E-records security management at Moi University, Kenya.
Loading...
Date
2019
Authors
Journal Title
Journal ISSN
Volume Title
Publisher
Abstract
E-records are vital for the operation of the state as they document official evidence of the
transactions of a business, government, private sector, non-governmental organizations, and even
individuals. Therefore, e-records generated in organizations and institutions including universities
in Kenya are considered a vital resource used as a tool for the administration, accountability, and
efficient service delivery. Despite the importance of records to the growth and sustainability of
any organization, e-records security management at Moi University seemed to be not well
established thus exposing the records to among others, unauthorized access, risks of alteration,
deletion and loss and cyber security threats. This study sought to investigate e-records security
management at Moi University in Kenya. The following research questions were addressed: How
are e-records created, maintained, stored, preserved and disposed? How is security classification
of e-records process handled to facilitate description and access control? What security threats
predispose e-records to damage, destruction or misuse and how are they ameliorated? What
measures are available to protect unauthorised access to e-records? How is confidentiality,
integrity, availability, authenticity, possession or control and utility of e-records achieved? What
skills and competencies are available for e-records security management? The study employed
pragmatic paradigm using embedded case study research design. The target population for the
study was one hundred and forty five (145) respondents consisting of top management, deans of
schools and directors of Information Communication and Technology as well as Quality
Assurance directorates, action officers, records managers and records staff. A complete
enumeration of the population was taken, therefore a choice of sample size was not necessary. The
data was collected using interviews and questionnaires. The questionnaires were administered to
action officers, records managers and records staff, while interviews were administered to top
management, deans of schools and directors of Information Communication Technology as well
as Quality Assurance directorates respectively. Qualitative data was analysed thematically and
presented in a narrative description, while quantitative data was organized using Statistical
Package for Social Sciences (SPSS version 24) and summarized by use of descriptive statistics
such as means, frequencies, and percentage for ease of analysis and presentation by the researcher.
The findings of the study revealed that university core business functions of teaching, research,
and outreach services generated massive e-records. However, the management of such records was compromised largely because of the lack of integration of e-records management into the business
process. Besides, the university lacks an e-records management programme. Moreover, there is
lack of policy framework; thus, hampering e-records security management. Security of the erecords
were also compromised because this activity was left until the last stage of the e-record
with minimal priority. There was also lack of guidelines on e-records classification. The findings
revealed challenges related to cyber-attacks, non-adherence to ethical security values, and
inadequate skills that affected e-record security management. The study recommended the
development and implementation of a records management programme and policies, adoption of
relevant standards, developing skills about the cyberspace, provision of adequate budget,
education and training.
Description
Doctoral Degree. University of KwaZulu-Natal, Pietermaritzburg.