dc.description.abstract | Dependence on information systems (IS) is growing at a very high rate; this is
encouraged by business competitiveness. Though the growth is health literature reveals
that, there are security threats accompanying this.
The main objective of this study was to assess factors affecting information systems
security and propose a framework to assess the same, the study was guided by specific
objectives which were; to establish the effect of top management support on IS security
effectiveness; to find out the extent to which security policy influence IS security
effectiveness; to investigate how use training and awareness influence IS security
effectiveness and to propose a generic framework to assess information systems security
in University of Nairobi.
The target population was all administrative staff of University of Nairobi. The study
used descriptive research design and randomized sampling. Primary data was collected
by structured questionnaire from 120 University of Nairobi administrative staff.
The data was coded, entered and analyzed using the Statistical Package for Social
Sciences (SPSS).
Results of regression analysis of all the independent variables against dependent variable
established that that coefficient of determination R2 equals 0.843, that is, security policy,
Top management support, Users training and Organizational culture, leaving only 15.7
percent unexplained. The P- value of 0.000 (Less than 0.05) implies that the model of IS
security effectiveness is significant at the 5 percent significance, this indicate that a well
formulated and communicated ICT security policy, top management support of IS
security related matters, training and awareness creation and Organizational culture
strongly influences the effectiveness of IS security.
Further we recommend that the management of the University should ensure that IS
security policy are formulated, communicated and regularly updated. Top management of
the University should fully involve in the implementation of the policy, procuring of ICT
related assets, and engagement of staff handling ICT security issues. And that the
University should create a programme for capacity building that ensures that all IS users
are regularly trained on matters related to IS security. | en_US |