Security framework for electronic mail systems
Ndunge, Keli Rebecca
MetadataShow full item record
E-mail communication is widely used in today's world and government institutions are no exceptions. In most organizations, e-mail is recognised as the primary mode of communication and hence its immense value to organizations. The government of Kenya launched the e-government strategy in the year 2004 which paved way for use of electronic mail as an official mode of communication. There however lacks a guiding framework to secure the communications. This research sought to identify security challenges in e-mail communications and the remedial measures in place. The research focuses on e-mail security threats and measures to detect, prevent or eradicate them in addition to the review of existing e-mail security frameworks with the intent of looking at their effectiveness and/or gaps. The research design involved a study of the 42 ministries. This being a finite population there was no need for sampling. Data was collected by administering questionnaires and semi-structured interviews with System administrators and e-govemment policy-level managers. Additionally, secondary data was obtained through a review of existing documents. The research appreciates efforts that have been undertaken in the same field. Notably the e-mail security frameworks that have been documented like the National Institute of Standards and Technology (NIST) e-mail security framework (guidelines), Vipre E-mail security for exchange and a number of authentication frameworks. From the research findings, there is a significant level of e-mail use within the ministries and therefore a large minefield for cyber-attacks. This research and other previous ones show different vulnerabilities that have been exploited to compromise security of the enterprise systems via e-mails. Each ministry has implemented different security measures to mitigate e-mail threats. However, there are no standard guidelines to follow hence each Ministry implements what the head of ICT unit has recommended. The framework developed as a product of this research is envisaged to be used by the directorate of e-government to ensure secure communication in all ministries. It shall provide guidelines and empower ICT Officers on enforcing security policies, help administrators and managers on matters of compliance and safeguarding of ministries' business critical communications and documents then ultimately provide availability, integrity, nonrepudiation and confidentiality of the communications.