Defensive Cybersecurity Preparedness Assessment Model for Universities


  • William Kipkoech Too Kabarak University, P.O. Box Private Bag, Kabarak, 20157, Kenya
  • Simon Maina Karume Kabarak University, P.O. Box Private Bag, Kabarak, 20157, Kenya
  • Nelson Bogomba Masese Kabarak University, P.O. Box Private Bag, Kabarak, 20157, Kenya


With the recent uptake of fiber connectivity, broadband and internet, access has become readily available to citizens all over the world. General Cyber Security threats like malware attacks, social engineering scams and financial frauds have increased. NIST and ISO standards have proposed numerous security models, but the frightening truth about escalating cyber-attacks is that most organizations/businesses, as well as the cyber security industry itself, are unprepared. This is because most existing security analysis tools focus mainly on detecting attacks. Despite the steady flow of security updates and patches, this scenario has led to a continued rise of attack surface in institutions of higher learning where students and staff sensitive information and valuable assets is of high stake. Therefore, the purpose of this study is to develop a web-based model for assessing cybersecurity preparedness in universities. This was achieved through design science methodology and engineering design process.  The model provides the overview of the university’s preparedness level and the appropriate recommendations that need to be considered to remain cyber ready at all times.


Beniwal, S. (2015). Ethical Hacking: A Security Technique. International Journal of Advanced Research in Computer Science and Software Engineering

Biddle, S. (2017, December 13). Three of the Biggest Cybersecurity Challenges Facing the Education Sector. Retrieved March 28, 2019, from Fortinet Blog website: https:/ /

Cybersecurity. (2014). Framework for Improving Critical Infrastructure

DiMaria, J., & Tse, R. (2018). Case Study - The Business and Regulatory Value of Third Party Certification to the NIST Cybersecurity Framework.

GTAG. (2016). Assessing cybersecurity risk. Retrieved from dam/aicpa/interestareas/frc/assuranceadvisoryservices/downloadabledocuments/cybersecurity/gtag-assessing-cybersecurity-risk.

Irwin, L. (2019, March 18). ISO 27001: The 14 control sets of Annex A explained. Retrieved June 13, 2019, from IT Governance Blog website: /blog/iso-27001-the-14-control-sets-of-annex-a-explained

Kalechava, B. (2017, January 4). Information Security Management System (ISO/IEC 27000 Series). Retrieved June 10, 2019, from The ANSI Blog website: information-security-management-system-isoiec/

Kigen, P. M., Muchai, C., Kimani, K., Mwangi, M., Shiyayo, B., Ndegwa, D., ... & Shitanda, S. (2015). Kenya Cyber Security Report 2015. Serianu Limited.

Kumar, D. (2014). NIST Cybersecurity Framework v1.0: Key Takeaways

Messer, A., & Medairy, B. (2018). The Future of Cyber Defense... Going on the Offensive.

Ministry of Education, (2014). University Education and Research.

Ministry of ICT, (2014). National Cybersecurity Strategy

Mutai, J. (2017). Assessing Security Risk Exposure in Kenyan Savings and Credit Cooperative Societies using a Web Based Model to Compute Security Risk Exposure Index. 2(1), 11.

Mwambe, O. O., & Echizen, I. (2016). Security modeling tool for information systems: Security Oriented Malicious Activity Diagrams Meta Model Validation.

Neaimi, A. Al, Ranginya, T., & Lutaaya, P. (2015). A Framework for Effectiveness of Cyber Security Defenses , a case of the United Arab Emirates ( UAE ). 4(1), 290–301.

Salcito, A. (2018). The growing role of education as the engine of economic change makes the work happening to transform our schools and classrooms fundamental to global progress.

Schweizerische, S. V. (2013). Information technology-Security techniques-Information security management systems-Requirements. ISO/IEC International Standards Organization

Serianu, (2017). Kenya CyberSecurity Report 2017: Demystifying Africa’s Cyber Security Poverty Line

Shahmoradi, L., Changizi, V., Mehraeen, E., Bashiri, A., Jannat, B., & Hosseini, M. (2018). The challenges of E-learning system: Higher educational institutions perspective. Journal of Education and Health Promotion, 7.

Update, T. P. (2017). Reimagining the Role of Technology in Education?:, (January).

Weiss, M. M., & Solomon, M. G. (2016). Auditing IT infrastructures for compliance (2nd Edition). Burlington, MA: Jones & Bartlett Learning.



2022-07-04 — Updated on 2022-07-04


How to Cite

William Kipkoech Too, Simon Maina Karume, & Nelson Bogomba Masese. (2022). Defensive Cybersecurity Preparedness Assessment Model for Universities. International Journal of Computer (IJC), 43(1), 112–128. Retrieved from