International Journal of Wireless Communications and Mobile Computing

| Peer-Reviewed |

Information Security Mechanisms and ICT Policy in Practice: A Case of the University of Namibia

Received: Oct. 26, 2021    Accepted: Nov. 22, 2021    Published: Dec. 29, 2021
Views:       Downloads:

Share

Abstract

As new technologies emerge in the next generation of wireless communication systems so the continued rise of cyber threats and attacks in higher education institutions. In the wake of COVID-19, however, institutions of higher learning increasingly searched for alternative ways to deliver remote education. Hence, planning for cyber security became a priority and not an option due to the new level of vulnerability posed by human factors as they utilize both licensed and open-source software and wireless devices. Based on this ground, this paper discussed pertinent points on the examined ICT policy and security mechanisms as security practices and strategies implemented by the University of Namibia’s Directorate of Information & Communication Technology Services before and post the sudden shift to remote learning. It further proposed alternative strategies to curb vulnerabilities as an element of human action. Key findings show that security breaches do happen mostly due to end-user errors and not always technical issues. A qualitative research method with a random sampling technique guided the study. Virtual interviews and a survey have been used to gather data from security specialists, academics, and administrative staff. Data got analyzed in themes. It has been concluded that both people and technology are essential in information security structure. Increased awareness, training, and improved security practices are the key solutions.

DOI 10.11648/j.wcmc.20210902.11
Published in International Journal of Wireless Communications and Mobile Computing ( Volume 9, Issue 2, December 2021 )
Page(s) 7-15
Creative Commons

This is an Open Access article, distributed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits unrestricted use, distribution and reproduction in any medium or format, provided the original work is properly cited.

