GZU Institutional Repository

Adequacy of Information Security Programs in Small to Medium Enterprises in Zimbabwe

Show simple item record

dc.contributor.author Mawere, Gloria Evergrace
dc.contributor.author Chindoza, Kudakwashe
dc.contributor.author Marima, Ivy Jean
dc.contributor.author Winji, Lucia
dc.contributor.author Mutero, Trust
dc.date.accessioned 2021-10-21T11:06:21Z
dc.date.available 2021-10-21T11:06:21Z
dc.date.issued 2021
dc.identifier.issn 2789-6803
dc.identifier.uri http://ir.gzu.ac.zw:8080/xmlui/handle/123456789/438
dc.description.abstract Information technology plays a pivotal role in today’s businesses and in as much as it brings about benefits to the business there are many risks associated with its use that also need to be addressed. In as much as we use information systems for our benefit, there are many risks associated with its use hence organisations no matter the size should have information security programs in waiting in case risks emanate from the use of technology. The aim of the study was to evaluate the adequacy of information security programs available in small to medium enterprises in Zimbabwe making use of key performance indicators for security governance as basis for measurement. A case study was done using a qualitative research approach. Non-random purposive convenient sampling technique was used to produce a sample of 5 small to medium enterprises in Gweru was used for data gathering. Interviews were done with 5 top management members and questionnaires were administered to 5 security administration/IT involved employees. Literature data was also used. The study found out that based on information security governance KPIs the security programs of the small to medium enterprises are inadequate and loaded with poor practices. Organisations are recommended to look at the constructs of the four generic KPIs strategy, risk, posture and compliance so as to come up with a sound security program for these strategic indicators are a prerequisite to presenting the state of and changes in the security program. Findings from this study contribute knowledge to the information security governance area of study by presenting simple and practical methods to evaluate information security programs allowing management to make plans and strides towards managing cyber risks in a world where information technology has become both a tool and a target. This research can also be used in coming up with an information security governance measurement framework that can be used by small and medium enterprises. This proposed framework will provide a roadmap for decision making and assist small and medium enterprises to give due attention to activities pertaining to security so that a secure computing environment can be attained. en_US
dc.publisher Research Journal of Economic and Management Studies (RJEMS) en_US
dc.relation.ispartofseries Vol.1;No.2
dc.subject Governance en_US
dc.subject Information Security en_US
dc.subject Information Security Programme, en_US
dc.subject Key Performance Indicators en_US
dc.subject Small and Medium Enterprises en_US
dc.title Adequacy of Information Security Programs in Small to Medium Enterprises in Zimbabwe en_US
dc.type Article en_US


Files in this item

This item appears in the following Collection(s)

Show simple item record

Search GSpace


Advanced Search

Browse

My Account