Regardless of the industry that an institution may operate in, it must have reliable security measures to ensure that its data, systems, as well as the information that it relies on, is not compromised. Learning institutions are one of the few institutions that have multiple security threats. In order to ensure that learning institutions secure their assets and operations, schools employ the use of security architecture that includes responsive controls, preventive controls, and detective controls.

The study looks at the security threats that higher learning institutions face as well as explains how schools face and deal with the security threats. There are four security threats that are identified in the paper that face learning institutions. The threats include, fraud, data loss and compromise and the disruption of the functions and services of critical infrastructure. The identified threats as well as represent the different security architectures that learning institutions employ in their bid to ensure that security prevails.

Chapter I: Introduction and Background

Most of the times when people hear the word cyber security they look at measures that can secure a building, a premise, property or even a person from physical harm, damage or even theft from external parties (Bertino, 2016). To an extent, what most people understand about cyber security is true; cyber security is all about security from physical activities that may lead to loss or damage. Unfortunately, cyber security is often overlooked in comparison to technical security. Many organizations and institutions all over the world spend a lot of resources to ensure that their operating systems are protected from malware and hacks, on the other hand, they spend very little in terms of cyber security (Tuor et al., 2017). The biggest downside of doing the above is that the relevance of cyber security is ignored or overlooked.

Cyber security is big on three main things; surveillance, access control, and testing. It is primary concerned with the placing of obstacles in the paths of criminals, burglars or malicious people to prevent them from carrying out malicious activities or errors that may lead to the loss of property, networks or even lives. Due to the focus on the three main items that cyber security is big on, there is one thing that is often overlooked or ignored and unfortunately, it might be the biggest threat to cyber security. That is insider threat. Insider threat is the single and biggest threat to an organization yet very little is done to address the threat (Agrafiotis et al., 2015). There is very little research compared to the impact of the threat. To make it worse, The Internet of Things (TIOT) is making it harder for the implementation of cyber security as it introduces elements of technical security in cyber security.

The success of the majority if not all institutions and firms is significantly dependent on the security measures employed by firms. Regardless of the industry that an institution may operate, it must have reliable security measures to ensure that its operations as well as the information that it relies on, is not compromised. Security is divided into mainly cyber security and network security. Bearing the above in mind, there are three types of security controls and they include; responsive controls, preventive controls, and detective controls. In order for organizations to make the claim that they have reliable security, they have to have a solid security architecture. The architecture details the infrastructure in use to enforce security measures as well as the actions in place to ensure that security prevails. By going through a typical learning institution security architecture it will be possible for security to be defined as well as explained considering that schools are one of the institutions that emphasize both physical and network security.

The research team responsible for carrying out the study believes that if insider threat is dealt with that most of the issues if not all the issues that affect cyber security will be dealt with. The above belief forms the foundation of the research as the research team will seek to confirm or dispel the notion that if the insider threat is dealt with that most security concerns as regards cyber security will be dealt with.

Learning institutions have been in existence for a long time in informal and formal settings. There are different types of learning institutions. There are elementary schools, high schools, and higher education institutions among other types of schools. Learning institutions offer learners opportunities to increase their knowledge as well as acquire skill sets that are valuable in life. For educators and other individuals that work in schools, schools offer them employment opportunity. In their operations, learning institutions rely on personal and identification data as part of their operations. Additionally, learning institutions more so, higher learning institutions rely on learning management systems to administer education. In the last decades, learning institutions have been targeted by cyber-criminals for terrorism, data breaches and other related crimes. By identifying how cyber criminals target learning institutions, primarily, higher learning institutions it is possible to formulate mechanisms of countering cyber-crimes targeting them.

Due to the nature of the education sector as well as the functions of schools, learning institutions have many security threats. There are four main security threats that learning institutions face. The first threat is the employees leaking information or making their institutions susceptible to cybercrime.

The second type of threat is fraud. Fraud in most cases happens through insider threats; Learning institution employees and suppliers make it possible for fraud to happen. Another way in which fraud happens is through cyber-attacks. Cybercriminals attack network vulnerabilities to access information of learning systems and through that, they can cause fraudulent attacks. The fraud security threat compromises both physical and network security. The compromise of cyber security happens when the insider threat is in play whereas the compromise of network security happens when cyber-attacks are in play.

The third security threat in learning institutions is the disruption of critical infrastructure. For the majority of learning institutions, their network, databases, servers, and system are classified as critical infrastructure. The disruption of the above-mentioned infrastructures for whatever reasons can hamper the operations of a learning institution. The disruption of critical infrastructure leads to the institutions not performing their functions. The disruption of critical infrastructure affects both physical and network security.

The fourth security threat for learning institutions is information loss or disclosure. Learning institutions rely entirely on the information that they have to offer services. As it stands learning institutions are always at the risk of collected information being compromised by either employee or by cybercriminals. It is for that reason that learning institutions invest heavily in securing their databases and their servers as they are the doors to the information stored such as student personal and identification records, security details of an institution as well as their learning management system.

There are three main goals of a school’s security architecture. The goals are the same as the three main security controls earlier mentioned and there are also the goals of the project. The first goal of a school’s security architecture is preventing security breaches; that is both physical and network security breaches. Security architecture details the infrastructure as well as the security measures in place to prevent data loss, fraud, and the disruption of critical infrastructure amongst other things. By having security architecture, a school’s security system protects its assets as well as resources from being compromised (Gomber et al., 2018).

The second goal of a school’s security architecture is detecting security breaches. According to Kaipainen (2017), in cases where a school is unable to prevent a security breach for whatever reason, the school should have a detection system in order to stop the ongoing compromise and also reduce the attack surface of a security breach. Security architecture details a reliable framework for detecting security breaches. By having the ability to detect security breaches, schools can secure themselves from data loss, money loss, reputation loss as well as save their critical infrastructure from destruction.

The last goal of a school’s security architecture is to offer a response to a security breach. It is critically important that if a school is not able to prevent a breach that it offers a response to the breach. In most cases, a response involves countering the security breach. Security architecture provides a framework or a guideline of ensuring that schools have a response should they face a data breach or should the services and functions of their critical infrastructures be disrupted.

Immemorial fraud continues being a burning issue in human society (Cole, 2015). The insider threat is a form of fraud and this is because insiders that are perceived as threat deceive their employers and their colleagues with the aim of gaining from a security lapse. Most of the times insiders that help in breaching of security controls are promised of good returns if they do (Liu et al., 2018). The need to do deter insiders from helping other people break security protocols is what has led to this study. Many organizations have suffered from the malicious or erroneous activities of their employees that have exposed them to security risks. Organizations will suffer from the malicious or erroneous activities of their employees as the activities will expose them to security risks unless the insider threat is effectively dealt with (Eberz et al., 2015).

The insider threat is not only an issue that affects the organization, institutions, and corporations, but it is as well a societal issue as it encourages deception (Bunn & Sagan, 2017). Coming up with solutions to effectively deal with insider threats will in extension help in coming up with ways to deal or mitigate deception at the society and community level. The insider threat is a burning issue considering that it is people that have been granted rights, access, and privileges that help criminals to breach security protocols (Walton, 2016). It is also a burning issue since it is insiders or people who are trusted that breach security protocols and through that expose organizations and institutions to unnecessary risks (Gheyas & Abdallah, 2016).

Since it is already established that insiders or employees or suppliers are the biggest security concern in cyber security, there is a need to find effective ways to deal with them or mitigate their effects (Collins, 2016). There is a strong belief that if solutions that effectively deal or hamper insiders from aiding or breaking security protocols and controls are identified then it is most likely that cyber security will be more guaranteed in the world (Sanzgiri & Dasgupta, 2016). This research has three main purposes. The first purpose is to identify how the insider threat can be mitigated or done away with the intention of improving not only cyber security but all types of security including technical security.

The second purpose of the study is to confirm or dispel the belief that insider threat is the single biggest challenge that hampers cybersecurity. Through the made confirmation, industry stakeholders or players will be better informed to make better decisions as concerns cybersecurity. If the confirmation confirms that insider threat is the single biggest challenge that hampers cybersecurity, players in the security sector will concentrate on the insider threat and through that solution to the threat will be realized (Hu et al., 2015). On the other hand, if the confirmation dispels that insider threat is the single biggest challenge that hampers cybersecurity, players and stakeholders in the security sector will know how best to divide their attention on the known security threats as opposed to concentrating on the insider threat. The third purpose of the study will be to educate employees, suppliers or basically any individual who has the potential to be categorized as an insider threat. Through educating potential insider threats people will be better placed to avoid becoming actual insider threats (Punithavathani, Sujatha & Jain, 2015: Williams et al., 2018).

The research question is aligned with the problem statement and the purpose of the research (Graue, 2015). The research is primarily interested in knowing whether indeed insider threat is the single biggest challenge to cyber security. In addition, the research is also interested in knowing how insider threat can be effectively dealt with or mitigated. Furthermore, the research is also interested in establishing whether the dealing with or mitigating of insider threats can significantly improve cyber security based on the belief that insider threat is the biggest security challenge for not only cyber security but also cybersecurity. The primary purpose of the research is to formulate policies and measures of effectively dealing with cyber security concerns to answer the following questions:

1. How do higher education learning institutions mitigate cyber security threats?

2. What are the measures that can be put in place to effectively deal with the insider threat in order to bring significant changes in cyber security?

