Abstract:
insiders are the people with legal access to the information and pauses a challenge to the security of the information
systems. Public universities are facing serious insider security threats with several incidents being reported in internal
security reports. The paper seeks to look at the current mechanism that public universities in Kenya have put in place
when it comes to insider security threats. The objective was to examine the current mechanisms that the university has
put in place to control insider security threats. Since it is evident that public universities have experienced insider
security breaches, it is essential to establish the measures in place in dealing with the insider threats. Some of the issues
that insiders pause for an organization is compromise the system security through misusing the resources they have been
assigned to accomplish their roles in the university. There are models that have been presented to help organization
protect itself against insider security attacks. The models presented are categorized as predictive, intent-driven threats
models and domain-oriented model. However, public universities in Kenya are not using the models presented in
prevention and prediction. They have the conventional access control using username and password which do not
prevent insiders as they have legal access to the systems. They have implemented systems in place for external security
threats but minimal control of the insider security threats. The study proposes a model that was modified to suit the
public university environment and can be used for security threats prediction for the insiders.
All the abstract elements must be included:
