@article{OGUK_2018, title={INFORMATION TECHNOLOGY SECURITY METRICS}, volume={4}, url={https://ijrdo.org/index.php/cse/article/view/2456}, DOI={10.53555/cse.v4i9.2456}, abstractNote={<p>It is a common management principle that one can only manage and improve what one can measure. Studies indicate that information technology security management could be improved if appropriate security metrics which are based on elements of information technology security are used. The objectives of this study were: to identify the major elements of information technology security, and to develop suitable information technology security metric’s model based on major elements for universities in Kenya. Methodology &nbsp;involved &nbsp;a review of secondary publications to ascertain the major information technology security. &nbsp;Ten percent of universities in Kenya were sampled for data collection. Purposive sampling was conducted for data collection using questionnaire and an interview schedule. In each sampled university, 13 operation areas related to information systems were considered, giving a total of 91 resepondents. Data was collected from the team leader of each operation area, then&nbsp; analysed using SPSS, where regression model in Tobin’s Q equation was adopted. The regression analysis helped to generate coefficients that constituted security metrics’ model and prototype. In conclusion, while the level of implementation of IT security elements was found to contribute to the metrics, information security policy was found to contributes as twice. Therefore, it is recommended that the developed IT security metrics model &nbsp;should be used together with the security policy for better information systems security management.</p&gt;}, number={9}, journal={IJRDO -Journal of Computer Science Engineering}, author={OGUK, CHARLES OCHIENG’}, year={2018}, month={Sep.}, pages={18-46} }