INFORMATION SECURITY STRATEGY AND ADMINISTRATIVE RISK MANAGEMENT IN TERTIARY INSTITUTIONS IN RIVERS STATE, NIGERIA

Abstract

This study examined information security strategy and administrative risk management in tertiary institutions in Rivers State, Nigeria. Anchored on the Information Security Management (ISM) Theory and the Enterprise Risk Management (ERM) Framework, the study adopted a correlational survey research design. The predictor variable, information security strategy, was operationalized along two dimensions: cybersecurity policy implementation and data access control mechanisms. The criterion variable, administrative risk management, was measured by risk identification efficiency and risk mitigation effectiveness. The population comprised 428 administrative officers drawn from five selected public tertiary institutions in Rivers State, from which a sample of 204 respondents was determined using Taro Yamane’s formula and selected through stratified random sampling. A structured questionnaire with a Cronbach alpha reliability coefficient of 0.87 was employed for data collection. Pearson’s Product Moment Correlation Coefficient and simple linear regression, at 0.05 level of significance, were used to test the null hypotheses. Results revealed that information security strategy had a significant positive relationship with risk identification efficiency (r = .641, p < .05) and risk mitigation effectiveness (r = .618, p < .05). The study concludes that information security strategy is a significant positive predictor of administrative risk management outcomes in tertiary institutions in Rivers State, Nigeria. It was recommended that tertiary institutions should institutionalise comprehensive cybersecurity policies and strengthen data access control protocols to enhance their administrative risk management capacity.