Information security management strategy implementation challenges at Kenya electricity generating company
The value of information goes beyond the written words and numbers: knowledge, concepts, ideas and brands are examples of intangible forms of information. Information security is achieved by implementing a suitable set of controls, including policies, processes, procedures, organizational structures, software and hardware functions. Security is about managing risk, and risk management covers opportunity and threat. The objectives of this study were: to establish drivers of the information security strategy implementation in KenGen and to establish the challenges in information security strategy implementation in KenGen. The research was conducted through a case study. Primary data was collected for the study using the interview method. The focus was on top management who are the key people involved in strategic decisions. The content analysis technique was used to analyze the data. The study concludes that there were several drivers for the implementation of ISM strategy at KenGen. Key among these are: Business continuity where through ISM strategy organizational competencies were developed and preserved for the better performance of the Company. Information Security Management(ISM) needed to be part of the organization strategy in protecting company information, reports and general information. The need to protect information to support business and strategy. Information Commercial purpose to competing organizations. ISM strategy implementation faced several challenges including: lack of user awareness as KenGen staff did not understand what information security was all about and their role concerning the same. Lack of priority on ISM among employees. Employees were less willing to adopt and practice ISM because they felt comfortable in their then situations prior to the introduction of ISM strategy. The study further concludes that Several Strategies were adopted by KenGen to overcome the Challenges faced during implementation of ISM. The Company adopted a user awareness strategy using top down approach. There was better planning and restructuring in the organization where ISM function was moved to the right place in the organization. This study recommends that a thorough evaluation be conducted to establish the extent to which each of the drivers has been met. This study also recommends that the Company incorporates all staff in strategy formulation as the formulation of ISM strategies seems to have excluded some employees leading to greater resistance during implementation. The study further recommends that employees be trained on the importance of ISM strategy and how it affects the competitiveness of the Company. This will promote the level of adherence and observation of the policy.