AN EVALUATION OF CYBER INCIDENT MANAGEMENT SYSTEMS IN HIGHER EDUCATION INSTITUTIONS (HEIS) IN KENYA

Authors

  • Paul Okanda Associate Professor, Computing and Informatics Department, School of Science and Technology, United States International University-Africa, Kenya.
  • Abdijabar Abass Graduate, Computing and Informatics Department, School of Science and Technology, United States International University-Africa, Kenya.

DOI:

https://doi.org/10.29121/digisecforensics.v2.i2.2025.50

Keywords:

Cybersecurity, Incident Management, Real-Time Threat Detection, Kenyan Universities, Cyber Threats

Abstract

Kenyan universities are increasingly integrating digital technologies into their academic and administrative operations. However, this digital transformation has exposed institutions to escalating cybersecurity threats, including data breaches, ransomware attacks, and unauthorized access to critical information. This study evaluates the effectiveness of existing cybersecurity measures and incident management systems in Kenyan universities, aiming to identify key vulnerabilities and areas for improvement. A structured survey was conducted among IT personnel from four major Kenyan universities, gathering data on cybersecurity preparedness, existing frameworks, and incident response strategies. The findings indicate that while universities have implemented basic cybersecurity measures such as firewall protections and access controls, there are significant gaps in real-time threat detection, incident response preparedness, and cybersecurity training programs. Many institutions lack dedicated cybersecurity teams, and incident response mechanisms are largely reactive rather than proactive. Additionally, limited financial and technical resources hinder effective implementation of cybersecurity policies. This paper highlights critical deficiencies in cybersecurity frameworks currently in use and emphasizes the need for real-time monitoring systems, improved staff training, and the adoption of automated threat detection tools. The study recommends a multi-stakeholder approach involving universities, government agencies, and cybersecurity experts to enhance resilience against evolving cyber threats. Addressing these gaps will allow Kenyan universities can strengthen their cybersecurity posture, protect academic assets, and safeguard the privacy of students and faculty members. This research contributes to ongoing discussions on cybersecurity in higher education and provides a foundation for developing more effective cybersecurity policies and frameworks in African academic institutions.

References

Campbell, D. T., & Fiske, D. W. (1959). Convergent and Discriminant Validity by the Multitrait-Multimethod Matrix. Psychological Bulletin, 56(2), 81–105. https://doi.org/10.1037/h0046016 DOI: https://doi.org/10.1037/h0046016

Chizanga, T., Ncube, C., & Dlodlo, M. (2022). The Impact of Financial Constraints on Cybersecurity Infrastructure in African Universities. Journal of Information Security Studies, 15(3), 45–60.

Cohen, L., & Arieli, T. (2011). Field Research in Conflict Environments: Methodological Challenges and Snowball Sampling. Journal of Peace Research, 48(4), 423–435. https://doi.org/10.1177/0022343311405698 DOI: https://doi.org/10.1177/0022343311405698

Creswell, J. W. (2013). Research Design: Qualitative, Quantitative, and Mixed Methods Approaches (4th ed.). SAGE Publications.

Davis, F. D. (1989). Perceived Usefulness, Perceived Ease of Use, and User Acceptance of Information Technology. MIS Quarterly, 13(3), 319–340. https://doi.org/10.2307/249008 DOI: https://doi.org/10.2307/249008

Dolliver, D. S., Ghazi-Tehrani, A. K., & Poorman, K. T. (2021). Building a Robust Cyberthreat Profile for Institutions of Higher Education: An Empirical Analysis of External Cyberattacks Against a Large University’s Computer Network. International Journal of Law, Crime and Justice, 66, 100484. https://doi.org/10.1016/j.ijlcj.2021.100484 DOI: https://doi.org/10.1016/j.ijlcj.2021.100484

Fornell, C., & Larcker, D. F. (1981). Evaluating Structural Equation Models with Unobservable Variables and Measurement Error. Journal of Marketing Research, 18(1), 39–50. https://doi.org/10.1177/002224378101800104 DOI: https://doi.org/10.1177/002224378101800104

Hair, J. F., Hult, G. T. M., Ringle, C. M., & Sarstedt, M. (2017). A Primer on Partial Least Squares Structural Equation Modeling (PLS-SEM) (2nd ed.). SAGE Publications.

Hair, J. F., Sarstedt, M., Ringle, C. M., & Gudergan, S. P. (2019). Advanced Issues in Partial Least Squares Structural Equation modeling. SAGE Publications.

Henseler, J., Hubona, G., & Ray, P. A. (2016). Using PLS Path Modeling in New Technology Research: Updated Guidelines. Industrial Management & Data Systems, 116(1), 2–20. https://doi.org/10.1108/IMDS-09-2015-0382 DOI: https://doi.org/10.1108/IMDS-09-2015-0382

Hu, L. T., & Bentler, P. M. (1999). Cutoff Criteria for Fit Indexes in Covariance Structure Analysis: Conventional Criteria Versus New Alternatives. Structural Equation Modeling : A Multidisciplinary Journal, 6(1), 1–55. https://doi.org/10.1080/10705519909540118 DOI: https://doi.org/10.1080/10705519909540118

Hutchins, E. M., Cloppert, M. J., & Amin, R. M. (2011). Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains. Leading Issues in Information Warfare & Security Research, 1(1), 80–105.

