Vulnerability assessment of information systems based on end-user actions: A case of University of Namibia

Loading...
Thumbnail Image
Date
2022
Journal Title
Journal ISSN
Volume Title
Publisher
University of Namibia
Abstract
Nowadays, data protection is of paramount importance to every institution of higher learning. Unfortunately, most security breaches happen as a result of an end-user error(s). End-user errors are unintentional actions of system end-users. This includes; weak passwords, clicking links from unverified senders, and downloading attachments from unknown senders. Most of the efforts aimed to address cybersecurity issues are either software-centered or hardware oriented. As a result, user mistakes are overlooked since they are considered infinite, unpredictable, and remain part of human existence. Ignoring end-user error is a gigantic mistake and could result in a higher number of cyber-attack incidents. Therefore, institutions of higher learning where security is a top priority need innovative strategies to deal with end user errors. Given this, this study aimed to assess different types of end-user errors that could affect the security triad of information systems. The study adopted the mixed-method research approach to collect data from the University of Namibia (UNAM) staff members, who frequently use information systems known as ITS. The quantitative dimension of the study utilized a closed-ended questionnaire to collect data from 310 UNAM staff members, who were randomly selected from the total population. Furthermore, an experimental design was also used to collect data from the staff members. The qualitative dimension utilized an exploratory research design where participants were selected through a purposeful sampling strategy. A semi-structured interview instrument was also applied to collect data from 10 staff UNAM Computer Centre staff members. The findings of the study revealed that end-user error is one of the major threats to information security. End-user errors present several security vulnerabilities and risks to information systems that could subsequently get data exploited by attackers. In addition, the study also established that confidentiality, integrity, and availability of information systems in an institution are also affected by end-user errors. Furthermore, the unprecedented growth of internet interconnectivity has led to an enormous increase in cyber attacks. Personal security consciousness and security awareness training are some of the most successful measures to mitigate end-user errors. Based on the findings of the study, it is recommended that institutions enforce information security policy and provide security awareness training to staff members to avoid data breaches
Description
A mini thesis submitted in partial fulfilment of the requirements for the Degree of Master of Science in Information Technology
Keywords
Information systems, End-user, Namibia, University of Namibia
Citation