dc.description.abstract | Information security is subjective and contextual therefore, every organizations approach to a
security strategy should be different and customized accordingly, because each organization has
its own threats risks and business drivers.
Threats to organizational Information and Information Systems are increasing in occurrence and
in complexity and this emphasizes the need to have control frameworks in place to prevent ecorruption and to better protect information.
To improve governance of IT and comply with regulatory standards, institutions are using best
practice control frameworks. One of these frameworks is COBIT (Control Objectives for
information and related Technology).
COBIT provides guidance on what is to be done within a Technology reliant institution in terms
of control, activities, measures and documentation. This framework is however generic and
requires specific knowledge.
The ISO/IEC 27001 –an information security management framework – was also a studied, but it
too like its counterpart, the COBIT, fell short as it was also generic.
A COGIT (Common Objectives for Government and Information Technology) framework
developed by David Gisora, 2012 which was a derivative of the COBIT model proposed security
measures based on eight processes and thirty activities. It covers broad areas of IT governance
which are included in the four domains as per the COBIT framework. This framework was specific
to government initiatives but it lacked an essential component: internal benchmarks as a process.
The research methodology that was adopted was an exploratory study. The population of interest
was parastatals in the following ministries: Ministry of Health, Education, Finance, Justice and
constitutional affairs, information and communication.
Purposive sampling was used with targeted interviews to ICT officers who are custodians of
information systems in the different ministries. Data was analyzed by use of descriptive statistics
such as percentages, bar charts, frequency distribution tables.
The research established that the ministries faced a number of challenges in relation to
implementing information security for controlling e-corruption. There seems to be no coordination
between ministry staff and IT staff on the role and importance of information.
The Key recommendations included the need for management to fully understand that e-corruption
control needs to be prioritized and that benchmarks, policies and regulations need to be aligned
with the associated risks involved. An implementation e-corruption control framework was
developed and was recommended for use to the government. | en_US |