CFP last date
20 December 2024
Reseach Article

An Analysis of Information Technology (IT) Security Practices: A Case Study of Kenyan Small and Medium Enterprises (SMEs) in the Financial Sector

by Leonard Makumbi, Evans K. Miriti, andrew M. Kahonge
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 57 - Number 18
Year of Publication: 2012
Authors: Leonard Makumbi, Evans K. Miriti, andrew M. Kahonge
10.5120/9216-3767

Leonard Makumbi, Evans K. Miriti, andrew M. Kahonge . An Analysis of Information Technology (IT) Security Practices: A Case Study of Kenyan Small and Medium Enterprises (SMEs) in the Financial Sector. International Journal of Computer Applications. 57, 18 ( November 2012), 33-36. DOI=10.5120/9216-3767

@article{ 10.5120/9216-3767,
author = { Leonard Makumbi, Evans K. Miriti, andrew M. Kahonge },
title = { An Analysis of Information Technology (IT) Security Practices: A Case Study of Kenyan Small and Medium Enterprises (SMEs) in the Financial Sector },
journal = { International Journal of Computer Applications },
issue_date = { November 2012 },
volume = { 57 },
number = { 18 },
month = { November },
year = { 2012 },
issn = { 0975-8887 },
pages = { 33-36 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume57/number18/9216-3767/ },
doi = { 10.5120/9216-3767 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-06T21:00:49.968543+05:30
%A Leonard Makumbi
%A Evans K. Miriti
%A andrew M. Kahonge
%T An Analysis of Information Technology (IT) Security Practices: A Case Study of Kenyan Small and Medium Enterprises (SMEs) in the Financial Sector
%J International Journal of Computer Applications
%@ 0975-8887
%V 57
%N 18
%P 33-36
%D 2012
%I Foundation of Computer Science (FCS), NY, USA
Abstract

Organizations of all sizes are now significantly reliant upon information and communication technology for the performance of their business activities. They therefore need to ensure that their systems and data are appropriately protected against security threats. Unfortunately, however, there is evidence to suggest that security practices are not strongly upheld within small and medium enterprise environments. The purpose of this study was to investigate the information technology security practices in Small and Medium Enterprises (SMEs) in the financial sector in Kenya. In Particular, the study sought to identify the main perceived threats to information security in the organizations and the measures the organizations put in place to protect the information assets from these threats. The study tried to establish if the risk posed by security failures to the organization's operations was high based on their reliance in IT systems and if the security posture adopted by the organization reflected the level of risk. The study established that the SMEs studied were highly reliant on Information Technology for their business operations hence the risk posed by failure of IT security was high. The study found that the major perceived and experienced threats to security were viruses and system users. The study also found that in the SMEs, there were some attempts at securing the IT assets though these efforts were largely uncoordinated. The IT security role was frequently unassigned, or allocated to someone without appropriate qualification. Most organizations did not have a formally specified IT security budget although some security related expenditures were made.

References
  1. Dojkovski, S. , Lichtenstein, S. , & Warren, M. J. (2007). Fostering Information Security Culture in Small and Medium Size Enterprises: An Interpretive Study in Australia. 15th European Conference on Information Systems, (pp. 1560-1571). St. Gallen, Switzerland.
  2. Kimwele, M. , Mwangi, W. , & Kimani, S. (2010). Adoption of Information Technology Security: Case Study of Kenyan Small and Medum Entreprises (SMEs). Journal of Theoretical and Applied Information Technology, 18 (2).
  3. Kothari, C. (2004). Research Methodology: Methods and Techniques. Delhi, India: New Age International (P) Ltd.
  4. Microsoft. (2005). Security Guide for Small Business. Microsoft.
  5. Soy, S. K. (2006). The Case Study as a Research Method. Retrieved Oct, 2012, from http://www. gslis. utexas. edu/~ssoy/usesusers/l391d1b. htm
  6. Stoneburner, G. , Hayden, C. , & Feringa, a. A. (2004). Engineering Principles for Information Technology Security (A Baseline for Achieving Security), Revision A. National Institute of Standards and Technology.
Index Terms

Computer Science
Information Sciences

Keywords

SMEs Information Security Controls Threats ICT Kenya