Cybersecurity Framework for Kenyan Universities in Conformity with ISO/IEC 27001:2022 Standard

doi:10.4236/oalib.1110810

OALib Journal期刊
ISSN: 2333-9721
费用：99美元

查看量	下载量

Open Access Library Journal 11 2024

查看所有领域

Cybersecurity Framework for Kenyan Universities in Conformity with ISO/IEC 27001:2022 Standard

DOI: 10.4236/oalib.1110810, PP. 1-15

Patrick Macharia Gichubi,Bernard Maake,Ruth Chweya

Subject Areas: Information and Communication: Security, Privacy, and Trust

Keywords: Cybersecurity, ISO/IEC 27001, Standards, Framework, Threats, Risks, Kenya, University

Full-Text Cite this paper Add to My Lib

Abstract

The rapid adoption of enterprise resource planning (ERP), the necessity for remote access to information systems, and the swift development of digital technologies like IoT and cloud computing have increased cyberattacks on organizations, including universities. Despite not being as heavily targeted as major industries, universities have become more vulnerable due to open ERP systems, insufficient cybersecurity investment, and limited cyber expertise. This study aimed to enhance cybersecurity in Kenyan universities by identifying cybersecurity threats, assessing existing controls, and proposing a cybersecurity framework aligned with the ISO/IEC 27001:2022 standard. A descriptive survey method was used to gather quantitative data, employing Design Science Research Methodology (DSRM) for Information Systems research. The target population comprised 60 chartered Kenyan universities, divided into public and private categories. Purposive sampling selected respondents from each sampled university, while simple random sampling chose universities from each cluster. Out of 48 questionnaires distributed via Google Forms, 45 were returned, yielding a 93.75% response rate. Statistical tools such as frequency, percentages, mean, and standard deviation were used for data analysis, with results presented in tables and figures. Findings revealed that most universities had experienced cyberattacks and faced significant cybersecurity threats. Furthermore, many universities lacked adequate cybersecurity policies and controls, including organizational, human, physical, and technological measures. The proposed cybersecurity framework was evaluated and deemed suitable for mitigating cybersecurity risks in Kenyan universities. The study recommended conducting comparative studies between Kenyan universities and institutions in other countries to identify and adapt best practices to the Kenyan context.

Cite this paper

Gichubi, P. M. , Maake, B. and Chweya, R. (2024). Cybersecurity Framework for Kenyan Universities in Conformity with ISO/IEC 27001:2022 Standard. Open Access Library Journal, 11, e810. doi: http://dx.doi.org/10.4236/oalib.1110810.

