Information Security Awareness for Secure Disposal of Information Technology Assets: A Case of a Public University in Kenya

Abstract

Universities adopt information technology (IT) for administrative work, teaching and research. However, they are faced with challenges of managing the end of life of the IT assets. These assets contain voluminous and invaluable information capable of causing unforeseen damage to the universities' information systems if accessed by cybercriminals. To this end therefore, there is need for secure disposal of these assets. Information security awareness is a preventative measure that guards the weakest link in realising desired information security. This study determined the influence of information security awareness on secure disposal of information technology assets by one of the universities in Kenya. The study aimed to understand the methods of information security awareness used; determine the procedures used in disposal of I T assets and the influence of information security awareness on I T asset disposal procedures and finally, proposed and validated a framework for secure disposal of I T assets. The study adopted a descriptive research design, and quantitative data analysis. Ninety-six administrative staffs of a public university in Kenya were targeted by the study. The researcher used mixed sampling method, using Yamane's formula to arrive at the sample size. Primary data collection was through close ended questionnaire, which were administered online, and data was presented through tables and figures. Quantitative data analysis was done using SPSS. For model evaluation, Structural Equation Modelling (SEM) was used which was aided by SPSS Analysis of Moment Structures (AMOS) tool.

The study found that all the independent variables had a significant and positive relationship with secure I T asset disposal; motivation (r = .704, p = .000); reciprocal determinism (r = .546, p = .000); observational learning (r = .644, p = .000); self-efficacy (r = .569, p = .000) and expected outcome (r = .618, p = .000) all showed a significant influence on secure IT asset disposal. The findings also indicate that the t values were more than 1.96 testing at 95% confidence level. Motivation (t = 8.105, p = .000), reciprocal determinism (t = 5.339, p = .000), observational learning (/ = 6.886, p = .000), self-efficacy (t = 5.665, p = .0000) and expected outcome (t = 6.440, p = .000) all showed a significant effect on secure I T asset disposal.

The study concluded that formal training sessions in universities increased information security awareness as well as other supplementary methods adopted. Additionally, computer-based information security training was more engaging compared to other methods of raising information security awareness. It was noted too that there were recommended IT asset disposal procedures which guaranteed safety of the university's information system. The study recommends that the universities should consider training their workers right from the time they join the institution so as to increase their information security awareness. Additionally, the universities should employ other forms of data protection other than overwrite and secure erase to increase the alternative procedures of disposing IT assets.