Assessment of the Effectiveness of Non-Technical Approach to Cyber Security Management for Kenya Ministry of Lands and Physical Planning Nlims System.

Abstract

Cyber security threats and vulnerabilities are influenced by human behavior, making them complex systems. The conventional reductionist approach to managing technical aspects of cyber security is limited, as it cannot predict the non-technical aspects of cyber security. The complexity approach, however, offers a robust and effective way to predict social aspects of cyber security. This study aims to assess the effectiveness of the Ministry of Land's approach to non-technical cyber threats and vulnerabilities. Current studies focus predominantly on the technical aspect cyber security and less on social aspect of cyber security at the detriment of the social side so does the setup and implementation of information security system. In aggregate system that focus on the technical side are weak on the social aspect and predisposed to social-engineering attack, Data will be collected through face-to-face interviews with Ministry of land staff linked to the NLIMS system in Nairobi. The findings indicate that at least 70% of staff lack knowledge of social engineering attacks, their conduct, and skills to prevent or stop them. Lower-rank staff access information they are not authorized to access through the workstation resource sharing policy. The study reveals that KMLPP's non-technical approach to cyber security is ineffective in protecting sensitive information and preventing staff from accessing sensitive data through dumb star diving. It also highlights the vulnerability of lower-rank staff to shoulder surfing and workstation privacy exploits. The study proposes a socio-technical cybernetic enterprise model, which focuses on staff relationships and restricts information access without appropriate privileges, ensuring a more secure environment for NLIMS.