Abstract:
The increasing reliance on digital technologies in Ethiopian Higher Education Institutions (HEIs)
has introduced significant information security challenges, including data breaches, cyber threats,
and weak governance structures. Existing security risk management frameworks often fail to
address the unique vulnerabilities of HEIs in Ethiopia. This research develops a Comprehensive
Information Security Risk Management Framework (CISRMF) tailored to the selected
Ethiopian HEIs, integrating international best practices with local institutional needs. A mixed
methods approach was employed, involving surveys, interviews, and technical observations to
collect data from key stakeholders, including ICT and academic staff. Using a purposive sampling
technique, data was gathered from selected public universities to ensure diverse institutional
representation. The study identifies major security gaps, such as low cybersecurity awareness, lack
of formal policies, and insufficient risk mitigation strategies. The proposed CISRMF provides a
structured approach for risk identification, assessment, mitigation, and continuous monitoring,
enhancing HEIs' resilience against security threats. The framework was further validated by
domain experts to assess its effectiveness, usability, and adaptability to HEI environments. The
findings contribute to improving cybersecurity strategies in Ethiopian HEIs and offer actionable
recommendations for policymakers, administrators, and IT professionals. This study serves as a
foundation for future research on developing scalable and adaptable security frameworks for
academic institutions facing similar challenge
