Information technology in medical research Linda Chelagat Lelei improving the security of medical research information. a case study of Kenya Medical Research Institute (KEMRI)

By: Contributor(s): Publication details: Nairobi, Kenya Strathmore University 2010Description: xii, 65pSubject(s): LOC classification:
  • RA858.L45 2010
Online resources:
Contents:
Table of Contents
Summary: This research describes the current status of the security of medical research information with the focus on Kenya Medical Research Institute (KEMRI) and how to improve it. Currently, there are no adequate security protection mechanisms for medical research information at the institution. The aim of this research was to design a framework that would ensure improved security of medical research information. To achieve this, the researcher had to determine and document the specific threats to the medical research information and their relative frequency of occurrence, determine the information systems security controls in place to secure the information and their relative predominance and to determine the security policies in place to govern the medical research information on storage and during transmission. Qualitative and quantitative research methods were used to collect data for the study. Research instruments employed were interviews, observations and structured questionnaires. The respondents were data analysts, lab technicians and doctors. Study results show that 75% of the threats most experienced were from viruses and worms followed by data leakage at 42.2%. The security measures in place were also inadequate, with 73% of the respondents using passwords and 68% using access restrictions. Security policies were not clearly defined, documented, distributed, or communicated to the employees and 55% were not aware of any policy. The policies were also not easily accessible. There were also no security policies to govern electronic medical research information The proposed framework, called the Comprehensive Enterprise Security Approach (CESA), consists of Security Policy, Asset Classification, Threat Classification, Controls Analysis, Implementation, Audit and Maintenance activities. When implemented, it will aid the organisation to increase user awareness through trainings, add the security measures and security policies, and protect the hardware and the information or data by preventing threats, hence increasing the security to the medical research information.
Reviews from LibraryThing.com: List(s) this item appears in: STRATHMORE THESES & DISSERTATIONS
Tags from this library: No tags from this library for this title. Log in to add tags.
Star ratings
    Average rating: 0.0 (0 votes)
Holdings
Item type Current library Collection Call number Status Date due Barcode Item holds
Thesis Thesis Strathmore University (Main Library) Special Collection Special Collection RA858.L45 2010 Not for loan 87962
Thesis Thesis Strathmore University (Main Library) Open Shelf TH RA858.L45 2010 Not for loan 75719
Total holds: 0

Partial fulfillment for award of the degree of Master of Information Technology

Table of Contents

Introduction
Literature Review
Research Methodology
Research Design, Data Collection and Validation

This research describes the current status of the security of medical research information with the focus on Kenya Medical Research Institute (KEMRI) and how to improve it. Currently, there are no adequate security protection mechanisms for medical research information at the institution.
The aim of this research was to design a framework that would ensure improved security of medical research information. To achieve this, the researcher had to determine and document the specific threats to the medical research information and their relative frequency of occurrence, determine the information systems security controls in place to secure the information and their relative predominance and to determine the security policies in place to govern the medical research information on storage and during transmission.
Qualitative and quantitative research methods were used to collect data for the study. Research instruments employed were interviews, observations and structured questionnaires. The respondents were data analysts, lab technicians and doctors.
Study results show that 75% of the threats most experienced were from viruses and worms followed by data leakage at 42.2%. The security measures in place were also inadequate, with 73% of the respondents using passwords and 68% using access restrictions. Security policies were not clearly defined, documented, distributed, or communicated to the employees and 55% were not aware of any policy. The policies were also not easily accessible. There were also no security policies to govern electronic medical research information
The proposed framework, called the Comprehensive Enterprise Security Approach (CESA), consists of Security Policy, Asset Classification, Threat Classification, Controls Analysis, Implementation, Audit and Maintenance activities. When implemented, it will aid the organisation to increase user awareness through trainings, add the security measures and security policies, and protect the hardware and the information or data by preventing threats, hence increasing the security to the medical research information.

There are no comments on this title.

to post a comment.
© Strathmore University Library Madaraka Estate Ole, Sangale Road P. O. Box 59857 00200 City Square Nairobi Kenya
Tel.: (+254) (0)703 034000/(0)703 034200/(0)703 034300 Fax.: (+254) (0)20-607498