Information Systems Security Risk Management (ISSRM) Model in Kenyan Private Chartered Universities (Published)
This paper proposes a risk management model that can allow universities implement secure information systems. Specifically the paper appraises IS security in the universities and their requirements with a focus on how IS security risks can be managed. The appraisal assisted the researchers to understand the effectiveness of information security management in institutions of higher learning in Kenya. From the survey we carried out, it’s clear that the universities face serious IS security challenges. Based on the issues identified as affecting information security management and the role they play to ensure secure systems at the universities, we propose recommendations to improvements in information security management in institutions of higher learning. This paper proposes an encompassing model to organize specific aspects of ISSRM as per the ISO/IEC 27001:2013 standard and structures this model by borrowing from the STOPE (Strategy, Technology, Organization, People, Environment) view of information systems security risk management.
Keywords: ISO/IEC 27001:2013, Information systems security, Private Universities, risk management model