1.1IntroductionAn information or records security framework isa series of documented processes that are used to define policies andprocedures around the implementation and ongoing management of informationsecurity controls in an enterprise environment (Joseph Granneman). The mainobjectives of security are Confidentiality (to protectsensitive information from unauthorized disclosure), Integrity (promote Accuracy, completeness, consistency andtimeliness of data); and Availability(Safeguard necessary resources and associated capability) (Education Bureau at (852)3698 3608, 2007) this is at time regarded to as CIA. Like in any otherOraganisations, CIA is equally Important for academic Institutions, they admit students on a year basis and get funding from the students’fees, stakeholders and government as a result they end up with large volumes ofphysical and electronic data that are of high importance and as such need to beextremely protected. The institutions are expected to retain and preservedocuments as a record of their operations, However, if these records are notmanaged properly, they could loss the information or fail to provide thenecessary information when needed which compromises availability.
To provide anefficient and effective administration that ensures that institutions run assmoothly as possible, there should be proper management of records.International Organization for Standardization (ISO) 15489 (2001) explainsrecords management as the field of management responsible for the efficient andsystematic control of the creation, receipt, maintenance, use and dispositionof records, including the processes for capturing and maintaining evidence ofan information about business activities and transactions in the form ofrecords. This has been made easy with introduction of information systems.
Theuse of electronic records is widespread in developed countries but is onlygradually displacing the use of paper records. Advocates ofelectronic information systems is on the high increase because they reducestorage space and automate operations. However, the transition from paper-basedto information systems in low- and middle-income countries pose some uniquechallenges for the confidentiality, availability and integrity of personal data.
So, information system security (ISS) policies andprocedures to preserve the CIA are a requirement for any organization thatcreates and stores data in information systems. ISS practices encompass of bothtechnical and non?technical issues for safeguarding organizationalassets from a variety of threats. (Zainab, 2011). Institutional asset may include computers,software, chairs desks, information and many more. Informationas one of these assets, should be safeguard because it’s what the institutionsdepends on to make decisions that affect their development.
For this to besuccessful, it is necessary to agree and apply policies and procedures topromote the effective management of Institutional records in all formats throughouttheir lifecycle, in order to provide accurate and reliable records of actionsand decisions and meet operational, legal and evidential requirementsIwhiwhu (2011) say that, Poor records management has caused serious impediments inseveral aspects of public sector in Africa. African countries are faced withseveral challenges in managingrecords,particularly electronic records. These border on technology obsolescence,inadequate trained personnel, policy formulation and implementation, etc.
Thesehave made the structure, content and context of records to be alteredindiscriminately. In addition, he says that there is absence of a culture ofrecords management, monitoring and evaluation, quality control, andverification and this is exactly the problem our institutions are facing. In Ghana, theproblem mostly arises where schools, colleges, universities and others have toallocate large office space to keep students’ files manually every year whenstudents are admitted (Bailey et al., 2011). Educational institutionsespecially the universities keep large volume of students’ data, they try tomake the records accurate, reliable and trustworthy to fulfill evidentialrequirements but they are not properly managed (Longe, 2001) may lead tosecurity threats occurring. Benson Yeung, (n.
d.) saysthatmost of the damage to records security is not from outside malicious attacks,but rather from simple mistakes, unintended or unauthorized actions oflegitimate users and IT engineers who are either untrained in security and/orwho misunderstood the instructions from the management. Gartner(June 6, 2016) predicts that by 2020, 60 percent of digital businesses will suffer majorservice failures due to the inability of IT security teams to manage digital risk.Inour institutions like any others in the globe create their Information, howeveremployees share responsibility of managing and securing records.
They createstudent Records that includes access to enrollment, finance, program actions,and transcript types (Oracle) where in most case employees will gain a routine unconsentedaccess to electronic records which compromises the data privacy (Anna’s, 2003),Records centers(repositories) have become the last resorts where some studentsattempt to redeem their academic self-efficacy and intellectual abilities, Bythis they try to influence records managers and lecturers to change their poorgrades including examinations scores and some vital recorded data for them ortry to hack the systems themselves for obvious reasons (MosesS.K. Azameti and Emmanuel Adjei, 2014). Inthe case of Virika School of Nursingand Midwifery all the records for both employees and students are kept in thesame office (place) which means that if someone needs information they will goto that place to get the information hence compromising confidentiality ofthese record. Also there is no electronic system meant to help in managingemployees records however there is an electronic system for managing student’srecords which has so many security loopholes that emanate from the way thesystem was designed. Sometimes the wrong records are stored in wrongplaces which raises the issues of integrity and it makes access difficult tothe records when needed. Also loop holes in the system have led to loss ofstudents’ records henceaffecting availability, others are overridden and mixed-up, this is an issue of integrity bleaching.
In addition, theschool has no security framework for managing academic records which explainsthe reason why it is faced with all these issues. Due to lack of procedures andpolicies to guide on how the records should be handled. To add on this there isno well-trained records personnel to manage the records as per the standards ofNIST, any person can access any information they need as long as theycan access the records office. Having realized that there is need to applypolicies and procedures to promote the effective management of the academicinformation in all formats throughout their lifecycle, the researcher and stockholderscame to a conclusion that a security framework to help in governance and accountability of managementof the academic information be set up in order to provide accurate andreliable records that meet operational, legal and evidential requirements whichwill give employees a chance to be able to easily access data from the systemswhile, at the same time, security of the records is ensured.