A Design Model for Improving Information Security Adoption for SMEs in Uganda
Although information systems security is a popular research field in these times, SMEs in developing countries are still finding it difficult to adopt the practice and this is said to be brought about by several facilitating factors relating to technology, governance in these countries, level of education, and expertise. However, this study has identified some bottlenecks and proposed a model derived from existing models of technology adoption as an approach to improve the adoption of information security by small and medium enterprises, using the SMEs in the Greater Kampala region. The study began with a detailed and informative background description of the research topic, where the current state of information security adoption was analyzed and presented to support the problem by justifying the gap and informing the desired situation which is to improve the adoption rate for information security by SMEs. Also, existing literature has been reviewed which has predominantly focused on identifying the inputs to support the development of the model.
The study argues that to implement the model, understanding the current models and approaches should be greatly considered. To uncover specific actions that constitute logical steps within every dimension of the information security adoption process, the study follows a Design science research method to construct constituting parts of the model that had been used by several researchers in information science. The study designed a conceptual model consisting of steps and actions, and technological, organizational, and environmental factors assessments covering the whole enterprise. Other logical models inform of activity diagrams, sequence diagrams, and dataflow diagrams have been constructed and evaluated by experts on the subject matter who were purposely sampled. The results have been analyzed and the proposed model has been recommended to serve as a starting point for future research in the adoption of information security, which should focus on a detailed quantitative investigation of the cause-effect relationships and the contingency factors to validate all the propositions.
Keywords: Information systems, SMEs, and Model Designs