An Exploratory Study on Information Security Vulnerabilities in Higher Education: Case of University of Vocational Technology, Sri Lanka

The study investigates the University of Vocational Technology’s Information System’s (IS) security vulnerabilities. Aim of the study is to investigate general system security vulnerabilities, staff opinion on potential vulnerabilities of the system in relation to the CIA Triad and to identify measures to address vulnerability issues. Multiple data collection methods, such as questionnaire, observation, and focus group discussion, are used in case-study approach. According to the findings, hardware and software vulnerabilities indicated the highest possible occurrence (22%) and the occurrence of emanation vulnerabilities indicated the least (2 %) under identified general vulnerabilities. Findings of staff opinion on the IS security implemented in the University information system in terms of CIA triad, revealed that, majority were dissatisfied with the confidentiality, integrity and availability factors Hence, overall IS security satisfaction among university staff was found to be inadequate. According to the results of the observations and focus group discussions the University of Vocational Technology’s information system was discovered to be highly vulnerable. The system performed poorly in all aspects of the CIA Triad, indicating that the system’s overall vulnerability is high. A number of recommendations are made based on focus group discussions to mitigate IS security vulnerabilities in the studied environment. The major recommendations are, improve information security awareness of staff, develop operator guidelines and develop and implement a successful vulnerability management programme for the University. Further, the study’s findings add to the body of knowledge of empirical studies relevant to the CIA Triad.