| dc.description.abstract | Automated systems are crucial for organizations to maintain records and transactions
effectively. Universities have increasingly adopted Enterprise Resource Planning (ERP)
systems, a software that provides integrated management of processes and transactions in real-time. ERP systems contain lots of information and are accessed by multiple users,
commonly through usernames and password authentication mechanisms. However, there
have been security and privacy concerns about ERP systems’ security, where only the
traditional authentication method of a username and password is commonly used.
Passwords have weaknesses that can be easily compromised. Thus, this research aimed at
establishing authentication methods used for ERPs in chartered Kenyan Universities and
their vulnerabilities. The study further aimed at developing and validating a multi-factor
authentication prototype to improve ERP systems security. Multi-factor authentication
which combines several authentication factors such as something the user has, knows, or
is, is a new state-of-the-art technology that is being adopted to strengthen systems’
authentication security. This research used an exploratory sequential design and a survey
for chartered Kenyan Universities. Data collection was done through document analysis,
issuing questionnaires online to the universities’ system administrators to establish ERP
authentication methods and vulnerabilities. The questionnaires were validated by carrying
out a pre-study that assessed whether the required data was captured and helped identify
areas of improvement. The data collected was analyzed using descriptive statistics,
correlation and regression, whose outcome was used as input for the development of a
multi-factor authentication prototype. The key vulnerabilities established from the survey
were password guessing, password reuse and social engineering hence the proposed multifactor authentication prototype to counter them. The independent variable factors found to
have a positive significant relationship with ERP systems security according to the
correlation were; attack tolerance, level of user training and ICT Security policy. The
regression analysis model revealed that user training was the most significant variable on
improved ERP systems security. This research hence proposed and developed a multifactor authentication prototype factoring in these variables, to contribute towards the
improvement of security of ERP systems for universities in Kenya. The final outcome of
the research was a multi-factor authentication prototype combining passwords and
biometric authentication, that requires to be coupled with effective user training and
enforcement of ICT security policies, to improve ERP systems security for Kenyan
universities. As a recommendation for further research, alternative biometric
authentication methods, integration of authentication applications and addressing other
systems security issues can be explored to further improve ERP systems security. | en_US |
