Information technology security policy framework for small and medium size enterprises in Nairobi
| dc.contributor.advisor | Ateya, Ismail Lukandu | |
| dc.creator | ||
| dc.creator | Muya, Andrew Ndeti | |
| dc.date | 02/01/2013 | |
| dc.date | Fri, 1 Feb 2013 | |
| dc.date | Fri, 1 Feb 2013 11:44:55 | |
| dc.date | Mon, 29 Apr 2013 18:03:58 | |
| dc.date.accessioned | 2015-03-18T11:28:49Z | |
| dc.date.available | 2015-03-18T11:28:49Z | |
| dc.description | A thesis submitted to Strathmore University in partial fulfillment to the requirements of the award of Master of Science in Computer Based Information Systems (MSCIS). Full text thesis. | |
| dc.description | The adoption of Information Communication and Technology (I.C.T) has increased tremendously over the last couple of years, especially in Small and Medium Size Enterprises (SMEs). However, most SMEs do not realize the importance of Information Technology (I.T) security policies.This research sought to (a) establish degree of use of I.T security policies in SMEs and whether these policies are equal to the business needs of SMEs; (b) establish the security threats and challenges they are exposed to; (c) identify how the I.T security policies are developed; and finally, (d) propose a framework that can be used to guide SMEs in adoption of I.T security policies. To meet these objectives, the study used a descriptive research design; research instruments used were questionnaires, interviews and discussion forums (with both student colleagues and work mates). The study established that 90% of SMEs in Nairobi do not have I.T security policies in their enterprises. Further, of the 10% who have existing policies, 5.2% have security policies that match the enterprises’ business needs. The study further observed that 82% of the businesses strongly agreed that they are in need of a comprehensive I.T security policy to counter risks / threats. Out of all the respondents, 40% strongly agreed that their businesses regularly and frequently scan critical systems for security exposures.The study further used the size of the organization in terms of personnel, the technical environment of the organization, and the ISO 17799 security policy development methodology to develop a framework that addresses comprehensively the I.T security policy development for SMEs. According to the proposed framework, if the firm is not I.T proficient (or if it is I.T proficient but small), it should outsource I.T security policy development; else, it should develop the I.T security policy internally or outsource. The framework also provides the detailed components of the I.T security policy development and its implementation | |
| dc.description.abstract | The adoption of Information Communication and Technology (I.C.T) has increased tremendously over the last couple of years, especially in Small and Medium Size Enterprises (SMEs). However, most SMEs do not realize the importance of Information Technology (I.T) security policies.This research sought to (a) establish degree of use of I.T security policies in SMEs and whether these policies are equal to the business needs of SMEs; (b) establish the security threats and challenges they are exposed to; (c) identify how the I.T security policies are developed; and finally, (d) propose a framework that can be used to guide SMEs in adoption of I.T security policies. To meet these objectives, the study used a descriptive research design; research instruments used were questionnaires, interviews and discussion forums (with both student colleagues and work mates). The study established that 90% of SMEs in Nairobi do not have I.T security policies in their enterprises. Further, of the 10% who have existing policies, 5.2% have security policies that match the enterprises’ business needs. The study further observed that 82% of the businesses strongly agreed that they are in need of a comprehensive I.T security policy to counter risks / threats. Out of all the respondents, 40% strongly agreed that their businesses regularly and frequently scan critical systems for security exposures.The study further used the size of the organization in terms of personnel, the technical environment of the organization, and the ISO 17799 security policy development methodology to develop a framework that addresses comprehensively the I.T security policy development for SMEs. According to the proposed framework, if the firm is not I.T proficient (or if it is I.T proficient but small), it should outsource I.T security policy development; else, it should develop the I.T security policy internally or outsource. The framework also provides the detailed components of the I.T security policy development and its implementation. | |
| dc.format | Number of Pages:x, 68 p. | |
| dc.identifier.uri | http://hdl.handle.net/11071/3438 | |
| dc.language | eng | |
| dc.rights | By agreeing with and accepting this license, I (the author(s), copyright owner or nominated agent) agree to the conditions, as stated below, for deposit of the item (referred to as .the Work.) in the digital repository maintained by Strathmore University, or any other repository authorized for use by Strathmore University. Non-exclusive Rights Rights granted to the digital repository through this agreement are entirely non-exclusive. I understand that depositing the Work in the repository does not affect my rights to publish the Work elsewhere, either in present or future versions. I agree that Strathmore University may electronically store, copy or translate the Work to any approved medium or format for the purpose of future preservation and accessibility. Strathmore University is not under any obligation to reproduce or display the Work in the same formats or resolutions in which it was originally deposited. SU Digital Repository I understand that work deposited in the digital repository will be accessible to a wide variety of people and institutions, including automated agents and search engines via the World Wide Web. I understand that once the Work is deposited, metadata may be incorporated into public access catalogues. I agree as follows: 1.That I am the author or have the authority of the author/s to make this agreement and do hereby give Strathmore University the right to make the Work available in the way described above. 2.That I have exercised reasonable care to ensure that the Work is original, and to the best of my knowledge, does not breach any laws including those relating to defamation, libel and copyright. 3.That I have, in instances where the intellectual property of other authors or copyright holders is included in the Work, gained explicit permission for the inclusion of that material in the Work, and in the electronic form of the Work as accessed through the open access digital repository, or that I have identified that material for which adequate permission has not been obtained and which will be inaccessible via the digital repository. 4.That Strathmore University does not hold any obligation to take legal action on behalf of the Depositor, or other rights holders, in the event of a breach of intellectual property rights, or any other right, in the material deposited. 5.That if, as a result of my having knowingly or recklessly given a false statement at points 1, 2 or 3 above, the University suffers loss, I will make good that loss and indemnify Strathmore University for all action, suits, proceedings, claims, demands and costs occasioned by the University in consequence of my false statement. | |
| dc.subject | Information Communication and Technology | |
| dc.subject | Information Security Management System | |
| dc.subject | International Organization for Standardization | |
| dc.title | Information technology security policy framework for small and medium size enterprises in Nairobi | |
| dc.type | Thesis |