MSIT Theses and Dissertations (2010)

Permanent URI for this collection

http://hdl.handle.net/11071/1446

Browse

Browsing MSIT Theses and Dissertations (2010) by Issue Date

Filter results by year or month
Now showing 1 - 13 of 13
  • Thumbnail Image
    Item
    A crowdsourcing model for continual collaboration between companies and their consumers
    (Strathmore University, 2010) Mwangi, Anthony
    Crowdsourcing is a business model in which a given task is resolved or resources are accumulated from a large, diverse group of otherwise unrelated persons, often over the Internet, and normally for an incentive that is not necessarily monetary. Several models have been proposed and platforms developed, but most are faced by two key challenges. First, the resource investment required to develop and maintain enterprise-owned platforms often outweighs the benefits to be accrued for many organizations, and secondly, most outsourced crowdsourcing platforms fail to actively foster continual collaboration between the company and its consumers. The research studies the crowdsourcing models currently applied globally. This was achieved by randomly selecting crowdsourcing platforms and projects and categorizing them into identified models. These models were then compared for their support of collaboration based on criteria determined in this study as required by the research design selected – descriptive comparative research design. The factors supporting collaboration were then identified and used to design a model specifically designed to support continual collaboration between companies and their consumers. Community-based crowdsourcing models such as collective collaboration and crowd funding displayed the highest levels of collaboration. The resultant model proposes that the maintenance of the community and developing the tools be separated from the actual undertaking of crowdsourcing activities. This allows companies to continually collaborate with their consumers at a significantly reduced cost due to the economies of scale. In addition to the proposed model, other results of the research include criteria of collecting and comparing data on support a crowdsourcing platform provides for collaboration, and a refinement of the models usable for classifying crowdsourcing projects and platforms.
  • Thumbnail Image
    Item
    A Framework to secure information and information technology assets in government a case study of ministry of education, Kenya
    (Strathmore University, 2010) Sang, Barnabas
    Insecurity of information and Information Technology (IT) assets in public sector needs urgent attention. As observed in this study, there is no strategy to guide Ministries and Government Departments secure information and IT assets despite increasing demand to have data and information accessible online. This dissertation therefore proposes a framework that will help public institutions including Ministries and Government Departments setup comprehensive Information Technology (IT) security strategies to secure information and IT assets thus ensuring integrity and availability of information and/or services. The proposed framework is flexible and allows for continuous improvement as security requirements change due to new opportunities or challenges in the work environment. In using the Ministry of Education as a case study, the IT Security Framework was developed and tested with remarkable observation on security of information and IT assets. There is minimal disruption to online services due to impact of malicious code, better security of data and information through use of central user authentication and management, greater awareness and ownership by staff across all levels of operations. It is clear that at the beginning of this research, a high percentage (73%) of information and IT assets were exposed to risk levels between high to extreme due to various threats. After six months of framework implementation, a major reduction of information and IT assets (26%) were found to be exposed to high risks levels. The developed framework is flexible, easy to replicate and therefore, is highly recommended for use by any organization planning to secure its information and IT assets. Framework components and key strategies make an organization responsive to dynamic IT threats and risks to information and IT assets.
  • Thumbnail Image
    Item
    Influence of chief executive officer-chief information officer relationship on alignment of is/it to business : a case for Nairobi stock exchange listed companies
    (Strathmore University, 2010) Mugo, Eric Micheni
    This descriptive survey aimed at establishing the type of CEO/CIO relationship and the effects of this relationship on the alignment of IS/IT to the business goals. The study focused on the on the Nairobi Stock Exchange (NSE) listed companies. The research methodology involved data collection using a questionnaire, which was pretested before rolling out, where the target population was the ClO and the CEO of thirty (30) out of possible fbrt two (42) companies listed in the Nairobi Stock Exchange out of which twenty four (24) or 58% of the total population responded positively. The results show that 74% of CIOs report directly to the CEO, have budget, a strategic plan that is geared to the business strategy and had high knowledge of their business environment which strengthened their position in accessing the CEO and also involved in decision making. In the companies surveyed, the average age of the ClO was fort one (41) years and the CEO fifty (50) years with an average stay of four to five (4-5) years and greater than five (5) years respectively. In companies that had good CEO-CIO relationship, the investment in IT was high in the recent past and the return on the investment could be seen in the increased profitability. A framework has been proposed that takes into consideration the CEOClO relationship and its impact on the implementation of the organization’s business strategy. In conclusion, the study shows that most of the companies have elevated the position of the ClO to the top level management with a budgetary provision, ISSP process and the general relationship with the CEO that is good since their earlier IT phobia is slowly diminishing resulting in more interest and involvement in IT. The study recommends that organizations requires to elevate the position of the CIO to a level that s/he can influence decision making process and be innovative particularly in companies that are dealing with manufacturing.
