期刊名称:International Journal of Computer Science and Information Technologies
电子版ISSN:0975-9646
出版年度:2011
卷号:2
期号:1
页码:517-525
出版社:TechScience Publications
摘要:The aim of this paper is to study the management of Information Technology (IT) security in Kenyan Small and Medium Enterprises (SMEs). Particularly, this study looks at whether SMEs have a designated employee in charge of IT security, whether SMEs seek external expertise about IT security where it is not internally available and if employees are aware that IT security incidents should be reported to management immediately. Further, the study finds out whether SMEs have a formal disciplinary process for employees who violate the company’s IT security policies and processes and if their IT security measures have been reviewed within the last year. There is evidence from the survey to suggest that Kenyan SMEs do not have in place proper IT security management practices. The survey reveals that SMEs need to put in place good management and disciplinary measures if they are to realize the benefits of IT security. This is one of the first studies to explore IT security issues in Kenyan SMEs. This survey is likely to assist SME stakeholders gauge the effectiveness of their IT security management structures.
