Call for Paper - March 2023 Edition
IJCA solicits original research papers for the March 2023 Edition. Last date of manuscript submission is February 20, 2023. Read More

An Analysis of Information Technology (IT) Security Practices: A Case Study of Kenyan Small and Medium Enterprises (SMEs) in the Financial Sector

Print
PDF
International Journal of Computer Applications
© 2012 by IJCA Journal
Volume 57 - Number 18
Year of Publication: 2012
Authors:
Leonard Makumbi
Evans K. Miriti
Andrew M. Kahonge
10.5120/9216-3767

Leonard Makumbi, Evans K Miriti and M Kahonge. Article: An Analysis of Information Technology (IT) Security Practices: A Case Study of Kenyan Small and Medium Enterprises (SMEs) in the Financial Sector. International Journal of Computer Applications 57(18):33-36, November 2012. Full text available. BibTeX

@article{key:article,
	author = {Leonard Makumbi and Evans K. Miriti and andrew M. Kahonge},
	title = {Article: An Analysis of Information Technology (IT) Security Practices: A Case Study of Kenyan Small and Medium Enterprises (SMEs) in the Financial Sector},
	journal = {International Journal of Computer Applications},
	year = {2012},
	volume = {57},
	number = {18},
	pages = {33-36},
	month = {November},
	note = {Full text available}
}

Abstract

Organizations of all sizes are now significantly reliant upon information and communication technology for the performance of their business activities. They therefore need to ensure that their systems and data are appropriately protected against security threats. Unfortunately, however, there is evidence to suggest that security practices are not strongly upheld within small and medium enterprise environments. The purpose of this study was to investigate the information technology security practices in Small and Medium Enterprises (SMEs) in the financial sector in Kenya. In Particular, the study sought to identify the main perceived threats to information security in the organizations and the measures the organizations put in place to protect the information assets from these threats. The study tried to establish if the risk posed by security failures to the organization's operations was high based on their reliance in IT systems and if the security posture adopted by the organization reflected the level of risk. The study established that the SMEs studied were highly reliant on Information Technology for their business operations hence the risk posed by failure of IT security was high. The study found that the major perceived and experienced threats to security were viruses and system users. The study also found that in the SMEs, there were some attempts at securing the IT assets though these efforts were largely uncoordinated. The IT security role was frequently unassigned, or allocated to someone without appropriate qualification. Most organizations did not have a formally specified IT security budget although some security related expenditures were made.

References

  • Dojkovski, S. , Lichtenstein, S. , & Warren, M. J. (2007). Fostering Information Security Culture in Small and Medium Size Enterprises: An Interpretive Study in Australia. 15th European Conference on Information Systems, (pp. 1560-1571). St. Gallen, Switzerland.
  • Kimwele, M. , Mwangi, W. , & Kimani, S. (2010). Adoption of Information Technology Security: Case Study of Kenyan Small and Medum Entreprises (SMEs). Journal of Theoretical and Applied Information Technology, 18 (2).
  • Kothari, C. (2004). Research Methodology: Methods and Techniques. Delhi, India: New Age International (P) Ltd.
  • Microsoft. (2005). Security Guide for Small Business. Microsoft.
  • Soy, S. K. (2006). The Case Study as a Research Method. Retrieved Oct, 2012, from http://www. gslis. utexas. edu/~ssoy/usesusers/l391d1b. htm
  • Stoneburner, G. , Hayden, C. , & Feringa, a. A. (2004). Engineering Principles for Information Technology Security (A Baseline for Achieving Security), Revision A. National Institute of Standards and Technology.