The above-identified research question will make two things possible. The first thing is the identification of measures or controls that can be implemented or adapted to deal with or mitigate the insider threat. The second thing is the confirmation of whether dealing with insider threats is the key to having cyber security.

The study on insider threats on cyber security and general cybersecurity is bound to contribute significantly to the world. Insecurity causes corporations, organizations, and institutions all over the world to lose a lot of resources (Fontana &Prokos, 2016). By studying insider threats through this research, the world more so the corporate world will be better placed to protect itself from insider threats. Concentrating on the learning of insider threats and their implications will lead to the development of security protocols that not only enhance cyber security but enhance generally all sectors of security. The insider threat is a threat that faces companies not only in America but also in other nations of the world therefore finding a solution for insider threats not only sorts the US but it also sorts the world; it helps to do away or mitigate a global issue (Aldawood & Skinner, 2018).

The study promises value addition as well as the eradication of problems affecting computer science. IT experts more so those who are interested in ensuring that IT security prevails have for a long time been troubled with how to handle or deal with insider threats. This research will lighten the weight on the shoulders of IT experts and this is because the findings of the research will help security experts in the IT field gain several steps in terms of the fight against cyber security issues (Eriksson & Kovalainen, 2015). Regardless of the results of the study, IT security experts will gain much from the research. They will know whether insider threat is a threat that can be done away with or if insider threat is a threat that is there to stay and that it can only be mitigated.

There are several beneficiaries of this research. Top on the list of the beneficiaries is the academic field. The findings of the study will enable the field of IT security and cyber security to grow. There will be more information for future scholars than there is currently on the topics of insider threats, cyber security, and cybercrime. The society is the second beneficiary of the research. As earlier mentioned, fraud and in extension insider dealings are societal issues in that they are vices that seem to be holding back the society. By identifying solutions to insider dealings and insider threats, solutions to a social vice are also identified. The profession of cybersecurity is the third beneficiary as the field will acquire more information on a major threat (Dumay et al., 2016). In general, this research will provide insight into the field of cyber security and through the study, better security controls and policies will be formulated. The policies will not only benefit the security sector but the policies will also benefit the world.

This first chapter outlined the purpose of the study, its benefits as well as the study’s implications. In chapter two, I will provide an analysis of the current literature on the topic. In chapter three, I outline the methods and procedures to be conducted as I answer my research questions. The methodology focuses on case study.

There are several terms that will be used in the study and they include:

1. Insider Threat– security threats as a result of employee, supplier or any person with authority from an institution.

2. Cyber Security– are processed in place to protect people, property, and facilities from harm or damage.

3. Technical Security– is security geared at protecting technology from security risks.

4. Cybersecurity– the process of protecting networks and related infrastructure from cyber-attacks (Garrard, 2016).

5. Cyber-Crime– are crimes committed involving a network or computer.

6. Security Policies– are written documents that detail how to protect an organization or institution from security risk.

7. Information Technology (IT)- refers to the reliance of computers and information in the context of business.

8. Rights– refers to the permissions granted to an employee.

9. Privilege– refers to the permissions granted to an employee.

10. Access– refers to the systems and areas employees are authorized to use or visit.

11. System– refers to a set of functions running together under one unit.

12. Threat Management– refers to the assessing and controlling of risk in cyber security.

13. Risk Assessment– refers to the analysis of risk with the aim of classifying the risk

14. Insider Risk– refers to security risks that may are associated with having employees, supplier or any individual with access, rights or privileges of an organization or institution.

The literature review is based on articles and research reporting done in the last ten years. The literature review will be done on online academic databases. The databases used include Ebscohost, google scholar among other databases. The review focuses on how Bring your own devices protocols can be exploited by insiders to expose institutions to cyber security concerns.

In order to get a hint of why the research team states that the insider threat is the biggest threat to cyber security and why dealing with insider threat significantly does away with most security concerns, it is proper to understand how insiders can lead to insecurity. For example, a lapse in closing up or properly securing an entrance as expected whether intentional or not can lead to theft which can destabilize a company (Fennelly, 2016). The stealing of company property such as laptops by employees simply by the fact that they have access to a floor is a security breach that can cost a company bearing in mind the amount and type of data that can be housed in a laptop (Mavroeidis, Vishi & Jøsang, 2018).

The introduction of devices that can copy data such as flash disks and other external devices to computers in a secured network is another example of how insiders can bring lapses in security (Eggenschwiler, Agrafiotis & Nurse, 2016). There are many incidences in which company employees have granted access to hackers by simply connecting external devices that act as doors or access points (Ali & Awad, 2018). There are similarly many incidences in which company employees have stolen important data from their employers using their mobile phones and external hard drives (DiMase et al., 2015).

