An Investigation on the Techno-Human Influence on Examination Information Security Management: A Case of Three Kenyan Universities

Abstract

The use of and reliance on information systems for business has been on the rise especially in recent years. This has had a serious impact on the security of business information. Previous studies have identified two areas that must be considered when creating a secure information system: technology and human compliance to policies. Many researchers have stated that technology vulnerabilities are a key source of weakness and data loss in many information systems in organizations. Additionally, studies have shown that inappropriate user behavior and staff nonconformity to organizational information systems security policies may lead to data breaches; these factors are therefore major concerns in many organizations. The purpose of this study, therefore, was to investigate the technology and human related factors that may contribute to information security breaches as far as confidentiality of examination materials in selected Kenyan universities is concerned. This was motivated by the need to safeguard examination confidentiality. Specifically, the study aimed to examine the influence of technological factors on examination information security management, investigate the influence of individual factors on examination information security management and explore the influence of organizational factors on examination information security management. Based on the purpose of the study and the type of data collected, a descriptive research design and convenience sampling were used. Information was obtained from both first hand sources (primary data) and from available literature (secondary data). The primary data was quantitative with 120 questionnaires administered. Several sources of literature reviewed in order to collect data. The scope of the study was limited to 3 Kenyan universities. Limitations experienced while carrying out the study included reluctance from some members of the sample to participate in the study, time and cost constraints. Results of multiple regression analysis show that the factors considered in this study explain almost one third (r2 equals .326) of the variance in the dependent variable i.e. user security behavior. Further, the p-value of .000 (< .001) implies that the research model is significant at the 1 percent level and that the independent variables considered in this v study namely self-efficacy, information security awareness, threat appraisal, job satisfaction, organizational culture, security policy, training and awareness and management commitment to Information Security Management (ISM) significantly statistically influence user security behavior, as a whole, in the selected universities. Given the results obtained from the study, it is recommended that the study be extended to cover a wide range of institutions of higher learning in order for them to understand their information security environments and consequently tailor make solutions to address their findings. Other factors that have been identified in previous studies on user security behavior with respect to information security and were not included in this study, such as rewards, personal innovativeness, direct supervisory practices and coping appraisal, should be considered for future research work. Practically, an environment that cultivates self-efficacy, information security awareness and job satisfaction as well as a healthy information security culture should be encouraged to improve user security behavior.