The Role of Information Security Management System in Promoting African Development: a Case Study of Kenya

Abstract

The world has over the recent past witnessed numerous cases of unauthorized access to official information. The realities of globalization coupled with the dynamic nature of the 21st century have significantly contributed to this state of affairs thereby making information security an issue of global concern. In this regard, implementation of the Information Security Management System (ISMS) has been highlighted as one possible way through which organizations can secure their information assets. The question, however, is what are the key success factors of ISMS and where does Kenya in particular and Africa in general stand as far as ISMS is concerned? To this end, this study sought to examine key issues and factors influencing implementation of effective ISMS amongst African public sector institutions. It also sought to review Kenya‟s institutional and policy framework on information security. Lastly, it sought to assess the extent and effect of application of ISMS principles in the Kenya public sector policy environment. In undertaking the study, both primary and secondary sources of data were accessed. Primary data was obtained through observation and key informant interviews with relevant Government officials in respect of the research area. Secondary data was, on the other hand, collected through content analysis of government records, journals, reports and books. The data was thereafter consolidated based on the various ISMS themes.The systems theory of management informed the study from the standpoint that ISMS is a sub-system that contributes to the effective operation of the organizational system through, inter alia, control and protection of information assets. Study findings revealed that ISMS is a business approach to the overall management of an organization that accentuates analysis of security requirements for each information resource and application of appropriate controls to guarantee protection of these assets. The study also established that successful implementation of the system requires commitment from the uppermost level of an organization. Further, it established that there are numerous benefits associated with ISMS and that the system contributes towards the realization of a proficient public sector amongst African states and ultimately national development. Finally, the study established that the Kenyan Government has been pursuing implementation of the principles of ISMS in the public sector through a number of statutes, policies and guidelines and that there exists an elaborate institutional arrangement on information, communication and technology. To ensure effective implementation of government guidelines on ISMS, it is recommended that the Kenya ICT Authority develops an appropriate monitoring and evaluation mechanism to guide in assessing performance of Ministries Departments and Agencies (MDAs). It is also recommended that all MDAs should invest in awareness creation of staff on information security and secure top management commitment on ISMS. Finally the MDAs should prioritize ISMS within their respective strategic planning structures.