|dc.description.abstract||Cyber security plays an important role in ensuring an ISP's services availability so as to ensure
its clients satisfaction. It is just not about detection of cyber threats but also having the best
practices to thwart such attacks. This involves classifying the attacks and assessing their impact
should they be successful; while doing this, it is also necessary to note the defense mechanisms
currently in place and come up with the best strategies to deal with such attacks. ISPs monitor
the traffic that is routed through their network, detecting threats and reporting the same to their
clients for them to protect their own networks. Currently, ISPs just detect and advice their clients
but it is not just about detection but most importantly what to do with the data once it is detected.
Having a framework that guides an organization on what to do should a cyber attack be detected
greatly improves the organization's preparedness in dealing with cyber attacks.
This research undertook both quantitative and qualitative approaches of the cyber threats that
Kenyan ISPs face and ways of improving their preparedness to handle cyber attacks with the use
of both primary and secondary data sources. A descriptive research design was employed with
the use of questionnaires as principal data collection instrument, Several cyber security
frameworks were evaluated and the proposed framework borrowed from the SCADA security
framework and the game theoretic data fusion approach for cyber situation awareness and impact
assessment. The questionnaire was distributed to all the individuals in the sample. The sample
size was drawn from the technical staff of these Kenyan ISPs. Collected data was analyzed using
both quantitative and qualitative data analysis approaches. Data from the questionnaires was
checked for completeness, coded and logged into the computer system using Statistical Package
for Social Science (SPSS).
The study found out that ISPs are interested in a framework for handling cyber attack data
(100%) so as to better handle cyber threats. Also, the following was established on cyber threats:
for malware, 95% agreed that it does occur; for phishing, 82% agreed; for pharming (diversion
of internet traffic), 59% agreed; and for spam, 86% agreed. On whether employees in the
organization are well-trained to handle cyber security threats, only 37% agreed.
The study concludes with a cyber security framework composed of cyber attack classification,
attacks database, impact analysis, and recommended best response strategies. The framework
provides a mechanism for handling cyber attack data, from classification of the attack type,
vulnerabilities' evaluation and the best strategies for preventing the attack.||en_US