| dc.description.abstract | Not only is Information Security Strategy crucial to protect information systems, but it is
central to organization survival. Today's organizations depend on information for their
survival. Specifically, organizations depend on the systems and controls in place that
provide for the ongoing confidentiality, integrity, and availability of their data and
information. Many organizations are ill-equipped to define their security goals, let alone
to make an explicit connection between their security goals and the strategic drivers of
the organization. Threats to organizational information and information systems are
increasing in occurrence and in complexity and this emphasizes the urgency for
organizations to learn how to better protect their information and information systems
Information security is subjective and contextual therefore, every organization‘s approach
to a security strategy should be different and customized accordingly, because each
organization has its own threats, risks, business drivers, and industry compliance
requirements .
To improve the governance of IT and comply with regulatory demands, organizations are
using best practice frameworks implement information security. One of these IT
governance frameworks is COBIT (The Control Objectives for Information and related
Technology). COBIT provides guidance on what could be done within an IT organization
in terms of controls, activities, measuring and documentation. This framework is however
generic and require specific knowledge in order to enable customization and use in a
local scenario.
The research methodology that was adopted was a case study. The population of interest
was officers in the Ministry of Youth Affairs and Sports working at the headquarters.
Random sampling was used with targeted interviews to the officers in ICT department
who are the custodians of Information systems in the ministry and the administration
which provide policy guidelines for the ministry. Data was analyzed by the use of
descriptive statistics such as frequency distribution tables, percentages, bar charts and pie
charts
top officials expressed firm commitment to implementing security in the ministry, there
seemed to be no co-ordination between ministry staff and IT staff on the role of
information which indicates a communication deficit.
The key recommendations include the need for management to fully recognize that
Information Communication Technologies are a critical asset and which should be
restricted to authorized/legal use only; Information Communication Technology is a
Business Issue – not a technology issue and need to be aligned with priorities, industryprudent
practices and government regulations, and Information Communication
Technologies are enterprise-wide business with associated risks, and therefore all staff
should be involved in securing them. An implementation framework, The Control
Objectives for Government Information Technologies (COGIT) was developed which the
researcher recommended to government ministries as a reference model to Information
security management | en |
