IMPACTS OF ICT SECURITY TRAINING ON MALWARE CONTROL AND POLICY IMPLEMENTATION IN UNIVERSITIES' COMPUTER NETWORKS.
Abstract
The study determined the effects of ICT personnel training on malware control and security implementation within public Universities in Kenyan. Malware infestation and unauthorized practices in information systems have been in the rise in Kenyan universities, thereby compromising integrity of critical information therein. studies indicate that malware causes breaches of data integrity and availability. While universities and other institutions conduct employee security training in order to lessen the impact of such information systems' security breaches, the effectiveness of such trainings with respect to security elements have not been established. The desire to assess the real effects of such training on the intended purpose has led to a focused attention in ICT security Training and its effects on malware control and implementation of security policies within public Universities in Kenyan. The study objectives have been; to investigate the effects of ICT personnel training on malware control ; to determine the effects of ICT personnel training on implementation of security policies in computer networks within universities in Kenya. Out of 31 public Universities in Kenya, with a population of 409 network related personnel, a sampling formula was employed that yielded 203 personnel as a sample. Questionnaires were administered to the sample for data collection. Data analysis was mainly through correration and regression model in Tobin’s Q equation in relation to Likert model. The major outcome of the study was a positive correlation between ICT security training and all the features of malware control and security policy. The findings could be significant ICT managers for boosting IT security management.
Downloads
References
Anderson, C., (2007). Information security and availability: The Impact of Training on IT Organizational performance. Retrieved from www.idc.com.
Baldwin, T., & Magjuka, R.J., (1988). Transfer of training: A review and directions for future research. Personnel Psychology review, vol. 41, pp. 63-105.
Barrett, A., & O’Connell, P. J., (2001). Does training generally work? : The returns to in-company training. Industrial and Labor Relations Review, 54(3) pp. 647-662.
Barry T. Hirsch and Terry G. (2012). Functional Form in Regression Models of Tobin's Q. Review of Economics and Statistics, The MIT Press, Vol. 75, No. 2. pp. 381-385.
Becker, H. S. (1960). Notes on the concept of commitment. The American Journal of Sociology, 66(1), pp. 32-40.
Birdi, K. S., (2005). No idea? Evaluating the effectiveness of creativity training. Journal of European Industrial Training, vol. 29(2), pp. 102-111.
Bishop. (2002). Computer security: Art and science , Addison-Wesley.
Cheswick & Bellovin., (2003). Firewalls and Internet Security, Second edition Addison-Wesley.
Clogg, C. C. (1979). Some latent structure models for the analysis of Likert-type data. Social Science Research, 8, 287-301
Deloitte., (2005). Global Security Survey. New York.
D’Arcy, Hovav, & Galletta., (2008). User awareness of security countermeasures and its impact on information systems misuse information systems. INFORMS Research Articles in Advance, pp. 1–20.
Frazis, H., Gittleman, M., Horrigan, M., & Joyce, M., (1998). Results from the 1995 Survey of Employer Provided Training. Monthly Labor Review, 121(6), pp. 3-13
Heyes, J., & Stuart, M., (1996). Does training matter? Employee experiences and attitudes. Human Resource Management Journal, 6(3): 7-21.
Howard & LeBlanc., (2002). Writing secure code, second edition, Microsoft Press.
IBM Corporation., (2008). Values of Information Security Training. Retrieved from: [ftp://ftp.lotus.com/info/training/value-of-training_oct2008.pdf]
Mullard, S., (2007). Network security: the impact of computer and network security in corporations today. http://ttcshelbyville.files.wordpress.com/networksecurity.doc. effectiveness. Academy of management review, vol. 11, pp. 736-749.
Owens, P. L., (2006). One more reason not to cut your training budget: The relationship between training and organizational outcomes. Public Personnel Management, 35(2), pp.163-171.
Powanda, J., (1999). Assembling a Curriculum for Various Security Disciplines, 12th Annual FISSEA Conference, NIST.
Russell C., (2002). Security awareness – Implementing an effective strategy. [Available at
http://www.sans.org/reading-room/whitepapers/awareness/
security-awareness-implementing-effective-strategy-418]
Rubin., (2001). White-hat security arsenal, Addison-Wesley
Saltzer & Kaashoek (2009). Principles of computer system design, Morgan Kaufmann.
Steers, R. M., (1977). Antecedents and outcomes of organizational commitment. Administrative Science Quarterly, 22(1),pp. 46-56.
Yamane, T., (1967). Statistics: An Introductory Analysis, (2nd Ed). New York: Harper and Row.
Author(s) and co-author(s) jointly and severally represent and warrant that the Article is original with the author(s) and does not infringe any copyright or violate any other right of any third parties, and that the Article has not been published elsewhere. Author(s) agree to the terms that the IJRDO Journal will have the full right to remove the published article on any misconduct found in the published article.