An E-Corruption Control Framework For The Kenya Public Sector

Abstract

Information security is subjective and contextual therefore, every organizations approach to a security strategy should be different and customized accordingly, because each organization has its own threats risks and business drivers. Threats to organizational Information and Information Systems are increasing in occurrence and in complexity and this emphasizes the need to have control frameworks in place to prevent ecorruption and to better protect information. To improve governance of IT and comply with regulatory standards, institutions are using best practice control frameworks. One of these frameworks is COBIT (Control Objectives for information and related Technology). COBIT provides guidance on what is to be done within a Technology reliant institution in terms of control, activities, measures and documentation. This framework is however generic and requires specific knowledge. The ISO/IEC 27001 –an information security management framework – was also a studied, but it too like its counterpart, the COBIT, fell short as it was also generic. A COGIT (Common Objectives for Government and Information Technology) framework developed by David Gisora, 2012 which was a derivative of the COBIT model proposed security measures based on eight processes and thirty activities. It covers broad areas of IT governance which are included in the four domains as per the COBIT framework. This framework was specific to government initiatives but it lacked an essential component: internal benchmarks as a process. The research methodology that was adopted was an exploratory study. The population of interest was parastatals in the following ministries: Ministry of Health, Education, Finance, Justice and constitutional affairs, information and communication. Purposive sampling was used with targeted interviews to ICT officers who are custodians of information systems in the different ministries. Data was analyzed by use of descriptive statistics such as percentages, bar charts, frequency distribution tables. The research established that the ministries faced a number of challenges in relation to implementing information security for controlling e-corruption. There seems to be no coordination between ministry staff and IT staff on the role and importance of information. The Key recommendations included the need for management to fully understand that e-corruption control needs to be prioritized and that benchmarks, policies and regulations need to be aligned with the associated risks involved. An implementation e-corruption control framework was developed and was recommended for use to the government.