An assessment of Information Security Awareness among employees in Higher Education Sector in Zambia: A case of Zambia’s public Universities

Abstract

The use of Information and Communication Technology to collect and process large volumes of data into information has made it possible for organisations to find ways and means of making informed decisions within a short space of time. There is so much dependent on information systems to such an extent that system failure can adversely compromise the organisation’s operations. The education sector has not been left out but has instead become an information super house. The development of information systems has however not been spared by malicious activities, whether internal or external that tend to corrupt the much treasured information. (Alghananeem, Altaee and Jida, 2014)The way employees handle information flow in the organisation can either put the organisation at risk or can instead help protect the information and related information processing assets. This study was therefore aimed at assessing Information Security Awareness (ISA) among employees in higher education sector in Zambia and how such levels contribute to information security efforts in higher learning institutions. The research was conducted by use of questionnaires grouped into five sections. The questionnaire was delivered to a total number of 150 employees from University of Zambia, Copperbelt University and Mulungushi University. The participants’ years of service and level of education ranged from 1 year to over 10 years, and from Certificate to PhD holders respectively. According to the findings of this research, it can be concluded that when employee self-awareness of information security, information security awareness training, Management’s role in Information security awareness and information security awareness compliance monitoring improve, this is going to translate into improved Information Security (IS) in higher institutions of learning in Zambia as well. The results, in addition, also show that the higher learning institutions in Zambia do not attach the much needed support to information security awareness among its employees and there is also minimal support from top management.