Framework for enhancing cyber security: case study of Kenyan Internet Service Providers
Gitonga, Edward Githinji
Cyber security plays an important role in ensuring an ISP's services availability so as to ensure its clients satisfaction. It is just not about detection of cyber threats but also having the best practices to thwart such attacks. This involves classifying the attacks and assessing their impact should they be successful; while doing this, it is also necessary to note the defense mechanisms currently in place and come up with the best strategies to deal with such attacks. ISPs monitor the traffic that is routed through their network, detecting threats and reporting the same to their clients for them to protect their own networks. Currently, ISPs just detect and advice their clients but it is not just about detection but most importantly what to do with the data once it is detected. Having a framework that guides an organization on what to do should a cyber attack be detected greatly improves the organization's preparedness in dealing with cyber attacks. This research undertook both quantitative and qualitative approaches of the cyber threats that Kenyan ISPs face and ways of improving their preparedness to handle cyber attacks with the use of both primary and secondary data sources. A descriptive research design was employed with the use of questionnaires as principal data collection instrument, Several cyber security frameworks were evaluated and the proposed framework borrowed from the SCADA security framework and the game theoretic data fusion approach for cyber situation awareness and impact assessment. The questionnaire was distributed to all the individuals in the sample. The sample size was drawn from the technical staff of these Kenyan ISPs. Collected data was analyzed using both quantitative and qualitative data analysis approaches. Data from the questionnaires was checked for completeness, coded and logged into the computer system using Statistical Package for Social Science (SPSS). The study found out that ISPs are interested in a framework for handling cyber attack data (100%) so as to better handle cyber threats. Also, the following was established on cyber threats: for malware, 95% agreed that it does occur; for phishing, 82% agreed; for pharming (diversion of internet traffic), 59% agreed; and for spam, 86% agreed. On whether employees in the organization are well-trained to handle cyber security threats, only 37% agreed. The study concludes with a cyber security framework composed of cyber attack classification, attacks database, impact analysis, and recommended best response strategies. The framework provides a mechanism for handling cyber attack data, from classification of the attack type, vulnerabilities' evaluation and the best strategies for preventing the attack.
Submitted in partial fulfillment of the requirements for the Degree of Masters of Science in Information Technology
Cyber security, ISP, Internet, Kenya