The Security Mechanisms Put in Place against Insider Information Systems Security Threat in Public Universities in Kenya

Abstract

insiders are the people with legal access to the information and pauses a challenge to the security of the information systems. Public universities are facing serious insider security threats with several incidents being reported in internal security reports. The paper seeks to look at the current mechanism that public universities in Kenya have put in place when it comes to insider security threats. The objective was to examine the current mechanisms that the university has put in place to control insider security threats. Since it is evident that public universities have experienced insider security breaches, it is essential to establish the measures in place in dealing with the insider threats. Some of the issues that insiders pause for an organization is compromise the system security through misusing the resources they have been assigned to accomplish their roles in the university. There are models that have been presented to help organization protect itself against insider security attacks. The models presented are categorized as predictive, intent-driven threats models and domain-oriented model. However, public universities in Kenya are not using the models presented in prevention and prediction. They have the conventional access control using username and password which do not prevent insiders as they have legal access to the systems. They have implemented systems in place for external security threats but minimal control of the insider security threats. The study proposes a model that was modified to suit the public university environment and can be used for security threats prediction for the insiders. All the abstract elements must be included: