A Methodology for Adoption of an Enterprise Information Security Architecture Model: A Case Study of Major Companies in the Oil and Gas Industry in Kenya.
Abstract
The purpose of this study is to investigate the adoption and assimilation of Enterprise
Information Security Architecture (EISA) as an administrative innovation within the Oil and
Gas Industry in Kenya. EISA is a subset of Enterprise Architecture (EA), focusing on
information security in the enterprise. Several EISA frameworks have been developed and
have gained acceptance, particularly in the developed world. However, their adoption rate in
Kenya remains undocumented, despite Kenya's relatively well developed ICT infrastructure
as compared to other countries within the East African Region. In Kenya, the context in
which this study takes place, no literature exists on adoption and assimilation of EISA either
as an administrative innovation or technological innovation. Studies show that information
security managers, including those in Kenya, have been searching for rationalized security
practices to manage risks, preserve the confidentiality, integrity and availability of
information and ensure business continuity in their organizations. This is a natural response
to the increasing external threats and potential leakage of information. Such efforts can be
viewed. conceptually. as a form of administrative innovation as it triggers organizational
change. Technological innovation focuses on developments in security technologies whereas
EISA fits with the philosophy of administrative innovation. If security were to be treated as a
technological innovation, research into adoption and assimilation of EISA would inevitably
regarded incorrectly as part of lCT security. This study used administrative adoption models
and hypotheses to test the factors that influence the assimilation and adoption of EISA
frameworks in Kenya. The results indicate that supervisory authority can playa significant
role in stimulating and enforcing the adoption and assimilation of information security
architecture as a management practice. This can offer some encouraging evidence for
regulators to evaluate the effectiveness of rules and regulations in the area of Information
security architecture.
Citation
Master of Science in Information SystemsSponsorhip
University of NairobiPublisher
University of Nairobi School of Computing and Informatics
Subject
MethodologyAdoption
Enterprise Information Security Architecture Model
Case Study
Major Companies
Oil and Gas Industry
Kenya