The above crimes and security issues have been possible simply because employees misused or abused the rights and access granted to them by their employers (Sarma et al., 2017). There are countless times that we have heard that schools have robbed simply because of the information shared by some employees with school robbers (Mylrea et al., 2018). Employees share information that is crucial in terms of bypassing security protocols due to the fact that employees are privy to such information or have access to such information easily.

From the little research that is available on the research topic, many researchers have alluded to that there needs to be further research on the insider threat and how to effectively deal with it (Wang, Gupta & Rao, 2015). According to Denis Smith, insider threats are borne from lapses from senior managers. Denis carried out a study which helped reveal that senior managers and not executive managers create conditions in which cyber security can fail through poor decision making, erosion of controls and the creation of cultures that lead to failures in cyber security. Senior managers hold the biggest responsibility as far as implementation of security policies in organizations is concerned and it is for that reason that their lapses can lead to major breaches in cyber security (Fischbacher-Smith, 2015). If senior managers can better their interactions with junior employees in organizations, the insider threat will be significantly dealt with (Deng, Mahadevan & Zhou, 2015).

Five researchers from Europe carried out a study on the insider threat and they identified insider threat as the most difficult cyber-security issue to deal with because it poses a threat to cyber security and technical security. The five researchers in their publication offer insight in how incidents that involve insiders can be classified, how insider threats can be detected early in advance before they become a reality, how already in place working and reliable frameworks of dealing with insider threats can be replicated to ensure security prevails and how to identify trends as relates to insider threats. The researchers argue that the majority if not all cyber-crimes happen or are possible due to insider help (Homoliak et al., 2019: Harilal et al., 2018). The researchers believe that if insider threat is dealt with that most security concerns will be dealt with.

Based from the explanation of how insider threats are a concern for cyber security and the review of previous research on the research topic, it is evident that there needs to be further research on insider threat and cyber security. The below study will look to explain how the proper dealing of insider threat can lead to enhanced cyber security. The study will concentrate on finding as much information as possible on how mitigating insider threat can lead to better cyber security. The below study topic is of importance as it promises to provide a solution to the menacing issues affecting cyber security. The fact that insider threat has been identified as the most challenging threat in cyber and cyber security alludes to that if solutions of dealing with insider threats are identified then the world would have proper and reliable solutions for cyber security.

There are five values that access management brings to an organization. Top on the list is that it helps in reducing data entry errors due to the use of important services by unskilled or unqualified users. The second value is that access management provides the capabilities to revoke user rights on a timely basis which is important more so during security considerations.

The third value is that access management allows or ensures that employees or users have the right access levels to perform or execute their duties. The fourth reason is that access management enables organizations and institutions to maintain data and information confidentiality. The last value is that access management grants organizations the ability to audit and track how their systems are used. This is particularly important for tracing the abuse or rights and privileges.

There are five main types of access controls for devices. The first type is the Mandatory Access Control(MAC) which is often used by the institution that deals with highly sensitive information such as the military and the government. For mobile devices that are under mandatory access control policy most services or systems that can be accessed via the handset are under the full control of the central authority which might be the IT unit of the institution.

The second type of access control that is used on devices is the discretionary access control(DAC). The policy that guides DAC enable administrators to limit the propagation of access rights. Unlike MAC, DAC does not have centralized control and it is for that reason is the worst access control management policy that can be used for mobile devices as far as curtailing insider threat in learning institution is concerned. The third type is the role based access control(RBAC). The above control restricts the rights a user has; It helps in restricting the access to resources that a user might have. Organizations that use RBAC policies in controlling BOYD devices limit the functions of users when accessing an institutions network or systems.

The fourth type of access control that is used in devices is role-based access control. In this type of access, the administrator determines the resources that can be accessed and for how long and during what time; the accessing of service is pegged on rules and policies of an organisation or institution. Most of the time the rule-based access control is used to complement the role-based access control. An example of an Institution or organization that uses rule-based control is a school. Schools have operating hours and it is because of that reason that they have restrictions on the time that employees can access their systems or resources.

The last type of access control used on devices is the attribute-based access control (ABAC). The above control policies for devices access rights by evaluating the relationships, policies, and rules that dictate systems, users as well as the environmental conditions (Hu et al., 2015). The above control is used by the military and institutions that rely on sensitive data such as power plant. In most cases, an organization’s resources and network can only be accessed when the devices are within a specified range; the range is specified by the system administrators.

Bill Murrow conducted a study in 2012 to access the security implication of allowing BYOD. Bill noted that in his study that there were several trends that were impacting an institutions ability to secure and control the use and sharing of sensitive corporate data. The first trend that he identified to be causing trouble for system administrators was the use of software as a service. This was because the ser