A Model to measure information security awareness level in an organization : case study of Kenya commercial bank.
| dc.creator | Mugo, Eric Anderson Kabugu | |
| dc.creator | Wekesa, Cyrus | |
| dc.date | 05/13/2013 | |
| dc.date | Mon, 13 May 2013 | |
| dc.date | Tue, 14 May 2013 13:12:25 | |
| dc.date | Tue, 14 May 2013 13:12:25 | |
| dc.date.accessioned | 2015-03-18T11:28:56Z | |
| dc.date.available | 2015-03-18T11:28:56Z | |
| dc.description | Partial fulfillment for award of the degree of Master of Science in Information Technology (MSc.IT) | |
| dc.description | Information Security awareness forms a key basic part of Information Security Strategy within most organizations. Organizations that tend to be more conscious regarding Information Security will invest more than organizations that are less conscious. This can be seen in Financial and Telecommunications industry as compared to Agricultural industries. Information Security awareness is an investment that organizations make to ensure that the human aspect of Information Security is taken care of. Majority of organizations that invest in Information Security awareness do not measure the levels of awareness among their staff to identify the impact of their investment. Measurement of Information Security results in value add such as positive change in staff attitudes towards Information Security, respective increase in Information Security knowledge and a more secure organization. The value add comes with other added benefits such as reduced Information Security incidents and frauds, a more knowledgeable staff and an Information Security team with visibility into the general organizations predisposition to Information Security challenges as well as general awareness. This study aims at expounding on the various techniques used to impart awareness. The study aims at proposing a model that can be used to measure Information Security awareness levels in a Local financial institution. Achievement of specific objectives of the research was done through qualitative technique. Collection of data required is done from local Members of Information Security Profession who possess the required data in the area of Information Security. Following analysis of responses from the local Information Security professionals, the model developed was based on the Kruger and Kearney Model awareness measurement model with specific modifications to suit the local financial institutions' requirements. The models' modifications were based on a local banking institution for purposes of testing and validating the mode!. The modifications are as a result of the findings from the survey. | |
| dc.description.abstract | Information Security awareness forms a key basic part of Information Security Strategy within most organizations. Organizations that tend to be more conscious regarding Information Security will invest more than organizations that are less conscious. This can be seen in Financial and Telecommunications industry as compared to Agricultural industries. Information Security awareness is an investment that organizations make to ensure that the human aspect of Information Security is taken care of. Majority of organizations that invest in Information Security awareness do not measure the levels of awareness among their staff to identify the impact of their investment. Measurement of Information Security results in value add such as positive change in staff attitudes towards Information Security, respective increase in Information Security knowledge and a more secure organization. The value add comes with other added benefits such as reduced Information Security incidents and frauds, a more knowledgeable staff and an Information Security team with visibility into the general organizations predisposition to Information Security challenges as well as general awareness. This study aims at expounding on the various techniques used to impart awareness. The study aims at proposing a model that can be used to measure Information Security awareness levels in a Local financial institution. Achievement of specific objectives of the research was done through qualitative technique. Collection of data required is done from local Members of Information Security Profession who possess the required data in the area of Information Security. Following analysis of responses from the local Information Security professionals, the model developed was based on the Kruger and Kearney Model awareness measurement model with specific modifications to suit the local financial institutions' requirements. The models' modifications were based on a local banking institution for purposes of testing and validating the mode!. The modifications are as a result of the findings from the survey. | |
| dc.format | Number of Pages:x, 102 p. | |
| dc.identifier.uri | http://hdl.handle.net/11071/3537 | |
| dc.language | eng | |
| dc.rights | By agreeing with and accepting this license, I (the author(s), copyright owner or nominated agent) agree to the conditions, as stated below, for deposit of the item (referred to as .the Work.) in the digital repository maintained by Strathmore University, or any other repository authorized for use by Strathmore University. Non-exclusive Rights Rights granted to the digital repository through this agreement are entirely non-exclusive. I understand that depositing the Work in the repository does not affect my rights to publish the Work elsewhere, either in present or future versions. I agree that Strathmore University may electronically store, copy or translate the Work to any approved medium or format for the purpose of future preservation and accessibility. Strathmore University is not under any obligation to reproduce or display the Work in the same formats or resolutions in which it was originally deposited. SU Digital Repository I understand that work deposited in the digital repository will be accessible to a wide variety of people and institutions, including automated agents and search engines via the World Wide Web. I understand that once the Work is deposited, metadata may be incorporated into public access catalogues. I agree as follows: 1.That I am the author or have the authority of the author/s to make this agreement and do hereby give Strathmore University the right to make the Work available in the way described above. 2.That I have exercised reasonable care to ensure that the Work is original, and to the best of my knowledge, does not breach any laws including those relating to defamation, libel and copyright. 3.That I have, in instances where the intellectual property of other authors or copyright holders is included in the Work, gained explicit permission for the inclusion of that material in the Work, and in the electronic form of the Work as accessed through the open access digital repository, or that I have identified that material for which adequate permission has not been obtained and which will be inaccessible via the digital repository. 4.That Strathmore University does not hold any obligation to take legal action on behalf of the Depositor, or other rights holders, in the event of a breach of intellectual property rights, or any other right, in the material deposited. 5.That if, as a result of my having knowingly or recklessly given a false statement at points 1, 2 or 3 above, the University suffers loss, I will make good that loss and indemnify Strathmore University for all action, suits, proceedings, claims, demands and costs occasioned by the University in consequence of my false statement. | |
| dc.subject | Information security awareness | |
| dc.subject | Quantitative modelling | |
| dc.title | A Model to measure information security awareness level in an organization : case study of Kenya commercial bank. | |
| dc.type | Thesis |