Defensive Cybersecurity Preparedness Assessment Model for Universities

Authors

  • William Kipkoech Too Academic

Keywords:

Fiber, Cybersecurity, cyber-attack, preparedness

Abstract

Broadband and internet access has become readily available to citizens across the globe as a result the recent uptake of fiber connectivity. General Cyber Security threats like malware attacks, social engineering scams and financial frauds have increased. Though numerous security models have been advanced by NIST and ISO standards, but the frightening truth is that escalating cyber-attacks are still on the rise. This is because most existing security analysis tools focus mainly on detecting attacks. Despite the steady flow of security updates and patches, this scenario has led to a continued rise of attack surface in institutions of higher learning where students and staff sensitive information and valuable assets is of high stake. Therefore, the purpose of this study is to establish the factors for effective defensive cyber security in Universities. The study utilized a survey method to collect data from cyber security experts of the sampled universities. The study targeted 27 respondents (ICT experts) from 5 universities both public and private that were purposively sampled in Kenya. 23 questionnaires were returned translating to 85% response rate. This was very sufficient for the study. Correlation analysis was carried and the findings indicated a statistically significant relationship for human factors (87.7%), technology factors (83.5%), and policy factors (83.2%) on defensive cyber security preparedness. Multiple linear regression was also done to predict the extent of the effect of each independent variable on defensive cyber security preparedness. In conclusion, the study noted that, all the three cyber security factors were significant hence there was a need to enhance them so as to improve security against the advancing threat landscape across all sectors especially institutions of higher learning like universities.

References

. GTAG. (2016). Assessing cybersecurity risk. Retrieved from https://www.aicpa.org/content/ dam/aicpa/interestareas/frc/assuranceadvisoryservices/downloadabledocuments/cybersecurity/gtag-assessing-cybersecurity-risk.

. Ministry of ICT, (2014). National Cybersecurity Strategy

. Ministry of Education, (2014). University Education and Research.

. Shahmoradi, L., Changizi, V., Mehraeen, E., Bashiri, A., Jannat, B., & Hosseini, M. (2018). The challenges of E-learning system: Higher educational institutions perspective. Journal of Education and Health Promotion, 7. https://doi.org/10.4103/jehp.jehp_39_18

. Biddle, S. (2017, December 13). Three of the Biggest Cybersecurity Challenges Facing the Education Sector. Retrieved March 28, 2019, from Fortinet Blog website: https:/ /www.fortinet.com/blog/business-and-technology/three-of-the-biggest-cybersecurity-challenges-facing-the-education-sector.html

. Update, T. P. (2017). Reimagining the Role of Technology in Education?:, (January).

. Beniwal, S. (2015). Ethical Hacking: A Security Technique. International Journal of Advanced Research in Computer Science and Software Engineering

. Neaimi, A. Al, Ranginya, T., & Lutaaya, P. (2015). A Framework for Effectiveness of Cyber Security Defenses , a case of the United Arab Emirates ( UAE ). 4(1), 290–301.

. Kigen, P. M., Muchai, C., Kimani, K., Mwangi, M., Shiyayo, B., Ndegwa, D., ... & Shitanda, S. (2015). Kenya Cyber Security Report 2015. Serianu Limited

. Messer, A., & Medairy, B. (2018). The Future of Cyber Defense... Going on the Offensive.

. Salcito, A. (2018). The growing role of education as the engine of economic change makes the work happening to transform our schools and classrooms fundamental to global progress.

. NCSC, (2019). The cyber threat to Universities. Published 18th September 2019

. Aineah, A. (2018). Why research puts Kenyan students fourth on list of top hackers in Africa. Retrieved February 19, 2019, from The Standard website: https://www.standard media.co.ke/article/2001268939/why-research-puts-kenyan-students-fourth-on-list-of-top-hackers-in-africa

. Universities Uk. (2013). Cyber security and universities: managing the risk.

. Van den Hoven, J., Blaauw, M., Pieters, W., & Warnier, M. (2018). Privacy and Information Technology. In E. N. Zalta (Edition.), The Stanford Encyclopedia of Philosophy (Summer 2018). Retrieved from https://plato.stanford.edu/archives/sum2018/entries/it-privacy/

. Harwich, E., & Lasko-Skinner, R. (2018). Making NHS data work for everyone.

. Agrafiotis, I., Nurse, J. R. C., Goldsmith, M., Creese, S., & Upton, D. (2018). A taxonomy of cyber-harms: Defining the impacts of cyber-attacks and understanding how they propagate. Journal of Cybersecurity, 4(1). https://doi.org/10.1093/cybsec/tyy006

. Bradley, T. (2019). The Secret to Comprehensive, Scalable and Effective Cybersecurity. Retrieved March 28, 2019, from Forbes website: https://www.forbes.com/sites/ tonybradley/2019/02/11/the-secret-to-comprehensive-scalable-and-effective-cybersecurity/

. Quade, P. (2018, February 19). You can’t protect what you can’t see. Retrieved June 3, 2019, from CSO Online website: https://www.csoonline.com/article/3256211/you-cant-protect-what-you-cant-see.html

. Abomhara, M., & Koien, G. M. (2015). Cyber Security and the Internet of Things: Vulnerabilities, Threats, Intruders and Attacks. Journal of Cyber Security and Mobility, 4(1), 65–88. https://doi.org/10.13052/jcsm2245-1439.414

. Walker, J. (2015, June 29). Top 5 benefits of containerization. Retrieved June 3, 2019, from Monitis Blog website: https://www.monitis.com/blog/top-5-benefits-of-containerization/

. Zimmerman, C. (2014). Ten Strategies of a World-Class Cybersecurity Operations Center.

