A conceptual framework for assessing information security management practices in selected universities in Uganda

Abstract

The purpose of this paper is to present a conceptual framework for assessing managerial level information security practices, governance, and activities in selected university institutions in Uganda. Extant literature was drawn from existing information security management practices in different organizations. The proposed conceptual framework consisted of four manageable areas, namely, information security governance practices, information security practices, personnel management practices, and physical security practices. These areas are further subdivided into 25 categories that provide a formal checklist for assessing existing information security management practices in university institutions in Uganda.