-

In Kenya, rarely are cases concerning data security breaches in universities reported. This does not mean that there are no such cases nor does it mean that the information systems used by the universities are secure. Further, no study has been carried to determine the extent of security in the information systems used by universities in Kenya. Occurrence of a security breach is unpredictable and so informed defence against them is important. It is against this backdrop that this study was seeking to establish the extent of security in critical university information systems in Kenya and design a security model that can be adopted by the universities.

The study adopted a descriptive based approach with the use of primary and secondary data sources. Literature published in the area was reviewed and before conducing the research. Collected data was analyzed by use of descriptive statistics. Based on the findings and reviewed literature, a security model was developed.

Findings show that the universities are ready to support mission critical services with most of them having stable networks (83%), firewall (86%), intrusion detection software (81%), data backup facilities (75%) as well as UPS and generators (79.55%). However, security remains a challenge; most security breaches reported are due to inadequate technical safeguards (27%), insufficient user training (32%) and lack of comprehensive formal information system security policy (32%).

The research concludes that indeed university information systems are vulnerable to a significant extent and that security breaches are inevitable in the prevailing conditions. The cost of security breach is high and traditional approaches to security are no longer feasible. There is therefore a need a for a comprehensive and integrated information systems security framework.