  • Thumbnail Image
    Item
    Information technology in medical research improving the security of medical research information. a case study of Kenya Medical Research Institute (KEMRI)
    (Strathmore University, 2010) Lelei, Linda Chelagat
    This research describes the current status of the security of medical research information with the focus on Kenya Medical Research Institute (KEMRI) and how to improve it. Currently, there are no adequate security protection mechanisms for medical research information at the institution. The aim of this research was to design a framework that would ensure improved security of medical research information. To achieve this, the researcher had to determine and document the specific threats to the medical research information and their relative frequency of occurrence, determine the information systems security controls in place to secure the information and their relative predominance and to determine the security policies in place to govern the medical research information on storage and during transmission. Qualitative and quantitative research methods were used to collect data for the study. Research instruments employed were interviews, observations and structured questionnaires. The respondents were data analysts, lab technicians and doctors. Study results show that 75% of the threats most experienced were from viruses and worms followed by data leakage at 42.2%. The security measures in place were also inadequate, with 73% of the respondents using passwords and 68% using access restrictions. Security policies were not clearly defined, documented, distributed, or communicated to the employees and 55% were not aware of any policy. The policies were also not easily accessible. There were also no security policies to govern electronic medical research information The proposed framework, called the Comprehensive Enterprise Security Approach (CESA), consists of Security Policy, Asset Classification, Threat Classification, Controls Analysis, Implementation, Audit and Maintenance activities. When implemented, it will aid the organisation to increase user awareness through trainings, add the security measures and security policies, and protect the hardware and the information or data by preventing threats, hence increasing the security to the medical research information.
  • Thumbnail Image
    Item
    Implementation of information system a case study of National Hospital Insurance Fund
    (Strathmore University, 2010) Gaturu, Monica Wanjiru
    Information Technology has proved to be the backbone of all processes within Organizations. This has meant that these organizations have to strive to acquire the latest technologies that the world has to offer, to ensure that the Organizations have a competitive advantage over their competitors. In the quest to attain the best in technology Organizations have found themselves at a loss, after investing in various systems in the hope to improve their services and output. These losses have been largely attributed to poor implementation frameworks and strategies. National Hospital Insurance Fund; which is the Organization that was used for the research has over the past suffered great losses, after making large financial commitments to acquire Information Systems for various tasks. The research therefore, sought to investigate the reasons for the failed cases. Research was carried out through oral interviews and use of questionnaires, which were filled in by employees of the Organization. The data collected was then analyzed and the results were tabulated. These results showed that most of the employees attributed failure to lack of proper understanding of decision making points, lack of proper delegation of responsibilities within implementation of Information Systems and lack of involvement of all stakeholders, in the process of acquisition of Information Systems. Using the results, two previously existing frameworks; Gorry and Scott Morton decision making framework and Ghapanchi, Albadvi and Zarei, E-Government Implementation Framework, were used as a benchmark and guideline to come up with a Conceptual framework to be used at the Organization, The two frameworks mentioned above were selected for use because they included components in their structure, which were fundamental for the new Conceptual framework. The new framework was then tested within one of the Organizations departments and proved to be successful. Strategies for implementation have also been highlighted, that can be used by any other Organization, in need of a model for implementation of Information Systems.This research has shown that the entire success or failure of the implementation process in place.
