A MODEL FOR DETERMINING INFORMATION SECURITY PREPAREDNESS LEVEL IN E-GOVERNANCE IN KENYA’S COUNTY GOVERNMENTS: CASE OF UASIN GISHU COUNTY GOVERNMENT

Abstract

The growing adoption of e-governance systems in Kenya’s public sector is a testimony to its critical role as an effective tool for public service delivery. However, providing the public with information and services through e-governance systems, poses profound threats to security of information and citizens’ trust in the ability of e -governance systems to secure their valued information. The main purpose of the study was to develop a model that can be used by governments to determine their preparedness level in protecting e-governance systems against information security threats. The objectives of the study were; to determine fundamental information security control measures that can be used in the development of the model, to develop the model, to implement and evaluate the model for determining organization information security preparedness level. The model utilizes a web-based platform containing specific information security indicators against which different departments dealing with information security can assess their capability to defend e-governance systems. The study adopted design science research and rapid prototyping methodology to develop and implement the model. The research target population were selected based on their knowledge, experience and roles in e-governance. The study adopted cluster and simple random sampling methods. Simple random sampling method was used to identify respondents in each cluster. To evaluate the model, a goal-based approach was used and validity test was conducted. The study established that while the government has invested heavily in technical information security measures, it has however failed to evaluate and perform a routine review of its information security practices. This research contributes to existing knowledge on egovernance security by providing a method by which governments can use to assess their

information

security practices. The model is recommended for use by key information security personnel in Kenya’s county governments to assess their information security preparedness and hence work towards improving their organizational information security practices.