| dc.description.abstract | The value of information goes beyond the written words and numbers: knowledge,
concepts, ideas and brands are examples of intangible forms of information. Information
security is achieved by implementing a suitable set of controls, including policies,
processes, procedures, organizational structures, software and hardware functions. Security
is about managing risk, and risk management covers opportunity and threat. The objectives
of this study were: to establish drivers of the information security strategy implementation
in KenGen and to establish the challenges in information security strategy implementation
in KenGen. The research was conducted through a case study. Primary data was collected
for the study using the interview method. The focus was on top management who are the
key people involved in strategic decisions. The content analysis technique was used to
analyze the data. The study concludes that there were several drivers for the
implementation of ISM strategy at KenGen. Key among these are: Business continuity
where through ISM strategy organizational competencies were developed and preserved for
the better performance of the Company. Information Security Management(ISM) needed to
be part of the organization strategy in protecting company information, reports and general
information. The need to protect information to support business and strategy. Information
Commercial purpose to competing organizations. ISM strategy implementation faced
several challenges including: lack of user awareness as KenGen staff did not understand
what information security was all about and their role concerning the same. Lack of priority
on ISM among employees. Employees were less willing to adopt and practice ISM because
they felt comfortable in their then situations prior to the introduction of ISM strategy. The
study further concludes that Several Strategies were adopted by KenGen to overcome the
Challenges faced during implementation of ISM. The Company adopted a user awareness
strategy using top down approach. There was better planning and restructuring in the
organization where ISM function was moved to the right place in the organization. This
study recommends that a thorough evaluation be conducted to establish the extent to which
each of the drivers has been met. This study also recommends that the Company
incorporates all staff in strategy formulation as the formulation of ISM strategies seems to
have excluded some employees leading to greater resistance during implementation. The
study further recommends that employees be trained on the importance of ISM strategy and
how it affects the competitiveness of the Company. This will promote the level of
adherence and observation of the policy. | en_US |
