INFORMATION SYSTEM SECURITY CONTROLS AND DATA SECURITY IN UNIVERSITIES IN KENYA. A CASE OF KIRIRI WOMEN’S UNIVERSITY OF SCIENCE AND TECHNOLOGY

Academic Information Systems Prodi UNIKOM Information System is the primary system used in the Information Systems Prodi process data and information about lectures and students. But in this system still found a lack of control of physical and logical security. To find out how your system security in organizations, information systems need security audit to determine whether security information is in accordance with the security procedures of management. Standardization used here is ISO 27001, this standards have been an international standards organization that is structured on the management of information security systems. Implementation of academic information system security audit is done by using the Audit Checklist ISO 27001: 2005. Audit results found security controls are still less well as the roles and responsibilities of employee safety, physical protection from disasters and power failures, data validation, and data backup are less regular. So the academic information system security controls is still need to be repairs in accordance with the recommendation.

Download Full-text

A Method of Assessing Information System Security Controls

Information Security and Ethics ◽

10.4018/978-1-59904-937-3.ch138 ◽

2008 ◽

pp. 2059-2074

Author(s):

Malcolm R. Pattinson

Keyword(s):

Information System ◽

Goal Attainment ◽

System Security ◽

The State ◽

Evaluation Tool ◽

Major Purpose ◽

Information System Security ◽

Self Evaluation ◽

Security Controls ◽

Security Standard

This chapter introduces a method of assessing the state of an organization’s information system security by evaluating the effectiveness of the various IS controls that are in place. It describes how the Goal Attainment Scaling (GAS) methodology (Kiresuk, Smith & Cardillo, 1994) was used within a South Australian Government Agency and summarises the results of this research. The major purpose of this research was to investigate whether the GAS methodology is a feasible method of assessing the state of security of an organization’s information systems. Additional objectives of this research were to determine the suitability of the GAS methodology as a self-evaluation tool and its usefulness in determining the extent of compliance with a mandated IS security standard.

Download Full-text

A Method of Assessing Information System Security Controls

Information Security and Ethics ◽

10.4018/978-1-59140-286-7.ch011 ◽

2011 ◽

pp. 214-237

Author(s):

Malcolm R. Pattinson

Keyword(s):

Information System ◽

Goal Attainment ◽

System Security ◽

The State ◽

Evaluation Tool ◽

Major Purpose ◽

Information System Security ◽

Self Evaluation ◽

Security Controls ◽

Security Standard

This chapter introduces a method of assessing the state of an organization’s information system security by evaluating the effectiveness of the various IS controls that are in place. It describes how the Goal Attainment Scaling (GAS) methodology (Kiresuk, Smith & Cardillo, 1994) was used within a South Australian Government Agency and summarizes the results of this research. The major purpose of this research was to investigate whether the GAS methodology is a feasible method of assessing the state of security of an organization’s information systems. Additional objectives of this research were to determine the suitability of the GAS methodology as a self-evaluation tool and its usefulness in determining the extent of compliance with a mandated IS security standard.

Download Full-text