  • Thumbnail Image
    Item
    Continuous data protection : reducing data recovery time in Kenyan firms.
    (Strathmore University, 2010) Mugoh, Leon M.
    In today's world of intense competition. businesses cannot afford to lose critical data for the loss of data has become too costly to businesses. Unfortunately information is now exposed to a growing number and a wider variety of threats and vulnerabilities and any loss or destruction of data can result in horrific consequences for an organization. Due to the competitive and regulatory pressures and the high demands and dependence placed on data, there is need for higher data availability and a faster means of recovering the data in case it becomes inaccessible in any way from data corruption to data loss. The main focus of this research was on the problem of the time taken to recover data from a backup media by Kenyan firms as the research seeks to investigate the major reason behind the long / high data recovery times and to provide a solution that attempts to help reduce the data recovery times in Kenyan firms. This study has shown that data is critical to businesses in Kenya and that threats to data do exist which can lead to loss or corruption of data. This loss or corruption has negative consequences to businesses proving too costly as businesses tend to be increasingly dependent on data which means there is a need for a faster means of recovering lost data. It was found that the time taken to recover data in Kenyan firms was high because of the type of media that was used for backing up data, which was the magnetic data tape as it takes a long time to retrieve data from magnetic tapes as compared to other media like disks and DVDs. In an attempt to solve the problem of high data recovery times in Kenyan firms the research proposed the use of Continuous Data Protection (CDP) as an important component of a well-rounded backup and recovery strategy to complement the existing backup strategy as CDP is a disk based backup solution which ensures that data is retrieved at a much faster rate. The research further introduces a concept called Intelligent Restore (Intelli-Restore) where CDP complemented with Intelli-Restore hopes to ftirther reduce data recovery time as it attempts to eliminate the human involvement in data recovery by having the system automatically detect the data loss or corruption and instantly request the backup server to restore the data.
  • Thumbnail Image
    Item
    Improving the decision-making process using an information management system
    (Strathmore University, 2010) Musau, Gloria Meli
    The ability to make effective decisions is crucial to an organization’s survival in today’s tumultuous business environment. In order for firms to evaluate alternatives and make informed choices they must have reliable and timely data upon which to make their decisions. Consequently, the development of effective information management techniques is of central importance to organizations that find themselves inundated with nearly overwhelming amounts of data. In this research a web-based information management system is developed for better decision-making. Two agents are integrated in the system, namely; mapping agent and extraction agent. Through the mapping agent the user information load is reduced by half and the risk of data input errors minimized. The extraction agent is designed to aid in the retrieval of current, timely and relevant data, eliminating unnecessary information. The system is implemented and tested at a Kenyan based Internet Service Provider. As a result of interviews conducted, the needs and critical information requirements of the management and customer care executives are identified. Thus a prototype is developed for verification. The prototype is developed using PHP language for the system interfaces, integration of PHP and GD application for providing a report layout in graphical format and MySQL for the system database. Based on the prototype developed, the management team is able to access updated information regardless of time and place. The arrangement of information is also found to be in a manner according to their information requirements. The information management system is used to store, access, analyze, and present data. The data outputs are both tabular and graphical in nature. There are no user costs associated with the system except for an internet connection
  • Thumbnail Image
    Item
    A Mobile health architecture to provide home-based care using text messaging
    (Strathmore University, 2010) Sowon, Karen Cheruto
    The increasing miniaturization of mobile devices marks an important opportunity for the next generation delivery of health care. Mobile health (mHealth), existing at the nexus health and technology provides a singular opportunity to take health where it is needed the most. Having had nearly mainstream adoption, this may explain the reason why the developing world is in tandem with the set Millennium Development Goals (MDGs). Developing countries like Kenya are still lagging behind in meeting the same health-related goals, yet they continue to report successful stories of mobile technology growth and adoption but no major usage of the same to deliver healthcare. This research explores the use of mobile phones in health and proposes an architecture for the use of Short Message Service (SMS) messaging in the provision of primary home-based care. The architecture is implemented by analysing, designing and testing a primary health-care mHealth application that can be used to support medication of HIV/AIDS patients to result in better and more efficient adherence to the treatment regimen. In conclusion some key design, business and technical requirements that need to be considered are suggested and we further propose a relationship of stakeholders that will ensure the successful adoption and implementation of mHealth applications in Kenya.
