An Information Security Awareness Model For Bring Your Own Devices: Case Study of a University in Kenya

Abstract

Abstract The use of Bring Your Own Device (BYOD) to access resources has extended past the boundaries of major institutions of higher learning. But, at institutions of higher learning, students, faculty, and staff are beginning to connect personal devices to the institution’s network to access resources without much considerations to the security repercussions. Therefore, this research used a university with an estimated population of about 8000 students and 500 employees as a case study and applied stratified random sampling method to classify the study population, that is, students and employees to unravel adaptation of BOYD in institutions of higher learning. A questionnaire was used for data collection and test cases were used to test threats on BYOD devices owned by the respondents to identify challenges with its awareness. The study data was analyzed by descriptive and inferential statistics methods and generalizations inference were made through correlation, regression and Structural Equation Modelling (SEM) methods. The study established a moderate influence of effort expectancy, social influence, performance expectancy, threat appraisal and coping appraisal on Information Security Awareness (ISA). Facilitating conditions had a strong influence, while habit had a weak influence on ISA. General Terms Algorithms, Management, Performance, Design, Reliability, Experimentation, Security, Human Factors, Theory, Verification.