Factors affecting information systems security effectiveness in University Of Nairobi

Abstract

Dependence on information systems (IS) is growing at a very high rate; this is encouraged by business competitiveness. Though the growth is health literature reveals that, there are security threats accompanying this. The main objective of this study was to assess factors affecting information systems security and propose a framework to assess the same, the study was guided by specific objectives which were; to establish the effect of top management support on IS security effectiveness; to find out the extent to which security policy influence IS security effectiveness; to investigate how use training and awareness influence IS security effectiveness and to propose a generic framework to assess information systems security in University of Nairobi. The target population was all administrative staff of University of Nairobi. The study used descriptive research design and randomized sampling. Primary data was collected by structured questionnaire from 120 University of Nairobi administrative staff. The data was coded, entered and analyzed using the Statistical Package for Social Sciences (SPSS). Results of regression analysis of all the independent variables against dependent variable established that that coefficient of determination R2 equals 0.843, that is, security policy, Top management support, Users training and Organizational culture, leaving only 15.7 percent unexplained. The P- value of 0.000 (Less than 0.05) implies that the model of IS security effectiveness is significant at the 5 percent significance, this indicate that a well formulated and communicated ICT security policy, top management support of IS security related matters, training and awareness creation and Organizational culture strongly influences the effectiveness of IS security. Further we recommend that the management of the University should ensure that IS security policy are formulated, communicated and regularly updated. Top management of the University should fully involve in the implementation of the policy, procuring of ICT related assets, and engagement of staff handling ICT security issues. And that the University should create a programme for capacity building that ensures that all IS users are regularly trained on matters related to IS security.