The rapid adoption of enterprise resource planning (ERP), the necessity for remote access to information systems, and the swift development of digital technologies like IoT and cloud computing have increased cyberattacks on organizations, including universities. Despite not being as heavily targeted as major industries, universities have become more vulnerable due to open ERP systems, insufficient cybersecurity investment, and limited cyber expertise. This study aimed to enhance cybersecurity in Kenyan universities by identifying cybersecurity threats, assessing existing controls, and proposing a cybersecurity framework aligned with the ISO/IEC 27001:2022 standard. A descriptive survey method was used to gather quantitative data, employing Design Science Research Methodology (DSRM) for Information Systems research. The target population comprised 60 chartered Kenyan universities, divided into public and private categories. Purposive sampling selected respondents from each sampled university, while simple random sampling chose universities from each cluster. Out of 48 questionnaires distributed via Google Forms, 45 were returned, yielding a 93.75% response rate. Statistical tools such as frequency, percentages, mean, and standard deviation were used for data analysis, with results presented in tables and figures. Findings revealed that most universities had experienced cyberattacks and faced significant cybersecurity threats. Furthermore, many universities lacked adequate cybersecurity policies and controls, including organizational, human, physical, and technological measures. The proposed cybersecurity framework was evaluated and deemed suitable for mitigating cybersecurity risks in Kenyan universities. The study recommended conducting comparative studies between Kenyan universities and institutions in other countries to identify and adapt best practices to the Kenyan context.
Loading....