Copyright

Copyright © The Author(s), 2024. Published by Science Publishing Group

Keywords

Cyber Security, Security Mechanisms, ICT Policy, Information Systems

References
[1] Jahankhani, H., Kendzierskyj, S., Akhgar, B: Information Security Technologies for Controlling Pandemics (2021) DOI: https://doi.org/10.1007/978-3-030-72120-6
[2] Furnell, S, Clarke, N.: Human Aspects of Information Security and Assurance. 15th IFIP WG 11.12 International Symposium, HAISA 2021, Virtual Event, July 7–9 (2021).
[3] Shambalula, M.: Be Cyber Savvy. UNAM Computer Centre. (2019).
[4] Sai, K., Manjeese, C., Mawere, J., Denture, T., Prosper, T.: An Overview of Information Systems Security Measures in Zimbabwean Small and Medium-size Enterprises. Research Inventory: International Journal of Engineering and Science, 6 (2), 21-26 (2016).
[5] Alkandary, Y. H., Alhallaq, F. M.: Computer Security. International Journal of Advanced Research in Computer and Communication Engineering, 5 (1), 1-6 (2016).
[6] Microsoft Safety Security Center. (2014) https://www.microsoft.com/security/pc-security/firewalls-whatis.aspx, last accessed 2020/12/20.
[7] Laudon, K. C., & Laudon, J. P.: Management Information Systems: Managing the Digital Firm (14th Ed.). Essex: Pearson Education Limited (2014).
[8] Paul Lin, P.: System Security Threats and Controls. The CPA Journal, pp. 58-66 (2006).
[9] Namaya, A., Mirza, A: Understanding Awareness of Cyber Security Threats among IT Employees. International Journal of Civil Engineering and Technology, 33-35. (2018).
[10] Helkala, K., Bakas, T. H.: Extended results of Norwegian password security survey. Information Management & Computer Security, 22 (4), 346 – 357 (2014).
[11] Stallings, W.: Network Security Essentials: Applications and Standards. 4th Edition. Pearson Education, ISBN 13: 978-0-13- (2), 21-26, (2016).
[12] Sun, J., Ahluwalia, P. & Koong, K. S.: The more secure the better? A study of information security readiness. Industrial Management & Data Systems, 111 (4), pp. 570-5 (2011).
[13] CSB. Cyber Security Breaches Survey. UK: Social Research Institute. (2018).
[14] Sai, K. O., Gumbo, R., Mzikamwi, T., & Ruvinga, C.: Classification of Point of Sale information Security Threats: Case of SMEs in Zimbabwe. Research Inventory: International Journal of Engineering and Science, 5 (9), 33-36 (2015).
[15] Weidman, J., Grossklags, J.: What's In Your Policy? An Analysis of the Current State of Information Security Policies in Academic Institutions, (2018). Research Papers. 23. https://aisel.aisnet.org/ecis2018_rp/23
[16] Karyda, M. Kiountouzis, E. Kokolakis, S.: Information systems security policies: a contextual perspective, Computers & Security, Volume 24, Issue 3, pp. 246-260, (2005) https://doi.org/10.1016/j.cose.2004.08.011.
[17] Eric, C., Seth, M., Joshua, F.: Chapter 3 - Domain 3: Security engineering, Eleventh Hour CISSP® (Third Edition), Syngress, pp. 47-93, (2017). https://doi.org/10.1016/B978-0-12-811248-9 00003-6.
[18] Hadlington, L.: The human factor in cybersecurity: Exploring the accidental insider. In Psychological and Behavioral Examinations in Cyber Security, 46–63 (2018).
[19] Kamara, S., Fahmy, S., Schultz, E., Kerschbaum, F., Frantzen, M.: Analysis of vulnerabilities in internet firewalls. (2018) https://www.cs.purdue.edu/homes/fahmy/papers/firewall-analysis.pdf
[20] Kashefi, I., Kassiri, M., & Shahidinijad, A.: A survey of on security issues in the firewall: a new approach for classifying firewall vulnerabilities. International Journal of Engineering Research and Applications (IJERA), 3 (2), pp. 585-591. (2013).
[21] Shannon, S.: The human factor of cybersecurity. (2019).
[22] Soomro, A. W., Nizamudin, A., Iqbal, U., Noorul, A.: A secured symmetric key cryptographic algorithm for the small amount of data. 3rd International Conference on Computer and Emerging Technologies. (2013).
[23] Lee, H.: The human factor in cybersecurity: Exploring the accidental insider. UK: IGI Global. (2018).
[24] Kizza, J. M.: Guide to Computer Network Security (4th Ed.). Chattanooga: Springer International Publishing AG. (2017).
[25] Kaspersky Lab.: Software Vulnerabilities. (2013) http://www.securelist.com/en/threats/vulnerabilities?chapter=35
[26] Lambert, S.: What is the purpose of a Threat and Risk Assessment (TRA)? (2014). https://www.modernanalyst.com/Careers/InterviewQuestions/tabid/128/ID/3011/What-is-the-purpose-of-a-Threat-and-Risk-Assessment-TRA.aspx
[27] Alavi, R., Islam, S., Mouratidis, H: A Conceptual Framework to Analyze Human Factors of Information Security Management System (ISMS) in Organizations. (2014). In: Tryfonas T., Askoxylakis I. (eds) Human Aspects of Information Security, Privacy, and Trust. HAS 2014. Lecture Notes in Computer Science, vol 8533. Springer, Chamhttps://doi.org/10.1007/978-3-319-07620-1_26
[28] Mbowe, J. E., Zlotnikova, I., Msanjila, S. S., Oreku, G. S.: A Conceptual Framework for Threat Assessment Based on Organization’s Information Security Policy. Journal of Information Security, 5, 166-177. (2014). http://dx.doi.org/10.4236/jis.2014.54016
Cite This Article
  • APA Style

    Paulus Kautwima, Valerianus Hashiyana, Titus Haiduwa. (2021). Information Security Mechanisms and ICT Policy in Practice: A Case of the University of Namibia. International Journal of Wireless Communications and Mobile Computing, 9(2), 7-15. https://doi.org/10.11648/j.wcmc.20210902.11

    Copy | Download

    ACS Style

    Paulus Kautwima; Valerianus Hashiyana; Titus Haiduwa. Information Security Mechanisms and ICT Policy in Practice: A Case of the University of Namibia. Int. J. Wirel. Commun. Mobile Comput. 2021, 9(2), 7-15. doi: 10.11648/j.wcmc.20210902.11

    Copy | Download

    AMA Style

    Paulus Kautwima, Valerianus Hashiyana, Titus Haiduwa. Information Security Mechanisms and ICT Policy in Practice: A Case of the University of Namibia. Int J Wirel Commun Mobile Comput. 2021;9(2):7-15. doi: 10.11648/j.wcmc.20210902.11

