An Information Security Analysis of a University: The Case of a Ghanaian University

An Information Security Analysis of a University: The Case of a Ghanaian University

Information Systems in Universities are set up to address several requirements, ranging from openness, flexibility, scalability and performance to security and privacy as well as support the key role of teaching, learning and research. This paper analyses the information system environment of a Ghanaian university and discusses the state of information security. It discusses the short falls, and some improvements that may assuage the identified risks. This is a descriptive research informed by a pragmatist viewpoint. The study focused on technical and non-technical staff of the university. In all, 180 respondents were stratified into technical and non-technical users. The results indicated that respondents viewed confidentiality as the most important information security objective followed by integrity and availability. The university assets that respondents viewed as most valuable were students records and research data as compared to computers and mobile devices. Respondents also indicated that they experienced malware attacks frequently with very few experiencing unauthorised change of information on systems. It is recommended that there should be regular training programs to create awareness on cyber security threats among stakeholders especially within a typical BYOD Bring Your Own Device environment such as a university. In addition, security policies on antiviruses should be developed, implemented and enforced to ensure protection of sensitive data.

___

  • [1] C. E. Harris and L. R. Hammargren, "Establishing a Written Information Security Program to address exposure," Professional Media Group, Trumbull, 2016.
  • [2] AT&T, "Security for Higher Education," AT&T, Dallas TX, 2009.
  • [3] C. Holman, D. N. Harrison, and A. Swann, Creating a Culture of Security: The Coca Cola Company, 2011.
  • [4] T. Kayworth and D. Whitten, "Effective Information Security Requires a Balance of Social and Technology Factors," MIS Quarterly Executive, vol. 9, pp. 165-175, September 2010.
  • [5] ISACA, "An Introduction to the Business Model for information Security," ISACA, Rolling Meadows, USA, 2009.
  • [6] S. D. Franklin, "Information Technology Managing Information Assets " University of California, California, 2011.
  • [7] British Standards Institution, "Information TechnologySecurity Techniques-Code of Practice for Information Security Management " vol. BS/IEC 17799, ed: British Standards Institution, 2005.
  • [8] G. L. Orgill, G. W. Romney, M. G. Bailey, and P. M. Orgill, "The urgency for effective user privacy-education to counter social engineering attacks on secure computer systems " presented at the 5th conference on Information technology education Salt Lake City, UT, USA, pp. 177- 181, 28-30 October 2004.
  • [9] M. E. Whitman and H. J. Mattord, Principles of Information Security, Fourth Edition ed.: Course Technology, 2012.
  • [10] C. W. Flink, "Weakest Link in Information System Security," presented at the Workshop for Application of Engineering Principles to System Security Design, Boston, Massachusetts, pp. 61-68, 6-8 November 2002.
  • [11] P. Shamala, R. Ahmada, and M. Yusoff, "A conceptual framework of info structure for information security risk assessment (ISRA)," Journal of Information Security and Applications, vol. 18, pp. 45- 52, September 2013.
  • [12] B. Schneier, Beyond Fear. USA: Copernicum Books, 2006.
  • [13] A. Alkalbani, H. Deng, and B. Kam, "A Conceptual Framework for Information Security in Public Organizations for E-Government Development," presented at the Australasian Conference on Information Systems, Auckland, pp. 1-11, 8-10 December 2014.
  • [14] J. Wolff, "Can Campus Networks Ever Be Secure?," The Atlantic Monthly Group, 2015.
  • [15] The National Archives, "Identifying Information Assets and Business Requirements," Open Government Licence, London, 2017.
  • [16] Universities UK, "Cyber security and universities: managing the risk," Universities UK2013.
  • [17] D. D. Clark and D. R. Wilson, "A Comparison of Military and Commercial Computer Security Policies," in IEEE Symposium on Computer Security and Privacy, Oakland California, pp.184-194, 27-29 April 1987.
  • [18] University of Wisconsin, "Information Asset Classification," University of Wisconsin, Whitewater, 2017.
  • [19] University of Southern Queensland, "Information Asset and Security Classification Procedure," University of Southern Queensland, Toowoomba, 2014.
  • [20] A. Ibrahim, "Lack of funding, a threat to quality tertiary education - Outgoing KNUST Vice-Chancellor," in myjoyonline.com, ed. Accra: Multimedia group, 2016.
  • [21] R. C. Abaidoo, "The Future of Postgraduate Education and Training in Ghana " presented at the National Summit on Tertiary Education In Ghana, Accra, pp. 2-4 November 2016.
  • [22] K. Adu, "Funding of Tertiary Institutions in the Era of Global Economic Challenges," presented at the KNUST Summer School, Kumasi, 2015.
  • [23] D. Debrah, "Financing Higher Education: Challenges for Students at the University of Ghana," Master of Philosophy, Institute for Educational Research, Faculty of Education, University of Oslo, Oslo, 2008.
  • [24] S. Isahaku, "An Analysis of Dominant and Alternative Approaches to Education Reform in SubSaharan Africa: the case of Ghana," Doctor of Philosophy, Department of Education, Faculty of Social Sciences and Technology Management, Norwegian University of Science and Technology, Trondheim, 2009.
  • [25] Ghana News Agency, "Teachers Criticise Government For Delayed Subventions," Peace fm, Accra, 2013.
  • [26] Ernst and Young, "Bring your own device: Security and risk considerations for your mobile device program," Ernst and Young, 2013.
  • [27] A. Gonsalves, "With universities under attack, security experts talk best defenses," CSO, 2013.
  • [28] J. Gramage, "Just in Time Research: Data Breaches in Higher Education," EDUCAUSE Louisville, USA.2014.
  • [29] J. Bolkan, "Education Data Breaches Double in First Half of 2017," Campus Technology, Chatsworth, 2017.
  • [30] S. E. Chang and C. B. Ho, "Organizational factors to the effectiveness of implementing information security management," Industrial Management & Data Systems, vol. Vol. 106, pp. pp. 345-361, 2006.
  • [31] M. Suter, "Information security surveys as instrument of risk analysis " European CIIP Newsletter, vol. 2, pp. 22-24, 2006.

___

IEEE E. K. Kwaa-aidoo ve M. Agbeko , "An Information Security Analysis of a University: The Case of a Ghanaian University", , c. 7, sayı. 2, ss. 90-99, Haz. 2018