The rapid adoption of enterprise resource planning (ERP), the necessity for remote access to information systems, and the swift development of digital technologies like IoT and cloud computing have increased cyberattacks on organizations, including universities. Despite not being as heavily targeted as major industries, universities have become more vulnerable due to open ERP systems, insufficient cybersecurity investment, and limited cyber expertise. This study aimed to enhance cybersecurity in Kenyan universities by identifying cybersecurity threats, assessing existing controls, and proposing a cybersecurity framework aligned with the ISO/IEC 27001:2022 standard. A descriptive survey method was used to gather quantitative data, employing Design Science Research Methodology (DSRM) for Information Systems research. The target population comprised 60 chartered Kenyan universities, divided into public and private categories. Purposive sampling selected respondents from each sampled university, while simple random sampling chose universities from each cluster. Out of 48 questionnaires distributed via Google Forms, 45 were returned, yielding a 93.75% response rate. Statistical tools such as frequency, percentages, mean, and standard deviation were used for data analysis, with results presented in tables and figures. Findings revealed that most universities had experienced cyberattacks and faced significant cybersecurity threats. Furthermore, many universities lacked adequate cybersecurity policies and controls, including organizational, human, physical, and technological measures. The proposed cybersecurity framework was evaluated and deemed suitable for mitigating cybersecurity risks in Kenyan universities. The study recommended conducting comparative studies between Kenyan universities and institutions in other countries to identify and adapt best practices to the Kenyan context.
Cite this paper
Gichubi, P. M. , Maake, B. and Chweya, R. (2024). Cybersecurity Framework for Kenyan Universities in Conformity with ISO/IEC 27001:2022 Standard. Open Access Library Journal, 11, e810. doi: http://dx.doi.org/10.4236/oalib.1110810.
Campbell, S. (2017) Cybersecurity in Higher Education: Problems and Solutions. https://www.toptal.com/insights/innovation/cybersecurity-in-higher-education
Choo, K.-K.R., Takakura, H., Lee, R. and Lee, K.T. (2023) Cybersecurity in the Higher Education Sector: Challenges, Solutions and Best Practices. Organ-izational Cybersecurity Journal, 26, 2-9.
Palmer, D. (2022) Ransomware Attacks Are Hitting Universities Hard, and They Are Feeling the Pres-sure.https://www.zdnet.com/article/ransomware-attacks-are-hitting-universities-hard-and-they-are-feeling-the-pressure/
Teng’o, S. (2017) Cyber Se-curity: Rise of the Student Hacker. https://www.standardmedia.co.ke/ureport/article/2001239325/cyber-security-rise-of-the-student-hacker
Aineah, A. (2018) Clueless Varsities Re-warding Hackers with Top Grades. https://www.standardmedia.co.ke/article/2001268939/why-research-puts-kenyan-students-fourth-on-list-of-top
European Economic and Social Committee (2018) Cybersecu-rity: Ensuring Awareness and Resilience of the Private Sector Across Europe in Face of Mounting Cyber Risks Study. https://www.eesc.europa.eu/en/our-work/publications-other-work/publications/cybersecurity-ensuring-awareness-and-resilience-private-sector-across-europe-face-mounting-cyber-risks-study#:~:text=Share4-,Cybersecurity%3A%20Ensuring%20awareness%20and%20resili
Chapman, J. (2022) Latest Cyber Impact Report Underlines Ransomware as a Huge Threat, but Financial Cost of Attacks Is Still Unclear. https://www.jisc.ac.uk/blog/latest-cyber-impact-report-underlines-ransomware-as-a-huge-threat-20-apr-2022#
Koziol, J., Watts, R. and Bottorff, C. (2023) Most Common Cyber Security Threats.https://www.forbes.com/advisor/business/common-cyber-security-threats/
Aubly, C., Bowen, E. and Frank, W. (2021) Cyber AI: Real Defense. https://www.deloitte.com/global/en/our-thinking/insights/topics/technology-manage-ment/tech-trends/2022/future-of-cybersecurity-and-ai.html
Kay, A., Hutcherson, C., Keene, C., Zhang, X. and Terwillig, M. (2021) How Financial Institutions Address Cyber-security Threats: A Critical Analysis. Issues in Information Systems, 22, 63-74.
Vijayalakshm, B. and Sailaja, M. (2016) A Study on Contemporary Challenges and Opportunities of Retail Banking in India. Global Journal of Fi-nance and Management, 8, 131-141.
Modgil, S., Dwivedi, Y.K., Rana, N.P., Gupta, S. and Kamble, S. (2022) Has Covid-19 Accelerated Opportunities for Digital Entrepreneurship? An Indian Perspective. Technological Forecasting and Social Change, 175, Article 121415. https://doi.org/10.1016/j.techfore.2021.121415
Engel, B. (2020) The History of the Internet and the Colleges That Built It.https://edtechmagazine.com/higher/article/2013/11/history-internet-and-colleges-built-it
Alawida, M., Omolara, A.E., Abiodun, O.I. and Al-Rajab, M. (2022) A Deeper Look into Cybersecurity Issues in the Wake of Covid-19: A Survey. Journal of King Saud University: Computer and Information Sciences, 34, 8176-8206. https://doi.org/10.1016/j.jksuci.2022.08.003
Jideani, P., Leenen, L., Alexander, B. and Barnes, J. (2018) Towards an Electronic Retail Cybersecurity Framework. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, Durban, 06-07 August 2018, 1-6. https://doi.org/10.1109/icabcd.2018.8465428
Kitheka, P. (2013) Information Security Management System in Public Universities in Kenya: A Gap Analysis between Common Practices and Industrial Best Practic-es.
Dillon, R., Lothian, P., Grewal, S. and Pereira, D. (2021) Cyber Security: Evolving Threats in an Ever-Changing World. In: Adrian, T.H. and Kuah, R.D., Eds., Digital Transformation in a Post-Covid World: Sustainable Innovation, Disruption and Change, CRC Press, 129-154. https://doi.org/10.1201/9781003148715-7
Fontes, E.L.G. and Balloni, A.J. (2007) Security in Information Systems: Sociotechnical Aspects. Innovation and Advanced Techniques in Computer and Information Science and Engineering, 2007, 163-166.
Denyer, D. and Tranfied, D. (2009) Producing a Systematic Re-view. In: Buchanan, D.A. and Bryman, A., Eds., The Sage Handbook of Organiza-tional Research Methods, Sage Publications, 671-689.