Framework for Managing Cybersecurity Risk in Nigerian Universities

Badamasi, Bukhari and Utulu, Samuel Framework for Managing Cybersecurity Risk in Nigerian Universities., 2021 . In Proceedings of the 1st Virtual Conference on Implications of Information and Digital Technologies for Development, 2021, Virtual Conference, May 2021. [Conference paper]

Cyber Security IFIP Paper.pdf

Download (1MB) | Preview

English abstract

Universities in developing countries, including those in Nigeria, experience cybercrime risks due to poor management of their cyber spaces and resources. The outcome of these cybercrimes are threats and breaches of universities’ cyber security. The threats and breaches have resulted in substantial financial, social, and intellectual property losses. In the recent past, Nigerian universities have started to respond to these cyber-attacks. Many of them now invest in anti-cybercrime tools and programs to mitigate cyber security threats and breaches. Despite this, the number of times Nigerian universities suffer from cyber-attacks and the losses that result from them keeps increasing. Our observation, however, indicates that most Nigerian universities run their cyber security without using scientifically derived frameworks that spell out how to manage threats and breaches that emanate from within and outside them. We consider this a problem to ongoing efforts made by Nigerian universities to mitigate cyber security threats and breaches. The study reported in this paper was therefore, carried out to explicate how Nigerian universities can develop actionable frameworks that can help them to mitigate cyber security threats and breaches. The study is based on literature review and propose how an actionable framework that Nigerian Universities can adopt to setoff cybersecurity programs can be developed. The process comprises of problem identification, description of objectives, designing and developing the artefact, testing, and evaluating the artefact, and communicating the result. We conclude that the framework provides a lucrative starting point for Nigerian universities to setoff efficient and effective cyber security program.

Item type: Conference paper
Keywords: Cyber-security, Cyber-security Management, Cyber-security Management Framework, Universities, Nigeria
Subjects: B. Information use and sociology of information > BC. Information in society.
B. Information use and sociology of information > BD. Information society.
B. Information use and sociology of information > BE. Information economics.
B. Information use and sociology of information > BF. Information policy
F. Management. > FH. Reorganization.
Depositing user: Samuel Utulu
Date deposited: 20 Jul 2021 05:32
Last modified: 20 Jul 2021 05:32


Abu-Taieh, E. M. (2017). Cyber security body of knowledge. 2017 IEEE 7th International Symposium on Cloud and Service Computing (SC2),

Adesina, R., & Ingirige, B. (2019). Dismantling barriers to effective disaster management in nigeria. 14th International Postgraduate research conference 2019: Contemporary and Future Directions in the Built Environment,

Aheleroff, S., Xu, X., Zhong, R. Y., & Lu, Y. (2021). Digital twin as a service (DTaaS) in industry 4.0: an architecture reference model. Advanced Engineering Informatics, 47, 101225.

Alpert, B. S. (2012). College and University Disaster Management: The Impact of Leader Behavior on Response and Recovery from Disaster

Armenia, S., Angelini, M., Nonino, F., Palombi, G., & Schlitzer, M. F. (2021). A dynamic simulation approach to support the evaluation of cyber risks and security investments in SMEs. Decision Support Systems, 113580.

Aven, T., & Renn, O. (2010). Risk management. In Risk Management and Governance (pp. 121158). Springer.

Avgerou, C. (2008). Information systems in developing countries: a critical research review. Journal of information Technology, 23(3), 133-146.

Baskerville, R., Baiyere, A., Gregor, S., Hevner, A., & Rossi, M. (2018). Design science research contributions: finding a balance between artifact and theory. Journal of the Association for Information Systems, 19(5), 3.

Bian, S., Deng, Z., Li, F., Monroe, W., Shi, P., Sun, Z., Wu, W., Wang, S., Wang, W. Y., & Yuan, A. (2018). Icorating: A deep-learning system for scam ico identification. arXiv preprint arXiv:1803.03670.

Bukhari, B. (2018). Effects of Security Protocols on Cybercrme in Ahmadu Bello University, Zaria [Academic Masters, University of KwaZulu Natal, South Africa].

Chapman, J. (2019). How safe is your data? Cyber-security in higher education. Higher Education Policy Institute Policy.

Clausen. (2019). Justifying military intervention: Yemen as a failed state. Third World Quarterly, 40(3), 488-502.

Clausen, S. T. (2019). Enabling the Implementation of Drones into Local Disaster Preparedness Key considerations from challenges and lessons learned in Chile.

De Paoli, S., Johnstone, J., Coull, N., Ferguson, I., Sinclair, G., Tomkins, P., Brown, M., & Martin, R. (2020). A Qualitative Exploratory Study of the Knowledge, Forensic, and Legal Challenges from the Perspective of Police Cybercrime Specialists. Policing: A Journal of Policy and Practice.

