A Model for identifying vulnerabilities on critical infrastructures: case of cyber threats in Kenya
Date
2021-11
Authors
Maina, Simon Kuria
Journal Title
Journal ISSN
Volume Title
Publisher
Strathmore University
Abstract
With advancement in technology, industry-focused technological systems have over time faced
the challenge of attacks given their vulnerabilities resulting in denial of services and catastrophic
operations for countries. This study focused at analysing the risk exposure on Kenya’s Critical
Information Infrastructure (CII). A model for identifying the vulnerabilities that critical
infrastructures are exposed to by detecting anomalies in the set thresholds was developed. This
study adopted the vulnerability system development lifecycle to develop the model. The model
was developed following the Rapid Assessment Methodology and used the Common Vulnerability
Scoring System (CVSS) to measure the severity of potential vulnerabilities against critical
infrastructure. This allowed the model to prioritize responses and resources to remediate against
the vulnerability identified. The study found that vulnerabilities pose a security threat on systems
that are deemed critical and as such recommends that organisations should invest on vulnerability
assessment tools. These will help them detect, remediate and monitor and evaluate vulnerabilities
on CIIs.
Description
A Thesis Submitted to the Faculty of Information in partial fulfillment of the requirements for the award of Master of Science in Information Technology
Keywords
Cyber threats, Information security, Critical information infrastructures