Show simple item record

dc.contributor.authorLelei, Linda Chelagat
dc.date.accessioned2011-07-06T10:35:38Z
dc.date.available2011-07-06T10:35:38Z
dc.date.issued2010
dc.identifier.citationRA858.L45 2010en_US
dc.identifier.urihttp://hdl.handle.net/11071/1543
dc.descriptionPartial fulfillment for award of the degree of Master of Information Technologyen_US
dc.description.abstractThis research describes the current status of the security of medical research information with the focus on Kenya Medical Research Institute (KEMRI) and how to improve it. Currently, there are no adequate security protection mechanisms for medical research information at the institution. The aim of this research was to design a framework that would ensure improved security of medical research information. To achieve this, the researcher had to determine and document the specific threats to the medical research information and their relative frequency of occurrence, determine the information systems security controls in place to secure the information and their relative predominance and to determine the security policies in place to govern the medical research information on storage and during transmission. Qualitative and quantitative research methods were used to collect data for the study. Research instruments employed were interviews, observations and structured questionnaires. The respondents were data analysts, lab technicians and doctors. Study results show that 75% of the threats most experienced were from viruses and worms followed by data leakage at 42.2%. The security measures in place were also inadequate, with 73% of the respondents using passwords and 68% using access restrictions. Security policies were not clearly defined, documented, distributed, or communicated to the employees and 55% were not aware of any policy. The policies were also not easily accessible. There were also no security policies to govern electronic medical research information The proposed framework, called the Comprehensive Enterprise Security Approach (CESA), consists of Security Policy, Asset Classification, Threat Classification, Controls Analysis, Implementation, Audit and Maintenance activities. When implemented, it will aid the organisation to increase user awareness through trainings, add the security measures and security policies, and protect the hardware and the information or data by preventing threats, hence increasing the security to the medical research information.en_US
dc.language.isoenen_US
dc.publisherStrathmore Universityen_US
dc.subjectMedical Informaticsen_US
dc.subjectInformation Storage and Retrieval--Medical Careen_US
dc.subjectInformation Securityen_US
dc.titleInformation technology in medical research improving the security of medical research information. a case study of Kenya Medical Research Institute (KEMRI)en_US
dc.typeThesisen_US


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record