References

[1]	Powell, O. (2022) The Biggest Data Breaches and Leaks of 2022.
[2]	Check Point (2022) Check Point Software 2022 Security Report.
[3]	Miller, E. (2022) The State of Cybersecurity in Higher Education: Top Insights and Trends.
[4]	Colaco, S. (2022) Cybersecurity in Education. https://kitaboo.com/how-educational-institutions-mitigate-cybersecurity-threats-in-education/
[5]	Campbell, S. (2017) Cybersecurity in Higher Education: Problems and Solutions. https://www.toptal.com/insights/innovation/cybersecurity-in-higher-education
[6]	Choo, K.-K.R., Takakura, H., Lee, R. and Lee, K.T. (2023) Cybersecurity in the Higher Education Sector: Challenges, Solutions and Best Practices. Organ-izational Cybersecurity Journal, 26, 2-9.
[7]	CAK (2022) Cybersecurity Qua-tery Report.
[8]	Wanjau, M. (2020) The State of Cybercrime in the ICT Sec-tor.
[9]	Palmer, D. (2022) Ransomware Attacks Are Hitting Universities Hard, and They Are Feeling the Pres-sure.https://www.zdnet.com/article/ransomware-attacks-are-hitting-universities-hard-and-they-are-feeling-the-pressure/
[10]	Teng’o, S. (2017) Cyber Se-curity: Rise of the Student Hacker. https://www.standardmedia.co.ke/ureport/article/2001239325/cyber-security-rise-of-the-student-hacker
[11]	Aineah, A. (2018) Clueless Varsities Re-warding Hackers with Top Grades. https://www.standardmedia.co.ke/article/2001268939/why-research-puts-kenyan-students-fourth-on-list-of-top
[12]	Matara, E. (2023) Kabarak University Recovers Hacked Facebook Account.
[13]	Nayak, U. and Rao, U.H. (2014) The InfoSec Handbook: An Introduction to Information Security. Apress.
[14]	Minnaar, A. and Herbig, F.J. (2022) Cyberattacks and the Cyber-crime Threat of Ransomware to Hospitals and Healthcare Services during the COVID-19.
[15]	European Economic and Social Committee (2018) Cybersecu-rity: Ensuring Awareness and Resilience of the Private Sector Across Europe in Face of Mounting Cyber Risks Study. https://www.eesc.europa.eu/en/our-work/publications-other-work/publications/cybersecurity-ensuring-awareness-and-resilience-private-sector-across-europe-face-mounting-cyber-risks-study#:~:text=Share4-,Cybersecurity%3A%20Ensuring%20awareness%20and%20resili
[16]	Jaccard, J.J. and Nepal, S. (2014) A Survey of Emerging Threats in Cybersecurity. Journal of Computer and System Sciences, 80, 973-993.
[17]	World Economic Forum (2022) Global Cybersecurity Outlook 2022.
[18]	Chapman, J. (2022) Latest Cyber Impact Report Underlines Ransomware as a Huge Threat, but Financial Cost of Attacks Is Still Unclear. https://www.jisc.ac.uk/blog/latest-cyber-impact-report-underlines-ransomware-as-a-huge-threat-20-apr-2022#
[19]	Koziol, J., Watts, R. and Bottorff, C. (2023) Most Common Cyber Security Threats.https://www.forbes.com/advisor/business/common-cyber-security-threats/
[20]	Blackfog (2022) The New Standard in Cybersecurity.
[21]	Andress, J. (2014) The Basics of Information Security: Understanding the Fundamentals of InfoSec in Theory and Practice. 2nd Edition, Syngress.
[22]	Wang, Z.G., Zhu, H.S., Liu, P.P. and Sun, L.M. (2021) Social Engineering in Cybersecurity: A Do-main Ontology and Knowledge Graph Application Examples. Cybersecurity, 4, Article No. 31.
[23]	Aubly, C., Bowen, E. and Frank, W. (2021) Cyber AI: Real Defense. https://www.deloitte.com/global/en/our-thinking/insights/topics/technology-manage-ment/tech-trends/2022/future-of-cybersecurity-and-ai.html
[24]	Kaspersky (2021) What is Cloud Securi-ty?https://www.kaspersky.com/resource-center/definitions/what-is-cloud-security
[25]	IBM (2021) 2021 IBM Security X-Force Cloud Threat Landscape Re-port.
[26]	USA Government (2022) Stop Ransomware. https://www.cisa.gov/stopransomware
[27]	KPMG (2022) Cyber Security Considerations 2022: Trust through Security.
[28]	Akali, H. (2002) Zero Trust Architecture: Adoption, Benefits, and Best Practices. https://www.cyberdefensemagazine.com/zero-trust-architecture-2/
[29]	Na-tional Institute of Standards and Technology (2020) Zero Trust Architecture NIST Special Publication 800-207.
[30]	Kay, A., Hutcherson, C., Keene, C., Zhang, X. and Terwillig, M. (2021) How Financial Institutions Address Cyber-security Threats: A Critical Analysis. Issues in Information Systems, 22, 63-74.
[31]	Vijayalakshm, B. and Sailaja, M. (2016) A Study on Contemporary Challenges and Opportunities of Retail Banking in India. Global Journal of Fi-nance and Management, 8, 131-141.
[32]	Modgil, S., Dwivedi, Y.K., Rana, N.P., Gupta, S. and Kamble, S. (2022) Has Covid-19 Accelerated Opportunities for Digital Entrepreneurship? An Indian Perspective. Technological Forecasting and Social Change, 175, Article 121415. https://doi.org/10.1016/j.techfore.2021.121415
[33]	Cloudflare (2023) What is Anonymous Sudan?
[34]	Lang, M.A. and Connolly, L.Y. (2021) Man-aging the Cybersecurity Risks of Teleworking in the Post-Pandemic “New Nor-mal”.
[35]	Engel, B. (2020) The History of the Internet and the Colleges That Built It.https://edtechmagazine.com/higher/article/2013/11/history-internet-and-colleges-built-it
[36]	Alawida, M., Omolara, A.E., Abiodun, O.I. and Al-Rajab, M. (2022) A Deeper Look into Cybersecurity Issues in the Wake of Covid-19: A Survey. Journal of King Saud University: Computer and Information Sciences, 34, 8176-8206. https://doi.org/10.1016/j.jksuci.2022.08.003
[37]	Jideani, P., Leenen, L., Alexander, B. and Barnes, J. (2018) Towards an Electronic Retail Cybersecurity Framework. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, Durban, 06-07 August 2018, 1-6. https://doi.org/10.1109/icabcd.2018.8465428
[38]	Onapsis (2022) ERP Security: The Reality of Business Critical Application Protec-tion.
[39]	Nasongo, N. (2021) Expert Decries Increase in Cyber Attacks during Covid-19.
[40]	Law, K. (2019) Denis Wahome Muriithi v Kenyatta University [2021] eKLR. http://kenyalaw.org/caselaw/cases/view/215634
[41]	Kitheka, P. (2013) Information Security Management System in Public Universities in Kenya: A Gap Analysis between Common Practices and Industrial Best Practic-es.
[42]	Dillon, R., Lothian, P., Grewal, S. and Pereira, D. (2021) Cyber Security: Evolving Threats in an Ever-Changing World. In: Adrian, T.H. and Kuah, R.D., Eds., Digital Transformation in a Post-Covid World: Sustainable Innovation, Disruption and Change, CRC Press, 129-154. https://doi.org/10.1201/9781003148715-7
[43]	ISO/IEC (2022) Infor-mation Security, Cybersecurity and Privacy Protection— Information Security Controls.
[44]	Fontes, E.L.G. and Balloni, A.J. (2007) Security in Information Systems: Sociotechnical Aspects. Innovation and Advanced Techniques in Computer and Information Science and Engineering, 2007, 163-166.
[45]	Denyer, D. and Tranfied, D. (2009) Producing a Systematic Re-view. In: Buchanan, D.A. and Bryman, A., Eds., The Sage Handbook of Organiza-tional Research Methods, Sage Publications, 671-689.

Full-Text

comments powered by Disqus

Contact Us

service@oalib.com

QQ:3279437679

WhatsApp +8615387084133