Show simple item record

dc.contributor.authorGitonga, Edward Githinji
dc.date.accessioned2016-02-09T15:45:29Z
dc.date.available2016-02-09T15:45:29Z
dc.date.issued2013-06
dc.identifier.urihttp://hdl.handle.net/11071/4250
dc.descriptionSubmitted in partial fulfillment of the requirements for the Degree of Masters of Science in Information Technologyen_US
dc.description.abstractCyber security plays an important role in ensuring an ISP's services availability so as to ensure its clients satisfaction. It is just not about detection of cyber threats but also having the best practices to thwart such attacks. This involves classifying the attacks and assessing their impact should they be successful; while doing this, it is also necessary to note the defense mechanisms currently in place and come up with the best strategies to deal with such attacks. ISPs monitor the traffic that is routed through their network, detecting threats and reporting the same to their clients for them to protect their own networks. Currently, ISPs just detect and advice their clients but it is not just about detection but most importantly what to do with the data once it is detected. Having a framework that guides an organization on what to do should a cyber attack be detected greatly improves the organization's preparedness in dealing with cyber attacks. This research undertook both quantitative and qualitative approaches of the cyber threats that Kenyan ISPs face and ways of improving their preparedness to handle cyber attacks with the use of both primary and secondary data sources. A descriptive research design was employed with the use of questionnaires as principal data collection instrument, Several cyber security frameworks were evaluated and the proposed framework borrowed from the SCADA security framework and the game theoretic data fusion approach for cyber situation awareness and impact assessment. The questionnaire was distributed to all the individuals in the sample. The sample size was drawn from the technical staff of these Kenyan ISPs. Collected data was analyzed using both quantitative and qualitative data analysis approaches. Data from the questionnaires was checked for completeness, coded and logged into the computer system using Statistical Package for Social Science (SPSS). The study found out that ISPs are interested in a framework for handling cyber attack data (100%) so as to better handle cyber threats. Also, the following was established on cyber threats: for malware, 95% agreed that it does occur; for phishing, 82% agreed; for pharming (diversion of internet traffic), 59% agreed; and for spam, 86% agreed. On whether employees in the organization are well-trained to handle cyber security threats, only 37% agreed. The study concludes with a cyber security framework composed of cyber attack classification, attacks database, impact analysis, and recommended best response strategies. The framework provides a mechanism for handling cyber attack data, from classification of the attack type, vulnerabilities' evaluation and the best strategies for preventing the attack.en_US
dc.language.isoenen_US
dc.publisherStrathmore Universityen_US
dc.subjectCyber securityen_US
dc.subjectISPen_US
dc.subjectInterneten_US
dc.subjectKenyaen_US
dc.titleFramework for enhancing cyber security: case study of Kenyan Internet Service Providersen_US
dc.typeThesisen_US


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record