Description
The need by staff and students to use smart mobile devices in university network is indisputable. This is because they help them to work and study more effectively as well as achieve better work-life balance. However smart mobile devices pose a security challenge as they continue to expand the corporate network unchecked thus increasing the attack surface. This creates a major security burden to security professionals who are supposed to ensure that smart mobile devices adhere with the security policy. The purpose of this study was to propose a solution on how to determine likelihood of threat attack in a university network. The objectives of the study were to evaluate threats introduced to university network through use of smart mobile devices, to develop a threat matrix that computes likelihood of threat attack, to identify security requirements needed for a secure university LAN ecosystem and to test and validate the matrix. Case study research design was adopted. Egerton University was selected as a case study where 384 respondents from all the campuses were targeted. Response rate of 80% was recorded and considered sufficient for the study. The matrix was designed based on five of the ISO 27001’s domains which closely relate to operation of smart mobile devices in a corporate network. Regression analysis was used to determine the Functional weights to compute likelihood of attack. The matrix was implemented as a web-based application using Hypertext Preprocessor (PHP) as server-side scripting language, MySQL was employed as a database engine and Bootstrap 4 was used for styling user interface. The developed threat matrix will act as threat and risk assessment tool to provide recommendations that maximize the protection of confidentiality, integrity and availability of university data while still providing functionality and usability of smart mobile devices.
