An information security governance framework for the public Sector in Kenya

Abstract

One of the main assets of any institution, be it a private company or a government institution, is information. This being the case, it is imperative for every institution to institute appropriate measures to ensure security of its information. Many reasons have been cited as contributories to breaches of information security. Among this reasons, one which has become quite salient is lack of information security governance framework for institutions to follow while implementing information security measures. Therefore, lack of information security governance framework having been identified as one of the main factors that contribute to the slow progress in implementation of information security measures in institutions – including those in public sector – then the study sought to propose an information security governance framework for ensuring security of IT resources in the public sector in Kenya. In an effort to actualize the study, several objectives that were meant to guide in carrying out our research were. To determine the effectiveness with which the public sector in Kenya is currently addressing the challenge of information security, to identify security challenges facing the public sector in Kenya, to identify the members of staff responsible for information security in public institutions in Kenya and to propose a framework for adoption in the public sector in Kenya for information security governance. To achieve the said objectives, the study used survey design as the research methodology, in which information was gathered through administration of questionnaires to a sample of respondents from public institution in Kenya. The institutions were drawn from the three main categories of institutions in the public sector i.e. Central Government, Local Government and State Corporations. For data analysis, SPSS statistical software version 16.0 was utilized. During data analysis there emerged some issues worth noting. In conclusion, the study demonstrated how each of the outlined objectives of the study was achieved. Further, recommendations were given for further study especially where it was recommended that a study need to be carried out to shed more light into the fact that in most of the institutions, it is the Unit Heads who are responsible for most of information security roles.