DEVELOPING A COMPREHENSIVE INFORMATION SECURITY RISK MANAGEMENT FRAMEWORK FOR SELECTED ETHIOPIAN HIGER EDUCATION INSTITUTIONS

Abstract

The increasing reliance on digital technologies in Ethiopian Higher Education Institutions (HEIs) has introduced significant information security challenges, including data breaches, cyber threats, and weak governance structures. Existing security risk management frameworks often fail to address the unique vulnerabilities of HEIs in Ethiopia. This research develops a Comprehensive Information Security Risk Management Framework (CISRMF) tailored to the selected Ethiopian HEIs, integrating international best practices with local institutional needs. A mixed methods approach was employed, involving surveys, interviews, and technical observations to collect data from key stakeholders, including ICT and academic staff. Using a purposive sampling technique, data was gathered from selected public universities to ensure diverse institutional representation. The study identifies major security gaps, such as low cybersecurity awareness, lack of formal policies, and insufficient risk mitigation strategies. The proposed CISRMF provides a structured approach for risk identification, assessment, mitigation, and continuous monitoring, enhancing HEIs' resilience against security threats. The framework was further validated by domain experts to assess its effectiveness, usability, and adaptability to HEI environments. The findings contribute to improving cybersecurity strategies in Ethiopian HEIs and offer actionable recommendations for policymakers, administrators, and IT professionals. This study serves as a foundation for future research on developing scalable and adaptable security frameworks for academic institutions facing similar challenge