of an organization such as people, process, business strategies etc., which also mandates the need for information security. A comprehensive security framework incorporates three basic components: people, technology, and process. When correctly assembled, the people, technology, and process elements of an information security framework work together to secure the environment and remain consistent with an institutions business objectives. (Mark, C.A. Wiley & A. John Wiley, 2011)
Figure 1: Concept of People, Process and Technology
Attacks upon information security infrastructures have continued to evolve steadily overtime making the management of information security more complex and challenging than ever before (Deloitte East Africa, 2011).
Information security management systems should be implemented, maintained, monitored and reviewed regularly to ensure their effectiveness. This is according to the best practices in information security. (Amason and Willet, 2008). Information management System’s failure is very critical and would lead to losses for a university. For example, the failure of the integrated Financial Management System could lead to the process of admission of students and recruitment of new staff coming to a standstill as this system crucial. Failure of examination systems that p...
... middle of paper ...
...rol security measures. Mwakalinga hence concludes that security frameworks should be aligned with the major information systems security standards and mapped with reported ICT crimes cases. Beaudin (2015) further notes that these Colleges and universities require information security policies in place, and breach response plans to ensure that they will decrease their potential liability in the event of a breach. Ellucian (2013) confirms that cyber-attacks on colleges and universities now account for some 17 percent of all data breaches, second to the medical industry. The rise in data breaches and cyber-attacks on universities and colleges in frequency and sophistication shows there is need to investigate the current information security implementation. The study therefore seeks to assess information security system implementation in public universities in Kenya.
Whitman, M., & Mattord, H. (2010). Management of information security. (3rd ed., p. 6). Boston, MA: Cengage Learning.
Security helps the organization meet its business objectives or mission by protecting its physical and financial resources, reputation, legal position, employees, and other tangible and intangible assets through the selection and application of appropriate safeguards. Businesses should establish roles and responsibilities of all personnel and staff members. However, a Chief Information Officer should be appointed to direct an organization’s day to day management of information assets. Supporting roles are performed by the service providers and include systems operations, whose personnel design and operate the computer systems. Each team member must be held accountable in ensuring all of the rules and policies are being followed, as well as, understanding their roles, responsibilities and functions. Organizations information processing systems are vulnerable to many threats that can inflict various types of damage that can result in significant losses (Harris, 2014). Losses can come from actions from trusted employees that defraud the system, outside hackers, or from careless data entry. The major threat to information protection is error and omissions that data entry personnel, users, system operators and programmers make. To better protect business information resources, organizations should conduct a risk analysis to see what
Cyber activity has increased exponentially while security strategies lack behind. Defence funding identifies Australia’s defence priorities over the last decade highlighting counter-terrorism as the biggest security risk . The 2013 National Security Strategy continues to identify counter-terrorism as its main threat. Concern over cyber crime is apparent with the strategy, encouraging integrated policy development , yet the threat has no substantial counter strategy . In recent years the large-scale information breaches release and published online represent the vulnerability of systems including infrastructure. The case studies of Anonymous and Ransomeware raise the question of the Governments ability to counter cyb...
Yoon, C., Hwang, J., & Kim, R. (2012). Exploring Factors That Influence Students’ Behaviors in Information Security. Journal of Information Systems Education
Every organization, big or small, should have some level of security policy to protect their proprietary information. While the intensity and depth of an organization's security policy depends heavily on the nature of their business, common guidelines are mentioned in this paper that apply to all policies. One of the most important things to remember is that employees are a critical component to a successful security policy. It is the organization's job to ensure that their security policy is widely distributed and understood.