Demers, G., Harrington, S., Cianci, M., & Green, N. (2017). Protecting Colleges & Universities Against Real Losses in a Virtual World, 33 J. Marshall J. Info. Tech. & Privacy L. 101

(2017). The John Marshall Journal of Information Technology & Privacy Law, 33(2), 3.

Eboibi, F. E. (2020). Concerns of cyber criminality in South Africa, Ghana, Ethiopia and Nigeria: rethinking cybercrime policy implementation and institutional accountability. Commonwealth Law Bulletin, 46(1), 78-109.

Egbunike, N. (2019). Nigerian students face cybercrime charges for criticising their university


Ekpoh, U. I., Edet, A. O., & Ukpong, N. N. (2020). Security Challenges in Universities: Implications for Safe School Environment. Journal of Educational and Social Research, 10(6), 112-112.

France-Presse, A. (2020). US Says China Trying to Steal COVID-19 Vaccine Research.

Glantz, C., Somasundaram, S., Mylrea, M., Underhill, R., & Nicholls, A. (2016). Evaluating the maturity of cybersecurity programs for building control systems. US Department of Energy Office of Scientific and Technical Information.

Heeks, R. (2017). Decent work and the digital gig economy: a developing country perspective on employment impacts and standards in online outsourcing, crowdwork, etc. Development Informatics Working Paper(71).

Heide, M., von Platen, S., Simonsson, C., & Falkheimer, J. (2018). Expanding the scope of strategic communication: Towards a holistic understanding of organizational complexity. International Journal of Strategic Communication, 12(4), 452-468.

Hevner, A., & Chatterjee, S. (2010). Design science research in information systems. In Design research in information systems (pp. 9-22). Springer.

Hollis, S. (2015). The role of regional organizations in disaster risk management. In The Role of Regional Organizations in Disaster Risk Management (pp. 1-12). Springer.

Hunton, P. (2011). A rigorous approach to formalising the technical investigation stages of cybercrime and criminality within a UK law enforcement environment. Digital investigation, 7(3-4), 105-113.

Igba, D., Elizabeth, C., & Nwambam, A. S. (2018). Cybercrime among University Undergraduates: Implications on their Academic Achievement. International Journal of Applied Engineering Research, 13(2), 1144-1154.

Iriqat, Y. M., & Molok, N. N. A. (2019). Information security policy perceived compliance among staff in palestine universities: an empirical pilot study. 2019 IEEE Jordan International Joint Conference on Electrical Engineering and Information Technology (JEEIT), ITU. (2015). Global cybersecurity index & cyberwellness profiles report (Cybersecurity, Issue. I.T. Union.

Kuusikallio, V. (2017). Community-based disaster preparedness in The Kimbilio Women´ s Shelter and Education Center.

Li, F., Li, Z., Han, W., Wu, T., Chen, L., Guo, Y., & Chen, J. (2018). Cyberspace-oriented access control: A cyberspace characteristics-based model and its policies. IEEE Internet of Things

Journal, 6(2), 1471-1483.

Maarten, G., Artur, U., Erik, F., & Michel, R. (2015). A meta-analysis of threats, trends, and responses to cyber attacks (Assessing Cyber Security, Issue. T. H. C. f. S. Studies.

Makeri, Y. A. (2017). Cyber Security Issues in Nigeria and Challenges. International Journal, 7(4).

Mamogale, H. (2011). Assessing disaster preparedness of learners and educators in Soshanguve

North schools. Bloemfontein, South Africa: The Disaster Management Training and Education Centre for Africa, the University of the Free State.

Mary, L. (2016). IT Security and Privacy.

Mikkola, M., Oksanen, A., Kaakinen, M., Miller, B. L., Savolainen, I., Sirola, A., Zych, I., & Paek, H.-J. (2020). Situational and Individual Risk Factors for Cybercrime Victimization in a

Cross-national Context. International Journal of Offender Therapy and Comparative Criminology, 0306624X20981041.

Mojeed, M. (2020). How Nigerian University Launched Massive Cyberattacks Against Premium Times.

Morgan, S. (2020). Cybercrime To Cost The World $10.5 Trillion Annually By 2025 Cybercrime Magazine. In.

Ngwenyama, O. (2014). Logical foundations of social science research. In Advances in Research Methods for Information Systems Research (pp. 7-13). Springer.

NIST. (2020). CYBERSECURITY FRAMEWORK.{9662775243}-{100779850978}{426501511627}_00021238_fy21q1&utm_promoter=tenable-indegy-nb00021238&utm_source=google&utm_term=%2Bnist%20%2Bframework&utm_medium=



Odinma, A. (2010). Cybercrime & Cert: Issues & Probable Policies for Nigeria. DBI Presentation,

Nov, 1-2.

