| dc.description.abstract | There has been rapid expansion of university education in Kenya. This has been a spontaneous response to the increasing demand for higher education necessitated by the increasing flow of students from the many secondary schools. In order to improve service delivery in these institutions, the government of Kenya has categorized its public universities as government parastatals, just like many other important, formerly, government departments. In line with this requirement, most of the public universities have adopted a computerization of their services in an unprecedented manner. Such automation often comes with new ways of exposure to frauds, which may in turn indent the corporate image of these institutions. The purpose of this study was to establish the challenges the universities encounter in adopting and/or implementing information security policies. The study also aimed to develop an appropriate information systems security framework and assess the compliance levels for the universities in accordance to the developed frame work. The methodology used in this study involved analyzing the existing information systems security frameworks, adopting a “minimum level” security requirements for the public universities and designing a suitable information systems security framework for the universities. The methods used in the field survey included internet survey, documents review and use of questionnaire. The main finding from this study was that most universities have not developed information security frame works for their information security and reasons include lack of senior management support, lack of awareness and understanding and also technology deficiencies. Key contributions of the study include a suitable information systems security framework, identification of challenges the universities are facing in adoption and implementation of security policies. The study concludes that there is no information security policy in most public universities in Kenya and the universities need to come up with security policies which will ensure safety of their information. | en_US |
