dc.description.abstract | The purpose of this research is to establish the information Security breaches in the
Capital Market and to find out information security practices adopted by the companies
within the Kenyan Capital Market.
An empirical survey, using a self-administered questionnaire, was conducted to achieve
this purpose. A questionnaire was sent through email to 39 companies within the Kenyan
Capital Market. A follow-up was done for any survey responses needing clarification with
phone calls.
The results of this research reveal that security is more than just a technological problem
as has been generally recognized. Insights have revealed that the human aspect of the
information security has not been given much attention and yet most of the breaches
experienced in the last four years are on people and processes.
Given the results of this research, Information security policies are the backbone of any
effective information security program. This is because they lay down the high-level
business rules for how an organization will protect its information assets and therefore
each employee needs to fully understand their information security responsibilities according to their job role.
According to Schmitt (2011), the level of information security is getting worse and the
Senior Managers and those in governance positions need to realize that humans remains
the weakest link in the information security chain. Information security approach that only
emphasizes on the remediation of individual of issues as they are highlighted like say, in
audit reports, will not be effective. Such a reactionary approach will always be playing
catch-up as compared to the more efficacious approach which allows for a forward thinking
and proactive mitigation of information security risks. | en |