DEVELOPING A THREAT MATRIX FOR SMART MOBILE DEVICES IN A UNIVERSITY NETWORK TOWARDS A SECURE LOCAL AREA NETWORK ECOSYSTEM

Abstract

The need by staff and students to use smart mobile devices in university network is indisputable. This is because they help them to work and study more effectively as well as achieve better work-life balance. However smart mobile devices pose a security challenge as they continue to expand the corporate network unchecked thus increasing the attack surface. This creates a major security burden to security professionals who are supposed to ensure that smart mobile devices’ adherence to the security policy. The purpose of this study was to propose a solution on how to determine the likelihood of threat attack in a university network. The objectives of the study were to assess threats introduced to the university network through smart mobile devices, to develop a threat matrix that computes likelihood of threat attack, to identify security requirements needed for a secure university LAN ecosystem and to test and validate the matrix. Case study research design was adopted where Egerton University was selected as a case study with 384 respondents from all the campuses as target population. Response rate of 80% was recorded and considered sufficient for the study. The matrix was designed based on five of the ISO 27001’s domains which closely relate to operation of smart mobile devices in a corporate network. Regression analysis was used to determine the Functional weights to compute likelihood of attack. The matrix was implemented as a web-based application using Hypertext Preprocessor (PHP) as server-side scripting language, MySQL was employed as a database engine and Bootstrap 4 was used for styling user interface. The developed threat matrix acted as threat and risk assessment tool to provide recommendations that maximize the protection of confidentiality, integrity and availability of university data while still providing functionality and usability of smart mobile devices.