Assessment of the Effectiveness of Non-Technical Approach to Cyber Security Management for NLIMS System in the Ministry of Lands and Physical Planning, in Kenya
Main Article Content
Abstract
The study determined whether NLIMS has adequately addressed the social aspect of their information security system. The study was conducted at Ministry of Land and Physical Planning Headquarters in Nairobi. The study adopted descriptive research design, and utilized stratified sampling technique to select respondents. Close-ended questionnaires were used to collect quantitative on social engineering cyber threats. Results indicated that 70% of staff using NLIMS system lack knowledge about social engineering attacks, their conduct, weaknesses, and the skills necessary to prevent or stop cyber threats. The findings further indicated that the 70% of Ministry of Lands’ staff use insecure methods to dispose waste that may contain information that could be used to launch an attack. This lack of attention to secure waste disposal puts NLIMS at risk of accessing sensitive information through dumb star diving. Unauthorized personnel can easily access information on staff computers or working desks through shoulder surfing. Workstation privacy is compromised by workstation resource sharing policies, allowing malicious staff to exploit them. Over 60% of staff lack proper social engineering awareness. Further, lower rank staff accesses information they are not authorized to access through the workstation resource sharing policy. The non-technical aspect of information security at KMLPP towards NLIMS has weaknesses, impairing the overall effectiveness of the security. This study establishes, as a key take away, that despite global awareness, less attention is given to the social aspect of cyber security despite being labelled the major weakness in any information security system. The study concludes that holistic approach, technical and non-technical aspects in KMLPP's use of secure waste disposal methods, such as shredding and burning, is essential for effective management of non-technical vulnerabilities. This study recommends that KMLPP on NLIMS should pay more attention to workstation privacy, secure waste disposal and educating staff on cyber security awareness.
Article Details
This work is licensed under a Creative Commons Attribution 4.0 International License.
I/We agree to transfer the copyright of this manuscript to the International Journal of Professional Practice (The IJPP) in the event that the manuscript is published in the Journal.
I/We give the undersigned authors of the manuscript have made the following declaration:
(a) That I/We have made substantial contribution during the conception and design, or acquisition of data, or analysis and interpretation of the data,
(b) That I/We have participated in drafting the article or revising it critically for important intellectual content,
(c) That I/We have read and confirm the content of the manuscript and have agreed to it,
(d) That I/We have participated sufficiently in the work to take public responsibility for appropriate portions of the content of the paper,
(e) That I/We give guarantee that the content of the manuscript is original, and has not beenvpublished elsewhere and is not currently being considered for publication by another journal.