Please use this identifier to cite or link to this item: http://ir.gzu.ac.zw:8080/xmlui/handle/123456789/438
Title: Adequacy of Information Security Programs in Small to Medium Enterprises in Zimbabwe
Authors: Mawere, Gloria Evergrace
Chindoza, Kudakwashe
Marima, Ivy Jean
Winji, Lucia
Mutero, Trust
Keywords: Governance
Information Security
Information Security Programme,
Key Performance Indicators
Small and Medium Enterprises
Issue Date: 2021
Publisher: Research Journal of Economic and Management Studies (RJEMS)
Series/Report no.: Vol.1;No.2
Abstract: Information technology plays a pivotal role in today’s businesses and in as much as it brings about benefits to the business there are many risks associated with its use that also need to be addressed. In as much as we use information systems for our benefit, there are many risks associated with its use hence organisations no matter the size should have information security programs in waiting in case risks emanate from the use of technology. The aim of the study was to evaluate the adequacy of information security programs available in small to medium enterprises in Zimbabwe making use of key performance indicators for security governance as basis for measurement. A case study was done using a qualitative research approach. Non-random purposive convenient sampling technique was used to produce a sample of 5 small to medium enterprises in Gweru was used for data gathering. Interviews were done with 5 top management members and questionnaires were administered to 5 security administration/IT involved employees. Literature data was also used. The study found out that based on information security governance KPIs the security programs of the small to medium enterprises are inadequate and loaded with poor practices. Organisations are recommended to look at the constructs of the four generic KPIs strategy, risk, posture and compliance so as to come up with a sound security program for these strategic indicators are a prerequisite to presenting the state of and changes in the security program. Findings from this study contribute knowledge to the information security governance area of study by presenting simple and practical methods to evaluate information security programs allowing management to make plans and strides towards managing cyber risks in a world where information technology has become both a tool and a target. This research can also be used in coming up with an information security governance measurement framework that can be used by small and medium enterprises. This proposed framework will provide a roadmap for decision making and assist small and medium enterprises to give due attention to activities pertaining to security so that a secure computing environment can be attained.
URI: http://ir.gzu.ac.zw:8080/xmlui/handle/123456789/438
ISSN: 2789-6803
Appears in Collections:Volume 1, Number 2, 2021

Files in This Item:
File Description SizeFormat 
Adequacy of Information Security Programs in Small to Medium Enterprises in Zimbabwe.pdf857.51 kBAdobe PDFView/Open


Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.