Vulnerability assessment of information systems based on end-user actions: A case of University of Namibia
Loading...
Date
2022
Authors
Journal Title
Journal ISSN
Volume Title
Publisher
University of Namibia
Abstract
Nowadays, data protection is of paramount importance to every institution of higher learning.
Unfortunately, most security breaches happen as a result of an end-user error(s). End-user
errors are unintentional actions of system end-users. This includes; weak passwords, clicking
links from unverified senders, and downloading attachments from unknown senders. Most of
the efforts aimed to address cybersecurity issues are either software-centered or hardware oriented. As a result, user mistakes are overlooked since they are considered infinite,
unpredictable, and remain part of human existence. Ignoring end-user error is a gigantic
mistake and could result in a higher number of cyber-attack incidents. Therefore, institutions
of higher learning where security is a top priority need innovative strategies to deal with end user errors. Given this, this study aimed to assess different types of end-user errors that could
affect the security triad of information systems. The study adopted the mixed-method research
approach to collect data from the University of Namibia (UNAM) staff members, who
frequently use information systems known as ITS. The quantitative dimension of the study
utilized a closed-ended questionnaire to collect data from 310 UNAM staff members, who were
randomly selected from the total population. Furthermore, an experimental design was also
used to collect data from the staff members. The qualitative dimension utilized an exploratory
research design where participants were selected through a purposeful sampling strategy. A
semi-structured interview instrument was also applied to collect data from 10 staff UNAM
Computer Centre staff members. The findings of the study revealed that end-user error is one
of the major threats to information security. End-user errors present several security
vulnerabilities and risks to information systems that could subsequently get data exploited by
attackers. In addition, the study also established that confidentiality, integrity, and availability
of information systems in an institution are also affected by end-user errors. Furthermore, the
unprecedented growth of internet interconnectivity has led to an enormous increase in cyber attacks. Personal security consciousness and security awareness training are some of the most
successful measures to mitigate end-user errors. Based on the findings of the study, it is
recommended that institutions enforce information security policy and provide security
awareness training to staff members to avoid data breaches
Description
A mini thesis submitted in partial fulfilment of the requirements for the Degree of Master of Science in Information Technology
Keywords
Information systems, End-user, Namibia, University of Namibia