Security considerations of e-learning in higher education institutions

Abstract

Learning management systems (LMSs) have become the central aspects of educational processes in modern universities. Arguments are that LMSs improve educational efficiencies including the processes of storage, retrieval and exchange of content without distance, space and time constraints. A trusted platform without undue intrusions however, determines the extent to which these benefits can be realized in higher education (HE) spaces. The underlying assumption in this thesis therefore, is that e-Learning systems would lose its value and integrity when the security aspects are ignored. Despite this logic, an overwhelming evidence security omissions and disruptions continue to threaten e-Learning processes at CPUT, with a risk of the actual usage of LMS in the institution. For this reason, this study sought to investigate the extent as well as causes of existing security threats, security awareness programmes and the in/effectiveness of security measures within CPUT. Within the qualitative interpretive research framework, the purposive sampling method was used to select participants. Semi-structured interviews were then used to collect primary data from administrators, technicians, academics and students in the IT and the Public Relations departments at CPUT. The activity theory (AT) was then used as the lens to understand the security aspect in e-Learning systems in the CPUT. From this theory, an analytical framework was developed. It presents holistic view of the security environment of e- Learning as an activity system composed of actors (stakeholders), educational goals, rules (in the form of policies, guidelines and procedures), activities, mediating factors, transformation, and outcomes. The tension between these components accounts for failures in e-Learning security practices, and ultimately in the e-Learning processes. Whilst security measures exist on the e-Learning platform, findings show a combination of the tools, processes and awareness measures to be inadequate and therefore inhibiting. Poor adherence to security guidelines in particular, is a major shortfall in this institution. To this end, a continuous review of network policy, clear and consolidated communication between stakeholders as well as emphasis on the enforcement of security compliance by users across all departments is therefore recommended. Frequent security awareness and training programmes for all LMS users must also be prioritized in this institution.