Abstract
Information Technology (IT) security is an issue which cannot be wished away by organizations and particularly Small and Medium Enterprises (SMEs). SMEs should embrace IT security in order to realize the benefits of IT without compromising the IT security status. Much like any other business asset, information is an asset that needs to be strategically managed and protected. It is therefore imperative that SMEs understand the value of information contained within their business systems and have a framework for assessing and implementing IT security. To address challenges faced by SMEs especially in Kenya, this research establishes an Information Technology (IT) framework that can allow Kenyan SMEs implement cost effective security measures. Particularly this work considers IT security requirements and appropriate metrics. There is evidence from the research to suggest that despite having some IT security measures in place, Kenyan SMEs still face some serious IT security challenges. In the light of the challenges faced by Kenyan SMEs, this work recommends a framework which is supposed among other things provide metrics of evaluating the effectiveness of implemented security measures. The framework is likely to assist SME stakeholders measure the effectiveness of their security enhancing mechanisms.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Ammann, P. E., & Black, P. E. (2001). A specification-based coverage metric to evaluate test sets. International Journal of Reliability, Quality, and Safety Engineering, 8(4), 275–300; Singapore, World Scientific Publishing.
Beznosov, K., & Beznosova, O. (2007). On the imbalance of the security problem space and its expected consequences. Information Management and Computer Security, 15(5), 420–431.
Chaula, J. A. (2006). A socio-technical analysis of information systems security assurance: A case study for effective assurance (pp. 1101–8526). Stockholm: Stockholm University, Department of Computer and Systems Sciences, Report Series/DSV No. 06-016, ISSN.
Clear, F. (2007). SMEs, electronically-mediated working and data security: Cause for concern? International Journal of Business Science and Applied Management, 2(2), 2007.
Khurana, R. (2007). Software engineering: Principles and practices. New Delhi, India: ITL Education Solutions Ltd.
Lee, J., & Lee, Y. (2002). A holistic model of computer abuse within organizations. Information Management and Computer Security, 10(2), 57–63.
Merkow, M., & Breithaupt, J. (2007). Information security-principles and practices. India: Pearson Prentice Hall.
Mitnick, K. D., & Simon, W. L. (2002). The art of deception: Controlling the human element of security. New York: Wiley.
Park, J et al. (2008). IT Security Strategies for SMEs. International Journal of Software Engineering and its Applications, 2(3), 91–98.
Pattinson, M. R., & Anderson, G. (2007). How well are information risks being communicated to your computer end-users? Information Management and Computer Security, 15(5), 362–371.
PricewaterhouseCoopers (2002), Interdepartmental committee on network and information security: Information security awareness campaign, SME Section, October 2002.
Renaud, K. (2003). Quantifying the quality of web authentication mechanisms: A usability perspective. Journal of Web Engineering, 3, 95–123.
Schneier, B. (2000). Secrets and lies: Digital security in a networked world. New York: Wiley Computer Publishing.
Sharp, J. A., & Howard, K. (1998). The management of a student research project, (2nd ed.) http://www.hlss.mmu.ac.uk/infocomms/people/staffpub/rjh.doc (12/2/2010).
Stewart, A. (2005). Information security technologies as a commodity input. Information Management and Computer Security, 13(1), 5–15.
Swanson, M., Bartol, N., Sabato, J., Hash, J., & Graffo, L. (2003). Security metrics guide for information technology systems. http://csrc.nist.gov/csspab/june13-15/sec-metrics.html (16/8/2010).
Tarimo, C. N. (2006). ICT security readiness checklist for developing countries: A social-technical approach. Stockholm: Stockholm University, Department of Computer and Systems Sciences, December 2006.
Upfold, C. T. & Sewry, D. A. (2005). An investigation of information security in small and medium enterprises (SME’s) in the Eastern Cape.
Werlinger, R et al. (2009). An integrated view of human, organizational, and technological challenges of IT security. Information Management and Computer Security, 17(1), 4–19.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer-Verlag Berlin Heidelberg
About this chapter
Cite this chapter
Kimwele, M.W. (2014). Information Technology (IT) Security in Small and Medium Enterprises (SMEs). In: Devos, J., van Landeghem, H., Deschoolmeester, D. (eds) Information Systems for Small and Medium-sized Enterprises. Progress in IS. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-38244-4_3
Download citation
DOI: https://doi.org/10.1007/978-3-642-38244-4_3
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-38243-7
Online ISBN: 978-3-642-38244-4
eBook Packages: Business and EconomicsBusiness and Management (R0)