Home   >   CSC-OpenAccess Library   >    Manuscript Information
Information Technology (IT) Security Framework for Kenyan Small and Medium Enterprises (SMEs)
Michael Kimwele, Waweru Mwangi, Stephen Kimani
Pages - 39 - 53     |    Revised - 31-03-2011     |    Published - 04-04-2011
Volume - 5   Issue - 1    |    Publication Date - March / April 2011  Table of Contents
Information Technology, Security, Metrics, Framework, Kenya, SMEs
To address challenges faced by Small and Medium Enterprises (SMEs) especially in Kenya, this paper aims to establish an Information Technology (IT) framework that can allow SMEs implement cost effective security measures. Particularly this paper discusses IT security requirements and appropriate metrics. There is evidence from the survey to suggest that despite having some IT security measures in place, Kenyan SMEs still face some serious IT security challenges. In the light of the challenges faced by Kenyan SMEs, this work recommends a framework which is supposed among other things provide some metrics of evaluating the effectiveness of implemented security measures. The framework is likely to assist SME stakeholders measure the effectiveness of their security enhancing mechanisms.
CITED BY (4)  
1 Houngbo, P. J., & Hounsou, J. T. (2015). Measuring Information Security: Understanding And Selecting Appropriate Metrics. International Journal of Computer Science and Security (IJCSS), 9(2), 108.
2 Madiavale, B. A. (2014). Information security management practices and organizational goals: a study of microfinanace organizations in Nairobi (Doctoral dissertation, University of Nairobi).
3 Bedi, D. S. (2013). Information security in hospitality SMMEs in the Cape Metropole area: policies and measures in the online environment (Doctoral dissertation, Cape Peninsula University of Technology).
4 MUGO, E. A. K. (2012). A Model to Measure Information Security Awareness (Doctoral dissertation, Strathmore University).
1 Google Scholar 
2 Academic Journals Database 
3 CiteSeerX 
4 refSeek 
5 iSEEK 
6 Bielefeld Academic Search Engine (BASE) 
7 Scribd 
8 SlideShare 
9 PdfSR 
B. Conner et al., (2004), Business Software Alliance, http://www.bsa.org [20/8/2010]
C. N. Tarimo (2006), ICT Security Readiness Checklist for Developing Countries: A Social-Technical Approach, Stockholm University, Department of Computer and Systems Sciences, December 2006.
C. T. Upfold and D. A. Sewry (2005), An Investigation of Information Security in Small and Medium Enterprises (SME’s) in the Eastern Cape.
J. A. Chaula (2006), “A Socio-Technical Analysis of Information Systems Security Assurance: A Case Study for Effective Assurance”, Stockholm University: Department of Computer and Systems Sciences, Report Series/DSV No. 06-016, ISSN 1101-8526
J. A. Sharp and K. Howard (1998), The Management of a Student Research Project, 2nd Edition. http://www.hlss.mmu.ac.uk/infocomms/people/staffpub/rjh.doc [12/2/2010]
M. R. Pattinson and G. Anderson, G (2007), “How Well are Information Risks being Communicated to your Computer end-users?” Information Management and Computer Security, Vol. 15. No. 5. (2007), pp 362-371
M. Swanson, N. Bartol, J. Sabato, J. Hash, and L. Graffo (2003), Security Metrics Guide for Information Technology Systems. http://csrc.nist.gov/csspab/june13-15/secmetrics. html [16/8/2010]
P. E. Ammann P. E and Black, P. E. (2001), “A Specification-Based Coverage Metric to Evaluate Test Sets”, International Journal of Reliability, Quality, and Safety Engineering, Vol. 8 No. 4, pp 275-300; Singapore, World Scientific Publishing.
R. Casmir (2005), A Dynamic and Adaptive Information Security Awareness (DAISA) Approach, Stockholm University, Department of Computer and Systems Sciences, December 2005.
R. Casmir and L. Yngstrom (2005), Towards a Dynamic and Adaptive Information Awareness Approach. In proceedings of the fourth world conference on information security education, Moscow, Russia, ISBN: 5-7262-0565-0
R. Khurana (2007), Software Engineering: Principles and Practices, ITL Education Solutions Ltd, New Delhi, India, 2007.
R. Werlinger et al. (2009), “An Integrated View of Human, Organizational, and Technological Challenges of IT Security”, Information Management and Computer Security, Vol. 17. No. 1. (2009)
Dr. Michael Kimwele
- Kenya
Dr. Waweru Mwangi
- Kenya
Dr. Stephen Kimani
- Kenya