Kaibiru, M., Ochieng, R., & Kamau, G. (2023). Policy Enforcement and Cybersecurity Management in Higher Education Institutions: A Kenyan Perspective. African Journal of Cybersecurity & Digital Transformation, 10(2), 112–129.

Kim, Y., Lee, I., Kwon, H., Lee, K., & Yoon, J. (2023). Ban: Predicting APT Attack Based on Bayesian Network with MITRE ATT&CK Framework. IEEE Access, 11, 91949–91968. https://doi.org/10.1109/ACCESS.2023.3306593 DOI: https://doi.org/10.1109/ACCESS.2023.3306593

Laibuta, M. (2023, December 11). Adequacy of Data Protection Regulation in Kenya. SSRN. https://doi.org/10.2139/ssrn.4724788 DOI: https://doi.org/10.2139/ssrn.4724788

Makori, E. O., & Mauti, N. O. (2016). Digital Technology Acceptance in Transformation of University Libraries and Higher Education Institutions in Kenya. Library Philosophy and Practice, Article 1379. https://digitalcommons.unl.edu/libphilprac/1379/

Maranga, D., & Nelson, T. (2019). A Comparative Study of Cybersecurity Practices in African and Western Universities. International Journal of Cybersecurity Research, 7(4), 221–240.

Musembi, S., Oduor, R., & Kimiywe, J. (2024). Institutional Frameworks that Guide Research Integrity and Security Towards Protection of IP and Management of Technology Transfer in Universities in Kenya. African Journal of Food, Agriculture, Nutrition and Development, 24(4). https://doi.org/10.18697/ajfand.129.SC016 DOI: https://doi.org/10.18697/ajfand.129.SC016

National Institute of Standards and Technology. (2024). Framework for Improving Critical Infrastructure Cybersecurity (Version 2.0). U.S. Department of Commerce.

Njoroge, P., Wambua, E., & Mutiso, J. (2021). Cybersecurity Awareness in Kenyan Universities: Challenges and Opportunities. East African Journal of Information Technology, 8(1), 33–48.

Oprean, C., Titu, M., & Tanasescu, C. (2017). Security Management of University Campuses. International Conference Knowledge-Based Organization, 23(1), 49–54. https://doi.org/10.1515/kbo-2017-0069 DOI: https://doi.org/10.1515/kbo-2017-0069

Owino, V. (2025, April). Cyber Attacks in Kenya Triple to 2.5bn as Criminals Target key Sectors. Business Daily.

Rogers, R. W. (1975). A Protection Motivation Theory of Fear Appeals and Attitude Change. The Journal of Psychology, 91(1), 93–114. https://doi.org/10.1080/00223980.1975.9915803 DOI: https://doi.org/10.1080/00223980.1975.9915803

Serem, A. (2021). Incident Response Mechanisms in Kenyan Universities: An Assessment of Cybersecurity Readiness. Kenya Journal of Digital Security, 6(2), 75–89.

Smith, J., & Doe, A. (2022). Cybersecurity Resilience in Higher Education Institutions: Lessons from the United States and Europe. Journal of Advanced Cybersecurity Studies, 12(5), 193–212.

Strom, B., Applebaum, A., Miller, D., Nickels, K., Pennington, A., & Thomas, C. (2018). MITRE ATT&CK: Design and Philosophy. MITRE Corporation Technical Report.

Tavakol, M., & Dennick, R. (2011). Making Sense of Cronbach’s Alpha. International Journal of Medical Education, 2, 53–55. https://doi.org/10.5116/ijme.4dfb.8dfd DOI: https://doi.org/10.5116/ijme.4dfb.8dfd

Vogt, W. P., Gardner, D. C., & Haeffele, L. M. (2012). When to use What Research Design. Guilford Press.

Downloads

Published

2025-10-07

How to Cite

Okanda, P., & Abass, A. (2025). AN EVALUATION OF CYBER INCIDENT MANAGEMENT SYSTEMS IN HIGHER EDUCATION INSTITUTIONS (HEIS) IN KENYA. Journal of Digital Security and Forensics, 2(2), 11–37. https://doi.org/10.29121/digisecforensics.v2.i2.2025.50

Issue

Vol. 2 No. 2 (2025): Volume 2 Issue 2 July- December- 2025

Section

Articles

License

Copyright (c) 2025 Paul Okanda, Abdijabar Abass

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

With the licence CC-BY, authors retain the copyright, allowing anyone to download, reuse, re-print, modify, distribute, and/or copy their contribution. The work must be properly attributed to its author.

It is not necessary to ask for further permission from the author or journal board. 

This journal provides immediate open access to its content on the principle that making research freely available to the public supports a greater global exchange of knowledge.

Crossref
Scopus
Google Scholar
Europe PMC