  • Thumbnail Image
    Item
    Agent-based modeling of spread of computer virus in a college campus.
    (Strathmore University, 2010) Odunga, Nelson Ochieng
    Computer and data resources are critical assets to every organization. There is need to provide confidentiality, integrity, authentication and non-repudiation for these resources. Computer virus presents a threat to the provision of these requirements. Due to the increased complexity of computer virus code, there is need to study how viruses propagate in complex networks so that effective countermeasures can be developed. Of particular concern to this study was the impact of user awareness and vigilance on computer virus spread. The study aimed to come up with an agent-based computer simulation model to explain the influence of computer user awareness in controlling computer virus spread and a control framework based on this model. A questionnaire survey done for Strathmore University community revealed that users were ill-aware of computer virus and countermeasures necessary to control their spread. This information was used to calibrate the proposed model and also indicated the importance of explicitly incorporating user awareness as a parameter in any models to explain computer virus spread. The study came up with the conclusion that user awareness and vigilance (defined as the proportion of users that practice safe computing) helps control computer virus spread but only up to about 40%. Beyond that, the additional investment incurred in training users does not pay off. Based on that finding, the proposed control framework suggested training users on computer virus awareness and vigilance and also deliberately protecting network nodes within particular groups within Strathmore University community that are deemed to be important (based on their nodal degree).
  • Thumbnail Image
    Item
    An Information security model for the commercial banking industry in Kenya: a case study of mwananchi bank
    (Strathmore University, 2010) Gichengo, Mabel Wanjiru
    In this research, the Information Security concerns that affect the banking industry in Kenya were examined. With the rapid changes in technology and the sensitivity of the information that is handled by banks, information security which, is the implementation of measures and structures to provide for confidentiality, integrity and availability of information based on business requirements and risk analysis, was identified as a key concern that has to be continuously addressed. This research reviews nine information security models and/or frameworks/standards that have been implemented in various organizations for the purposes of information security management. Of great interest to this research were the various aspects of security that were considered across the industry. There has been rapid growth in the banking industry and adoption of various Information Technologies that are dependent on the Internet. With Banks and customers being held responsible for Information Security, they must strive to keep their Information Security strategies at par with the advances in technology. In order to address this, what is needed is an Information Security model. The research delved into how the bank is currently managing security and proposes an appropriate and practical model for implementation and adoption within the banking industry. The research was a case study based on a specific commercial bank in Kenya — Mwananchi Bank. The researcher went into depths of establishing what information is considered valuable to this bank; what controls have been implemented to secure this information; persons responsible for information security; the adequacy of the security measures that are already in place and a review of the information security models already implemented, if any. This information was obtained by conducting detailed interviews with middle level management personnel in various functional areas of the bank. It was established that the Bank had not implemented any models but had began on the foundation stages of formulating a security policy which had not been communicated and subsequently not internalized by all staff. However, it was clear that various security controls had been implemented in the various functional areas but there was laxity in the enforcement of these controls. Appropriate and practical recommendations on how best the banking industry in Kenya can secure its information by sufficiently addressing all the security concerns for banks in Kenya have been made.
