1. DSpace at Great Zimbabwe University
  2. Munhumutapa School Of Commerce
  3. Research Journal of Economic and Management Studies (RJEMS)
  4. Volume 1, Number 2, 2021
Please use this identifier to cite or link to this item: http://ir.gzu.ac.zw:8080/xmlui/handle/123456789/438
Full metadata record
DC FieldValueLanguage
dc.contributor.authorMawere, Gloria Evergrace-
dc.contributor.authorChindoza, Kudakwashe-
dc.contributor.authorMarima, Ivy Jean-
dc.contributor.authorWinji, Lucia-
dc.contributor.authorMutero, Trust-
dc.date.accessioned2021-10-21T11:06:21Z-
dc.date.available2021-10-21T11:06:21Z-
dc.date.issued2021-
dc.identifier.issn2789-6803-
dc.identifier.urihttp://ir.gzu.ac.zw:8080/xmlui/handle/123456789/438-
dc.description.abstractInformation technology plays a pivotal role in today’s businesses and in as much as it brings about benefits to the business there are many risks associated with its use that also need to be addressed. In as much as we use information systems for our benefit, there are many risks associated with its use hence organisations no matter the size should have information security programs in waiting in case risks emanate from the use of technology. The aim of the study was to evaluate the adequacy of information security programs available in small to medium enterprises in Zimbabwe making use of key performance indicators for security governance as basis for measurement. A case study was done using a qualitative research approach. Non-random purposive convenient sampling technique was used to produce a sample of 5 small to medium enterprises in Gweru was used for data gathering. Interviews were done with 5 top management members and questionnaires were administered to 5 security administration/IT involved employees. Literature data was also used. The study found out that based on information security governance KPIs the security programs of the small to medium enterprises are inadequate and loaded with poor practices. Organisations are recommended to look at the constructs of the four generic KPIs strategy, risk, posture and compliance so as to come up with a sound security program for these strategic indicators are a prerequisite to presenting the state of and changes in the security program. Findings from this study contribute knowledge to the information security governance area of study by presenting simple and practical methods to evaluate information security programs allowing management to make plans and strides towards managing cyber risks in a world where information technology has become both a tool and a target. This research can also be used in coming up with an information security governance measurement framework that can be used by small and medium enterprises. This proposed framework will provide a roadmap for decision making and assist small and medium enterprises to give due attention to activities pertaining to security so that a secure computing environment can be attained.en_US
dc.publisherResearch Journal of Economic and Management Studies (RJEMS)en_US
dc.relation.ispartofseriesVol.1;No.2-
dc.subjectGovernanceen_US
dc.subjectInformation Securityen_US
dc.subjectInformation Security Programme,en_US
dc.subjectKey Performance Indicatorsen_US
dc.subjectSmall and Medium Enterprisesen_US
dc.titleAdequacy of Information Security Programs in Small to Medium Enterprises in Zimbabween_US
dc.typeArticleen_US
Appears in Collections:Volume 1, Number 2, 2021

Files in This Item:
File Description SizeFormat 
Adequacy of Information Security Programs in Small to Medium Enterprises in Zimbabwe.pdf857.51 kBAdobe PDFView/Open
Show simple item record


Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.