JKUAT Abstracts of PostGraduate Thesis

Information Technology (IT) security is an issue which cannot be wished away by organizations and particularly Small and Medium Enterprises (SMEs). SMEs should embrace IT security in order to realize the benefits of IT without compromising the IT security status. Much like any other business asset, information is an asset that needs to be strategically managed and protected. It is therefore imperative that SMEs understand the value of information contained within their business systems and have a framework for assessing and implementing IT security. To address challenges faced by SMEs especially in Kenya, this research establishes an Information Technology (IT) framework that can allow Kenyan SMEs implement cost effective security measures.Particularly this work considers IT security requirements and appropriate metrics. There is evidence from the research to suggest that despite having some IT security measures in place, Kenyan SMEs still face some serious IT security challenges. In the light of the challenges faced by Kenyan SMEs, this work recommends a framework which is supposed among other things provide some metrics of evaluating the effectiveness of implemented security measures. The framework is likely to assist SME stakeholders measure the effectiveness of their security enhancing mechanisms.