Abstract:
Insiders are the people with legal access to the information and pauses a challenge to the
security of the information systems. The insiders may compromise the system security
through misusing the resources they have been assigned to accomplish their roles in the
university. The study objectives were to establish information systems security insider
threats in selected public universities in Kenya; evaluate insider system security
mechanism in place in selected public universities in Kenya and update an insider system
security attack prediction model for insider security threats. Two public universities were
selected for data collection where information system users and information systems
experts were targeted in a quantitative research approach. Questionnaires were used as
research instruments in data collection. The study established that there were insider
security threats in selected public universities with 55% of the respondents stating they
had been aware of such incidents in their working stations. There were several reasons
that were pointed out as motivators for insiders to initiate attacks. Financial gain,
disgruntlement, revenge, attention seeking, not rewarded, lack of promotion and
espionage were found to be motivators of insider attackers. The leading causes of insider
threats were also explored where weak policy, and lack of implementation of the policies
being the key causes of insider security threats. The study recommends a predictive
model for predicting the insider attacks was realized out of the need for a precise and
better prediction model where different components of the insider threat issue could be
easily understood and implemented. There were several elements that the model
proposed. The elements represent four areas; the motivator henceforth referred to as
catalyst, actor characteristics (those of the potential insider threat), attack characteristics
and the institution characteristics.
