Thesis Title:    A Cybersecurity Framework for The Management of Computer   Systems Security in Secondary Schools in Kenya

Student’s Name: Patrick Omondi Kwanya

Supervisors Names:

1. Alice Nambiro
2. Anthony Luvanda

Abstract:

Lately, the education sector had become a prime target for cyber-attacks. This was mainly because it had a lot of valuable data; it was potentially an easy target; it provided access to a larger network; and had a lot of users. Most of the secondary schools had been equipped with computers and computing devices. Majority of these schools had internet connectivity, making them vulnerable to cyber-attack. The vulnerability was as a result of them lacking resources and attention to cybersecurity. They had weak application security, weak endpoint security, and weak patch cadence. More had to be done to address the above-named issues and to promote cybersecurity in secondary schools. One way of addressing this was the development of cybersecurity framework. The purpose of the study was to determine the state and challenges of cybersecurity in secondary schools in Kenya and to develop a framework to address the same. This study was achieved by establishing the state of cybersecurity in secondary schools in Kenya, by determining the prevailing challenges encountered in using computer security systems in secondary schools in Kenya and by developing a cybersecurity framework for the management of computer systems in secondary schools in Kenya. Both descriptive and correlational research designs were used in this research study. The study adopted simple random sampling, stratified and purposive sampling. The study population included schools’ administrators and the teachers in charge of ICT in secondary schools in West Pokot County. They were the people who interacted mostly with the school’s computer systems and policies. The sample sizes of 88 teachers in charge of ICT and 12 schools’ administrators were used in the research study. Both questionnaires and interviews schedule were administered for data collection. Interview schedule enabled researcher to ensure that views and options were clarified especially the once which could not be captured by the questionnaires. Descriptive and inferential statistics were used in the data analysis. The results were presented through tables. The research study was carried out in secondary schools in West Pokot County. The developed cybersecurity framework would be useful to secondary schools in West Pokot County and beyond. From the analysis, most of the secondary schools had computers that were in use; Staffs were allowed to carry their computing devices to the schools, and they connected them to the schools’ network in order to access internet; there was no segmentation of  network to allow staffs have their own separate network access; some schools had IoT devices with no network segmentations; most of the schools had ways to ensure data confidentiality and data availability; most schools lack data recovery plan, means to provide endpoint security, means to provide mobile security and means to provide website security. The major challenges in using computer security systems in secondary schools is lack of enough budget to address the issues of cybersecurity. Finally, there existed a positive moderate relationship between the prevailing challenges.