Assessment Of Information Security Maturity Level On Ethiopian Public Universities

No Thumbnail Available



Journal Title

Journal ISSN

Volume Title


Addis Ababa University


Information security has become one of the most important and challenging issues facing today's organizations including universities. This study attempts to assess the current maturity level of information security management practice in Ethiopian public universities. It investigates the current maturity level of information security implementation in Ethiopian public universities and analyze the gap to give recommendations for future improvements. The study used Qualitative and Quantitative methods (A mixed method) to meet the research objectives set out. Data was collected from the selected 10 sample universities through Questionnaire and interview as primary data source besides to the analysis of written documents which is used as a secondary data Sources. This research answers the following research questions: What is the current maturity level of information security implementation in Ethiopian public universities sector? What are the uppermost and lowermost maturity scored information security controls in Ethiopian public universities? How could potential improvements in information security be achieved in Ethiopian public universities? The study findings indicate that the information security control environment in public universities is insufficient. From the analysis conducted which is based on the SSE-CMM maturity model assessment criteria range from level 0 (none) to level 5 (optimistic), the results showed that the maturity level of information security in Ethiopian public universities is 2.16, which means the level of security is at level 2 (repeatable but intuitive). This referee to the institutions have a pattern that is repeatedly performed in conducting activities related to the management of information technology governance, but its existence has not been well defined and that is still happening formal inconsistency. The research helps to improve the current understanding of information security issues and supports the applicability of information security management as a strategically important function for Ethiopian public universities. Also, universities can utilize the research result to structure their information security management system.



Ethiopian Public Universities