. NSA, (2018). Top10 cybersecurity mitigation strategies.

. Bodeau, D., & Graubart, R. (2016). Cyber Prep 2.0: Motivating Organizational Cyber Strategies in Terms. (15), 12

. Cui, A. (2018). N-Days: The Overlooked Cyber Threat for Utilities | Energy Central. Retrieved June 7, 2019, from https://www.energycentral.com/c/iu/n-days-overlooked-cyber-threat-utilities

. Schiff, J. L. (2016, November 7). 7 ways to protect your ecommerce site from fraud, hacking and copycats. Retrieved June 3, 2019, from CIO website: https://www.cio.com/article/ 3137222/7-ways-to-protect-your-ecommerce-site-from-fraud-hacking-and-copycats.html

. Richard Hoesl, C. (2017). Capability Framework for Privileged Access Management. Retrieved from https://www.isaca.org/Journal/archives/2017/Volume-1/Pages/capability-framework-for-privileged-access-management.aspx

. Sedgewick, A., Souppaya, M. P., & Scarfone, K. A. (2015). Guide to Application Whitelisting (No. NIST SP 800-167; p. NIST SP 800-167). https://doi.org/10.6028/NIST.SP.800-167

. Otaishan, K. (2018). Exercising IT Disaster Recovery Plans - Disaster Recovery Journal. Retrieved June 7, 2019, from https://www.drj.com/journal/winter-2018-volume-31-issue-4/exercising-it-disaster-recovery-plans.html

. Hosburge, M. (2017). Offensive-intrusion-analysis-uncovering-insiders-threat-hunting-active-defense-128770. Retrieved from https://pen-testing.sans.org/resources/papers/gcih/ offensive-intrusion-analysis-uncovering-insiders-threat-hunting-active-defense-128770

. NSA, (2017). Ctr-Uefi Defensive Practices Guidance. Retrieved from https://www.nsa.gov /Portals /70/documents/what-we-do/cybersecurity/professional-resources/ctr-uefi-defensive-practices-guidance.

. Ani, U. D., He, H. (Mary), & Tiwari, A. (2017). Review of cybersecurity issues in industrial critical infrastructure: manufacturing in perspective. Journal of Cyber Security Technology, 1(1), 32–74. https://doi.org/10.1080/23742917.2016.1252211

. Stouffer, K., Pillitteri, V., Lightman, S., Abrams, M., & Hahn, A. (2015). Guide to Industrial Control Systems (ICS) Security (No. NIST SP 800-82r2; p. NIST SP 800-82r2). https://doi.org/10.6028/NIST.SP.800-82r2

. US-CERT. (2018). Using Rigorous Credential Control to Mitigate Trusted Network Exploitation .Retrieved June 9, 2019, from https://www.us-cert.gov/ncas/alerts/TA18-276A

. Houser, B. M. (2016). A model for real-time data reputation via cyber telemetry.

. Vaynbergh, B. (2019). Securing the NSA Way. Retrieved June 9, 2019, from https://www.mimecast.com/blog/2019/05/securing-the-nsa-way/

. NIST, CI. (2017). Special Publication 800-63B. Retrieved June 9, 2019, from /sp800-63b.html

. Cooper, R. & Schindler, P. (2003). Business Research Methods. Boston: McGraw-Hill.

. Gay, L. R, Mills, G E., & Airrasian, P. (2009). Educational research: competencies for analysis and applications. London: Pearson Education.

. Mugenda, A., & Mugenda, O. (2013). Research methods: Quantitative and qualitative approaches. Nairobi: ACTS Press.

. Creswell, John W. (2009). Research design: qualitative, quantitative and mixed methods approaches. 3rd Edition. Los Angeles: Sage Publications

. Sauders, M, Lewis, P and Thornhill A. (2003). Research Methods for Business student. England: Pearson Education

Downloads

Published

2025-04-07

How to Cite

William Kipkoech Too. (2025). Defensive Cybersecurity Preparedness Assessment Model for Universities. International Journal of Computer (IJC), 54(1), 1–20. Retrieved from https://ijcjournal.org/index.php/InternationalJournalOfComputer/article/view/2359

Issue

Vol. 54 No. 1 (2025)

Section

Articles

License

Copyright (c) 2025 William Kipkoech Too

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.

Authors who submit papers with this journal agree to the following terms