An Implementation Framework For Effective Information Security Control Systems In Tveti In Nairobi County Kenya

Abstract

Information security control system involves all the activities which are used in directing and controlling all the security control operations maintaining security of data in the technical institutions. The effective data control system in education has the potential to enhance the quality of information and data, the research productivity of staff, students and effectiveness of institutions. Private and public colleges have adopted measures in the area of information security; this has been done through use of recommended standards and guidelines that have been put in place to ensure that security is enhanced for effective Information Security Control Systems. The difficulties facing Technical, Vocational and Education Training Institutes mainly is how they can protect and manage their information control systems effectively that support teaching, learning and research activities. This thesis sought to develop an implementation framework for effective information security control systems in private and public Technical, Vocational and Education Training institutes (TVETI) in Nairobi County. The study sought to determine the effects of security policies, impact of security awareness, information security access methods and information security environment practices as the objectives of the research for effective information security control systems in private and public colleges in Nairobi County. The study targeted a population of 714 security Experts of information security in private and public colleges in Nairobi County with a sample size of 216 ICT security Experts respondents. Questionnaires were used for collecting data; both qualitative and quantitative research designs were used. Data collection and analysis depend upon; the study suggested a framework that is required to give a full implementation model for increasing the level of agreement amongst end-users, with the purpose of checking, measuring and evaluating to users’ behavior with data security policy. The proposed method depends upon on two crucial ideas: taxonomy of the response plan to non-agreeable behavior, and a agreeable points system. The response taxonomy is consisted of two groups: awareness increment and data security policy enforcement. The agreeable points system is used to reward agreeable behavior, and punish non-agreeable behavior. This study concluded that there are many security threats and gaps in these institutions information security control practices adopted in private and public colleges in Nairobi County. The study recommended that the private and public colleges need to come up with security policies and adapt the proposed implementation framework to boast the safety and effectiveness of their information security control systems. Understanding the factors influencing effective information security control systems in teaching in private and public colleges was important as it would provide the entire education institutions with information regarding the adaption of effective information security control systems in public and private colleges in Nairobi County. This research is to help information security practitioners to come up with new security practices so as to have security of their systems by adapting the recommended security measures and security access controls methods. This would help to improve information security control systems by eliminating several security breaches and gaps in information security management in private and public colleges in Nairobi County.