Abstract
This study explores the status of information security culture (ISC) of small and medium-sized enterprises (SMEs) in sub-Saharan Africa (SSA) using Tanzania as a case. To assess the ISC of SMEs, measurement criteria from organizational and environmental dimensions were compiled from the literature. A combination of quantitative and qualitative methods was employed to collect data. The ISC dimensions were assessed using surveys collected using both paper and online sources, from 39 SMEs in the roundtable and five focus group discussions. The findings indicated lack of information security policy, absence of security education, training and awareness (SETA) programs, lack of human resource, poor risk assessment, and management and lack of national information security culture initiatives. These findings show the immaturity of ISC in SMEs in Tanzania. The results and implications of these findings suggest further research and intervention is necessary to institutionalize ISC in the SME environment.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
