An information security governance framework for the public Sector in Kenya
View/ Open
Date
2012Author
Mbithi, Nicholas M
Type
ThesisLanguage
enMetadata
Show full item recordAbstract
One of the main assets of any institution, be it a private company or a government institution, is
information. This being the case, it is imperative for every institution to institute appropriate measures to
ensure security of its information. Many reasons have been cited as contributories to breaches of
information security. Among this reasons, one which has become quite salient is lack of information
security governance framework for institutions to follow while implementing information security
measures.
Therefore, lack of information security governance framework having been identified as one of the main
factors that contribute to the slow progress in implementation of information security measures in
institutions – including those in public sector – then the study sought to propose an information security
governance framework for ensuring security of IT resources in the public sector in Kenya.
In an effort to actualize the study, several objectives that were meant to guide in carrying out our research
were.
To determine the effectiveness with which the public sector in Kenya is currently addressing the
challenge of information security, to identify security challenges facing the public sector in Kenya, to
identify the members of staff responsible for information security in public institutions in Kenya and to
propose a framework for adoption in the public sector in Kenya for information security governance.
To achieve the said objectives, the study used survey design as the research methodology, in which
information was gathered through administration of questionnaires to a sample of respondents from
public institution in Kenya. The institutions were drawn from the three main categories of institutions in
the public sector i.e. Central Government, Local Government and State Corporations.
For data analysis, SPSS statistical software version 16.0 was utilized. During data analysis there emerged
some issues worth noting.
In conclusion, the study demonstrated how each of the outlined objectives of the study was achieved.
Further, recommendations were given for further study especially where it was recommended that a study
need to be carried out to shed more light into the fact that in most of the institutions, it is the Unit Heads
who are responsible for most of information security roles.
Citation
Masters of science in computer sciencePublisher
University of Nairobi School of Computing and Informatics