Cyber threats and cyber security in ISO certified organizations in Kenya
View/ Open
Date
2016-10Author
Kasyuma, Mwania
Type
ThesisLanguage
enMetadata
Show full item recordAbstract
This research is about cyber threats and cyber security in ISO certified organizations
in Kenya. The research was motivated by the need to establish the cyber threats facing
the ISO certified organizations in Kenya, the cyber threat countermeasures these
organizations have implemented and how effective the implemented countermeasures
are in managing the cyber threats faced and the overall cyber security of the
organizations. ISO certified organizations in Kenya are under a lot of pressure to give
their customers quality products and services efficiently. So as to meet their
customers’ expectations on quality products and services efficiently, the ISO certified
organizations have had to rely heavily on the use of ICT systems which are networked
and connected to the internet through the national fibre network. With networked ICT
Systems, the organizations have become more vulnerable to cyber attacks. The
objectives of this research were to establish the cyber threats being faced by ISO
certified organizations in Kenya, the cyber threat countermeasures these organizations
have implemented and the effectiveness of the countermeasures implemented to
managing or counter the cyber threats and ultimately the overall cyber security. A
descriptive survey targeting ICT officers, ICT Managers, IT Managers, ICT officers,
Information security officers, chief information officers, Heads of ICT as well as ICT
Directors was carried out in 45 ISO certified organization in Kenya selected randomly
from a population of 175 ISO certified organizations. Overall 35 respondents returned
fully completed survey questionnaire resulting in a total response rate of 77.8%. The
main instrument for the survey was a questionnaire and descriptive statistics was used
for data analysis. The study found out that ISO certified organizations in Kenya face
the following cyber threats: insider threats, VOIP PBX Fraud, social media, denial of
service (DoS), botnet attacks, online and mobile banking fraud, mobile money fraud
and cyber espionage. The study findings also indicate that although most ISO certified
organizations have implemented effective cyber threat countermeasures to the cyber
threats facing them, some of the organizations have not. Some of the organizations
that have not implanted effective countermeasures lack even a cyber security policy
which is a crucial blue print guideline and source of reference for managing cyber
security.
Publisher
University of Nairobi