    Copy | Download

  • @article{10.11648/j.wcmc.20210902.11,
      author = {Paulus Kautwima and Valerianus Hashiyana and Titus Haiduwa},
      title = {Information Security Mechanisms and ICT Policy in Practice: A Case of the University of Namibia},
      journal = {International Journal of Wireless Communications and Mobile Computing},
      volume = {9},
      number = {2},
      pages = {7-15},
      doi = {10.11648/j.wcmc.20210902.11},
      url = {https://doi.org/10.11648/j.wcmc.20210902.11},
      eprint = {https://download.sciencepg.com/pdf/10.11648.j.wcmc.20210902.11},
      abstract = {As new technologies emerge in the next generation of wireless communication systems so the continued rise of cyber threats and attacks in higher education institutions. In the wake of COVID-19, however, institutions of higher learning increasingly searched for alternative ways to deliver remote education. Hence, planning for cyber security became a priority and not an option due to the new level of vulnerability posed by human factors as they utilize both licensed and open-source software and wireless devices. Based on this ground, this paper discussed pertinent points on the examined ICT policy and security mechanisms as security practices and strategies implemented by the University of Namibia’s Directorate of Information & Communication Technology Services before and post the sudden shift to remote learning. It further proposed alternative strategies to curb vulnerabilities as an element of human action. Key findings show that security breaches do happen mostly due to end-user errors and not always technical issues. A qualitative research method with a random sampling technique guided the study. Virtual interviews and a survey have been used to gather data from security specialists, academics, and administrative staff. Data got analyzed in themes. It has been concluded that both people and technology are essential in information security structure. Increased awareness, training, and improved security practices are the key solutions.},
     year = {2021}
    }
    

    Copy | Download

  • TY  - JOUR
    T1  - Information Security Mechanisms and ICT Policy in Practice: A Case of the University of Namibia
    AU  - Paulus Kautwima
    AU  - Valerianus Hashiyana
    AU  - Titus Haiduwa
    Y1  - 2021/12/29
    PY  - 2021
    N1  - https://doi.org/10.11648/j.wcmc.20210902.11
    DO  - 10.11648/j.wcmc.20210902.11
    T2  - International Journal of Wireless Communications and Mobile Computing
    JF  - International Journal of Wireless Communications and Mobile Computing
    JO  - International Journal of Wireless Communications and Mobile Computing
    SP  - 7
    EP  - 15
    PB  - Science Publishing Group
    SN  - 2330-1015
    UR  - https://doi.org/10.11648/j.wcmc.20210902.11
    AB  - As new technologies emerge in the next generation of wireless communication systems so the continued rise of cyber threats and attacks in higher education institutions. In the wake of COVID-19, however, institutions of higher learning increasingly searched for alternative ways to deliver remote education. Hence, planning for cyber security became a priority and not an option due to the new level of vulnerability posed by human factors as they utilize both licensed and open-source software and wireless devices. Based on this ground, this paper discussed pertinent points on the examined ICT policy and security mechanisms as security practices and strategies implemented by the University of Namibia’s Directorate of Information & Communication Technology Services before and post the sudden shift to remote learning. It further proposed alternative strategies to curb vulnerabilities as an element of human action. Key findings show that security breaches do happen mostly due to end-user errors and not always technical issues. A qualitative research method with a random sampling technique guided the study. Virtual interviews and a survey have been used to gather data from security specialists, academics, and administrative staff. Data got analyzed in themes. It has been concluded that both people and technology are essential in information security structure. Increased awareness, training, and improved security practices are the key solutions.
    VL  - 9
    IS  - 2
    ER  - 

    Copy | Download

Author Information
  • Department of Computing, Mathematical and Statistical Sciences, Faculty of Agriculture, Engineering and Natural Sciences, University of Namibia, Windhoek, Namibia

  • Department of Computing, Mathematical and Statistical Sciences, Faculty of Agriculture, Engineering and Natural Sciences, University of Namibia, Windhoek, Namibia

  • Department of Computing, Mathematical and Statistical Sciences, Faculty of Agriculture, Engineering and Natural Sciences, University of Namibia, Windhoek, Namibia

  • Section