Not a long ago, technological innovation was making its baby steps into our lifestyle. There was never a major talk on cybersecurity, even though the idea was present. Progress in technology have brought new ideas and innovations that have attracted, in turn, malicious and criminal practices; with this fast paced world we live in, we cannot afford to put our plans and goals on hold in order to deal with the problem. Today, it’s fair to say that we are all trying to catch up with the pace of technological advancement, and that is a difficult thing to accomplish, due to how fast and how complex the field has grown to be. It’s the same story in the case of cybersecurity, where we seem to be forced to react, rather act. At some point, it seemed like the cyberwar was left to the IT industries organizations to handle, until many more companies have been attracted to the technology world, due to various reasons, including competition and their respective market growth, an observation confirmed by Judith H. Germano (2014): “With time and experience (and even more alarming news report), more companies are becoming aware of, and realizing they need to address, cybersecurity concerns on a proactive basis” (p. 7). Nowadays, the society is more connected than ever, making it a target for criminals more than ever, and it requires a collective effort to achieve Information Security
There are many factors that arise due to different issues with organizational management of information security. As human factor is not considered to be a threat, today it has been decided that the human factor to cogitated as an organizational management security issue. In proper perspective, the human factor influences human behavior and human error essentially is respected to cybersecurity. Applying to cybersecurity systems these factors must be measured from precise practicalities of human performance. With being clearly inadequate how humans interacts with an organization or system is exclusively focusing on the technical aspects of security (Ferguson,
Risk Management Theory. The Risk Management Theory has been around for quite some time. According to Hong, Chi, Chao, and Tang (2003), risks pertaining to IT security can be measured and evaluated by means of assessing potential attack vectors, and susceptibilities to the organization’s systems and processes. The authors suggest that the outcome of this evaluation allows for the identification of essential security programs and the employment of IT security controls to mitigate these risks. The intended outcome of utilizing this theory is to manage risks until they are at a permissible state. The Risk Management Theory, while broad in nature, does not encompass enough of the information security and risk...
The increasing proliferation and complexity of technology are creating new "opportunities" for cyber criminals to exploit. In addition, cyber crime techniques are getting ever more sophisticated. For businesses, this adds up to an increasingly more dangerous cyber threat environment. It doesn't help that human factors add to the risk. These include simple blunders, such as exposing sensitive data to the open Internet, as well as network security misconceptions and oversights. Here are two network security mistakes that invite devastating data breaches:
Whitman, M., & Mattord, H. (2011). Reading & cases in information security: law & ethics. (2011 custom ed., p. 232). Boston, MA: Cengage Learning.
Principle of Security Management by Brian R. Johnson, Published by Prentice-Hall copyright 2005 by Pearson Education, Inc.
According to the information security governance, success is often less, due to inability to value the the organisation 's information and data. This creates the discussion on the needs for security and the resources to be assigned to this.
InfoSec policies include general program policy, issue-specific security policy (ISSP) and system-specific policies (SSSPs). Programs are specific entities in the information security domain that require management. Protection encompasses all risk management activities including control, risk assessment, protection mechanisms, tools, and technologies. Each mechanism is involved in managing specific controls in an information security plan. People provide an essential link in an information security program (Tao, Lin & Lu, 2015). Managers must recognize the role played by people. Project management must be present in every element of an information security program. It involves identifying and controlling the resources applied to a project. It also involves measuring progress and adjusting any necessary
The first thing that we must consider about Information Security is that there is not a final destination at which we can arrive. IT Security is an ongoing set of processes and activities that requires attention and expertise on a daily basis. It is important to understand that systems are not secured by themselves and it is our responsibility to maintain and improve them periodically as required. It is of vital importance to establish the appropriate mechanisms and requirements in order to support the company’s CIA triad. The following report will provide you guidance about auditing and hardening techniques applied though the 7 Domains by utilizing IT Security Best Practices.
The ability to conduct warfare through technological methods has increased information security awareness and the need to protect an entities infrastructure. Subsequently, cyber warfare produces increased risk to security practitioners that employ technology and other methods to mitigate risks to information and the various systems that hold or transmit data. A significant risk to information lies in the conduct of electronic commerce, hereinafter called e-commerce. E-commerce is the purchasing or selling of goods and/or services through the internet or other electronic means (Liu, Chen, Huang, & Yang, 2013). In this article, the researcher will discuss cyber warfare risks, present an evaluation on established security measures, identify potential victims of identity theft, and present an examina...