Okeshola, F. B., & Adeta, A. K. (2013). The nature, causes and consequences of cyber crime in

tertiary institutions in Zaria-Kaduna state, Nigeria. American International Journal of

Contemporary Research, 3(9), 98-114.

Okoli, C., & Schabram, K. (2010). A guide to conducting a systematic literature review of information systems research.

Olagunju, M., & Utulu, S. (2021). Money Market Digitization Consequences on Financial Inclusion of Businesses at the Base of the Pyramid in Nigeria. In the digital distruption of financial services: international perspectives, Ewa Lechman & Adam Marszk (Eds.).

Oliver, E. (2010). Being Lecture Delivered at DBI/George Mason University Conferenceon Cyber Security holding. In: Department of Information Management Technology Federal University of ….

Osho, O., & Onoja, A. D. (2015). National Cyber Security Policy and Strategy of Nigeria: A Qualitative Analysis. International Journal of Cyber Criminology, 9(1).

Parsons, S. (2020). The Duke of Cambridge visits the laboratory in Oxford where a potential vaccine has been produced.

Pattinson, M. R., Butavicius, M. A., Ciccarello, B., Lillie, M., Parsons, K., Calic, D., & McCormac, A. (2018). Adapting Cyber-Security Training to Your Employees. HAISA,

Pavol Zavarsky, C., & CISM, C. (2014). Step-by-step guidance on how to establish, implement and operate cybersecurity management system (ISMS).

Purohit, D. P., Siddiqui, N., Nandan, A., & Yadav, B. P. (2018). Hazard identification and risk assessment in construction industry. International Journal of Applied Engineering Research,

13(10), 7639-7667.

Rashid, A., Danezis, G., Chivers, H., Lupu, E., Martin, A., Lewis, M., & Peersman, C. (2018). Scoping the cyber security body of knowledge. IEEE Security & Privacy, 16(3), 96-102.

Ryder, R. D., & Madhavan, A. (2019). Cyber Crisis Management: Overcoming the Challenges in Cyberspace. Bloomsbury Publishing.

Sanoo, J. (2018). Cyber Security Tutorials. Retrieved 26/06/2020 from

Saulawa, M. a. A., & Abubakar, M. (2014). Cybercrime in nigeria: An overview of cybercrime act 2013. JL Pol'y & Globalization, 32, 23.

Sausalito, C. (2020). Cybercrime To Cost The World $10.5 Trillion Annually By 2025. Cybercrime.,%243%20trillion%20USD%20in%202015

Schneier, B. (2009). Schneier on security. John Wiley & Sons.

Singh, U. K., & Joshi, C. (2017). Information Security Risk Management Framework for University Computing Environment. IJ Network Security, 19(5), 742-751.

Smith, W. (2019). A comprehensive cybersecurity defense framework for large organizations.

Sobers, R. (2021). 134 Cybersecurity Statistics and Trends for 2021.

Soomro, T. R., & Hussain, M. (2019). Social media-related cybercrimes and techniques for their prevention. Applied Computer Systems, 24(1), 9-17.

Stein, S. (2008). ITU Global Cybersecurity Agenda (GCA) High-Level Experts Group (HLEG) Global strategic report. ITU.

Taylor, L. (2017). What is data justice? The case for connecting digital rights and freedoms globally.

Big Data & Society, 4(2), 2053951717736335.

Utulu, S., Sewchurran, K., & Dwolatzky, B. (2013). Systematic and Grounded Theory Literature Reviews of Software Process Improvement Phenomena: Implications for IS Research. Proceedings of the Informing Science and Information Technology Education Conference,

Utulu, S. C. A., & Ngwenyama, O. (2017). Model for constructing institutional framework for scientific knowledge management systems: Nigerian institutional repository innovation case applicable to developing countries. In Catalyzing Development through ICT Adoption (pp.

149-174). Springer.

Valeriano, B., & Maness, R. C. (2015). Cyber war versus cyber realities: Cyber conflict in the

international system. Oxford University Press, USA.

Walker, A. (2020). UK '95% sure' Russian hackers tried to steal coronavirus vaccine research.

Webb, J., & Hume, D. (2018). Campus IoT collaboration and governance using the NIST cybersecurity framework.

Whitehead, G. (2020). Investigation of factors influencing cybersecurity decision making in Irish SME's from a senior manager/owner perspective Dublin, National College of Ireland].

Wolfswinkel, J. F., Furtmueller, E., & Wilderom, C. P. (2013). Using grounded theory as a method for rigorously reviewing literature. European Journal of Information Systems, 22(1), 45-55.

Xie, J. (2020). In Coronavirus Vaccine Hunt, a Race to Be First.


Downloads per month over past year

Actions (login required)

View Item View Item