dc.description.abstract | This project has developed a framework which is layered. The framework can be used by
any organization to rate their security "goodness" by being able to know what they have
been able to implement and what is lacking. All the layers are equally important, they
need to be secure This framework consists of nine layers and all the nine layers are not
physical but logical layers. Since information flow through a network from one computer
to another can be looked at as layered, flowing from the application layer to the physical
layer, security can also be implemented layer wise.
The security deals with more than the seven logical layers of information flow and
therefore two more layers have been incorporated. These are the User Administrative
layer and the security policy layer. The security policy guides the users on what they are
supposed to do and what not. The users interact with the application layer.
After developing the framework it was tested using several organizations. These
organizations are a representation of all the networked organizations.
The testing was done using questionnaires and the questionnaires are in three sets. One
set for the system administrator, another for members of staff and another for students.
The students and staff questionnaire was only used in educational institutions. For the
other organizations used only the system administrator questionnaire.
It will be easy for an organization to know if their network has a weakness and to know
also what to put to overcome the weakness. An organization can also compare its security
level in each layer and see what it has emphasized and what has been ignored. This will
also increase the awareness of the organizations to improve their security.
The framework has been used on several organizations and the analysis of the results
done and displayed in a presentation format
The results show security implementation varied from one organization to another, with
some organizations having keen interest in their network implementations and others not
very keen. In general private organizations were noted to be keener to protect their
networks. Other organizations kept a good average for each layer and therefore they
never performed very poorly in any of the layers neither extremely well in any of the
layers.
The results give evidence of some organizations, which really emphasized on some layers
forgetting others and this could be the source of their network security problems.
Generally speaking, layer six and seven were the most insecure with their security fulling
below 40%.
Layer three and eight were the most secure with their security about 75% | en |