dc.description.abstract | There has been increased frequency of information systems' security breaches within
universities. Studies indicate that information technology security management could be
improved if IT security management were used together with appropriate security metrics which
are based on major elements of information technology security. However, there is continued
application of inappropriate metrics within the universities. As such, estimating information
security status remains a challenge, making managing IT security difficult. The objectives of this
study were: to investigate the major elements in management of information security within
universities in Kenya, to investigate the relationship between the implementation of the major
elements and metrics in the universities in Kenya, to develop and test applicability of a suitable
information technology security implementation metrics model based on major information
technology security elements for universities in Kenya. Three-step methodological approach was
adopted as based on goal-question-metrics concepts and theory of measurement. Step one was a
review of secondary publications to ascertain the major information technology security
elements and seek the extent of application of the elements within the universities. Secondly, 91
respondents from the 70 universities in Kenya were sampled for data collection. Purposive
sampling was conducted for data collection using questionnaire and an interview schedule. In
each sampled university, 13 operation areas related to information systems were considered,
giving a total of 91 resepondents. Data was collected from the team leader of each operation
area, then analysed using SPSS, where the mean and regression model was adopted. Results
showed that while security management is conducted with respect to IT security elements, their
levels of implementation remain inadequate. Significant relationship and dependance was found
between IT security elements and metrics. Regressional coefficient of IT security elements were
found and used to develop a reliable IT security metrics' prototype aided by measurement scales
and color codes corresponding to differecnt security situations. Applicability of the model was
tested at (http://41.89.203.228/oguk) and found feasible. In conclusion, there is statistically
significant relationship between the metrics and implmentation of the elements; wherein, while
the level of implementation of IT security elements was found to contribute to the metrics,
information security policy was found to contribute more. Therefore, it is recommended that the
developed IT security implememtation metrics model be used together with the security policy
for better information systems security management. The model is recommended for policy
makers. | en_US |