1.1 unauthorized disclosure), Integrity (promote Accuracy, completeness, consistency


An information or records security framework is
a series of documented processes that are used to define policies and
procedures around the implementation and ongoing management of information
security controls in an enterprise environment (Joseph Granneman). The main
objectives of security are Confidentiality (to protect
sensitive information from unauthorized disclosure), Integrity (promote Accuracy, completeness, consistency and
timeliness of data); and Availability
(Safeguard necessary resources and associated capability) (Education Bureau at (852)
3698 3608, 2007) this is at time regarded to as CIA. Like in any other
Oraganisations, CIA is equally Important for academic Institutions, they admit students on a year basis and get funding from the students’
fees, stakeholders and government as a result they end up with large volumes of
physical and electronic data that are of high importance and as such need to be
extremely protected. The institutions are expected to retain and preserve
documents as a record of their operations, However, if these records are not
managed properly, they could loss the information or fail to provide the
necessary information when needed which compromises availability. To provide an
efficient and effective administration that ensures that institutions run as
smoothly as possible, there should be proper management of records.
International Organization for Standardization (ISO) 15489 (2001) explains
records management as the field of management responsible for the efficient and
systematic control of the creation, receipt, maintenance, use and disposition
of records, including the processes for capturing and maintaining evidence of
an information about business activities and transactions in the form of
records. This has been made easy with introduction of information systems. The
use of electronic records is widespread in developed countries but is only
gradually displacing the use of paper records. Advocates of
electronic information systems is on the high increase because they reduce
storage space and automate operations. However, the transition from paper-based
to information systems in low- and middle-income countries pose some unique
challenges for the confidentiality, availability and integrity of personal data.  So, information system security (ISS) policies and
procedures to preserve the CIA are a requirement for any organization that
creates and stores data in information systems. ISS practices encompass of both
technical and non?technical issues for safeguarding organizational
assets from a variety of threats. (Zainab, 2011).

We Will Write a Custom Essay Specifically
For You For Only $13.90/page!

order now

Institutional asset may include computers,
software, chairs desks, information and many more. Information
as one of these assets, should be safeguard because it’s what the institutions
depends on to make decisions that affect their development. For this to be
successful, it is necessary to agree and apply policies and procedures to
promote the effective management of Institutional records in all formats throughout
their lifecycle, in order to provide accurate and reliable records of actions
and decisions and meet operational, legal and evidential requirements

Iwhiwhu (2011) say that, Poor records management has caused serious impediments in
several aspects of public sector in Africa. African countries are faced with
several challenges in managing

particularly electronic records. These border on technology obsolescence,
inadequate trained personnel, policy formulation and implementation, etc. These
have made the structure, content and context of records to be altered
indiscriminately. In addition, he says that there is absence of a culture of
records management, monitoring and evaluation, quality control, and
verification and this is exactly the problem our institutions are facing.

In Ghana, the
problem mostly arises where schools, colleges, universities and others have to
allocate large office space to keep students’ files manually every year when
students are admitted (Bailey et al., 2011). Educational institutions
especially the universities keep large volume of students’ data, they try to
make the records accurate, reliable and trustworthy to fulfill evidential
requirements but they are not properly managed (Longe, 2001) may lead to
security threats occurring.

Benson Yeung, (n.d.) says
most of the damage to records security is not from outside malicious attacks,
but rather from simple mistakes, unintended or unauthorized actions of
legitimate users and IT engineers who are either untrained in security and/or
who misunderstood the instructions from the management. Gartner
(June 6, 2016) predicts that by 2020, 60 percent of digital businesses will suffer major
service failures due to the inability of IT security teams to manage digital risk.

our institutions like any others in the globe create their Information, however
employees share responsibility of managing and securing records. They create
student Records that includes access to enrollment, finance, program actions,
and transcript types (Oracle) where in most case employees will gain a routine unconsented
access to electronic records which compromises the data privacy (Anna’s, 2003),
Records centers(repositories) have become the last resorts where some students
attempt to redeem their academic self-efficacy and intellectual abilities, By
this they try to influence records managers and lecturers to change their poor
grades including examinations scores and some vital recorded data for them or
try to hack the systems themselves for obvious reasons  (Moses
S.K. Azameti and Emmanuel Adjei, 2014).

the case of Virika School of Nursing
and Midwifery all the records for both employees and students are kept in the
same office (place) which means that if someone needs information they will go
to that place to get the information hence compromising confidentiality of
these record. Also there is no electronic system meant to help in managing
employees records however there is an electronic system for managing student’s
records which has so many security loopholes that emanate from the way the
system was designed. Sometimes the wrong records are stored in wrong
places which raises the issues of integrity and it makes access difficult to
the records when needed. Also loop holes in the system have led to loss of
students’ records hence
affecting availability, others are overridden and mixed-up, this is an issue of integrity bleaching. In addition, the
school has no security framework for managing academic records which explains
the reason why it is faced with all these issues. Due to lack of procedures and
policies to guide on how the records should be handled. To add on this there is
no well-trained records personnel to manage the records as per the standards of
NIST, any person can access any information they need as long as they
can access the records office.

Having realized that there is need to apply
policies and procedures to promote the effective management of the academic
information in all formats throughout their lifecycle, the researcher and stockholders
came to a conclusion that a security framework to help in governance and accountability of management
of the academic information be set up in order to provide accurate and
reliable records that meet operational, legal and evidential requirements which
will give employees a chance to be able to easily access data from the systems
while, at the same time, security of the records is ensured.