Published Paper Details:

In many institutions, information system is essential for ensuring efficiency in operations and accountability in financial operations. Access limitations into information communication systems - ICT in organizations has been found in various studies to contribute immensely to management of information systems security. Nonetheless, studies focusing on prominence of access control components in university and their levels of implementation in universities are still insufficient. This study was conducted in universities in Kenya, with the main objective of investigating the levels of implementation of key aspects of access control. Smiths sampling formula was employed to get a sample of 91 respondents. Questionnaires were used for data collection from staff members who were mainly section heads of user departments and information systems administrators. The data analysis produced statistical values needed to address the main objective. Results showed that while some features of access control are fairly implemented within universities in Kenya, many features are inadequately adopted. Therefore, it is recommended that universities fully implement access control measures for better security of information systems in universities. The study also recommends that information systems security policies should include key features of access control.