  • Thumbnail Image
    Item
    Application of geographical information system (GIS) for decision making in Kenya health facilities a case study of embakasi division
    (2010) Kisongochi, Wycliffe Masielo
    The purpose of this study was to examine how tangible information and application of GIS on health facilities distribution. It examine spatial distribution (location), accessibility, reasons for choosing facilities, mode of transport, distance covered and time taken and services offered and inadequacy of the facilities and their distribution. It was a survey research that involved sampling selected facilities and health care seekers. The target population was 76 health facilities and 152 health care seekers in the area of study were sampled. 76 facilities and 152 health care seekers responded giving a success of 100% data. Data was collected by use of semi structured questionnaires containing both open-ended and closed-ended questions and was administered. The research data was analysed using descriptive statistics and summaries included percentages, frequencies, mean, standard deviation, median and mode and was presented in tables, figures, percentages, pie charts and means.. The buffer-zone analysis (Yeh and Chow, 1996), used to map the health facilities and services on the digitise map. A Likert scale and Location quotient analysis were used and Gini coefficient index was tabulated The study established that 42.1% of the facilities are private owned medical enterprises. 30% of the facilities have catchment of 501-1000 clients. There is disparity in health facilities distribution with a Gini coefficient of 0.649 and 32.9% of the populations is within 2km of public health facilities while 67% reside more than 2km to the facilities. The majority of the residents are constrained by travelling a longer distance or queuing for long periods to be served. Some of the facilities were to be closed others to be upgraded to provide equitable health care service. The study concluded that information from health seekers is important in planning for health facility distribution. The research demonstrates that GIS use to ensure proper decision making based on spatial distribution. GIS will assist stakeholders in the health sector in decision making and resource allocation. Issues of equity and health care delivery will improve in line with the Millennium Development Goals and Vision 2030.
  • Thumbnail Image
    Item
    Towards integrated data repositories for improving enterprise-wide systems coherence
    (Strathmore University, 2010) Shibwabo, Bernard Kasamani
    We propose a modern approach to merge data islands in organizations around the world through rounds of analysis, design and a final implementation of a merged virtual data repository. We proceed to explore the industry which is by all means flooded with a variety of data sources and thereby proceed to present a uniform solution for the common cases. The solution consists of a single transparent virtual data source, the logic as well as the informational intelligence implementations. This not only masks the differences in data sources but also provides a standard way to access enterprise-wide data. Security is provided through a two-tier mechanism supported by the provisions of the Open database Connectivity Standard. The result is a single database that percolates and draws data residing in incoherent repositories with an intelligence layer built at the topmost layer. In real-time, there is a determination of the available data repositories for merging and reporting tasks. This is expected to provide direction for future work to improve the information access process as well as positively affect future decisions regarding software acquisition. In conclusion, the ultimate outcome of the process is expected to provide a platform on which users are free to filter information based on their requirements so as to come up with an informed judgment. The informational access process can be overhauled without affecting the data with the intended goals being to improve transparency, timely access, higher flexibility and the benefits from additional system functionalities in data access.
  • Thumbnail Image
    Item
    E-government security: information security management model for public administration in Kenya
    (Strathmore University, 2010-06) Oyieyo, William O.
    Information security in e-government in public administration in Kenya has not been adequately addressed. In order to develop an Information Security Management Model for Public Administration in Kenya, a questionnaire was used to gather data on e- government security, access control mechanisms used, presence of ICT policies, customers served, age and Internet use from 77 Public Administration employees from 24 Kenya Government ministries and agencies taking training programmes at Kenya Institute of Administration in August, 2009. The widely accepted ISACA's Business Model for Information Security and ISO/IEC 17799 Information Security Management Standard Model were used to derive the research theoretical framework. Cronbach internal consistency test on e-government services security construct of eight independent variables produced an alpha of 0,719. Logistic regression was used to test the null hypotheses. The preliminary findings indicate that e-govenment services are not secure. In government agencies where there is lCT/computer use policies, the public administration employees were in strong agreement that the e-government services were secure at X2(8, N = 77) = 18.249, P = 0.019, CI9s; and in government agencies where the citizens are considered as important customers, the public administration employees are also in strong agreement that the e-government services are secure at X\8, N = 77) = 18.082, P = 0.021, C19s. The study also found a significant relationship between age above 40 of the Public Administration employees and secure e-government services at /(8, N = 77) = 17.249, P =0.026, CI9s . The research did not find a significant relationship between the access control mechanisms and secure e-government services at X2(8, N = 77) = 12.812, P = 0.118, C19s. This study suggests that a combination of age of Public Administration employees and presence of computer lICT use policy can be used to enhance information security in Public Administration in Kenya. This study recommends further research on the contents and comprehensiveness of the ICT /Computer use policies currently existing within the Public Administration in Kenya.