dc.description.abstract | The growing adoption of e-governance systems in Kenya’s public sector is a testimony
to its critical role as an effective tool for public service delivery. However, providing the
public with information and services through e-governance systems, poses profound
threats to security of information and citizens’ trust in the ability of e -governance
systems to secure their valued information. The main purpose of the study was to
develop a model that can be used by governments to determine their preparedness level
in protecting e-governance systems against information security threats. The objectives
of the study were; to determine fundamental information security control measures that
can be used in the development of the model, to develop the model, to implement and
evaluate the model for determining organization information security preparedness level.
The model utilizes a web-based platform containing specific information security
indicators against which different departments dealing with information security can
assess their capability to defend e-governance systems. The study adopted design science
research and rapid prototyping methodology to develop and implement the model. The
research target population were selected based on their knowledge, experience and roles
in e-governance. The study adopted cluster and simple random sampling methods.
Simple random sampling method was used to identify respondents in each cluster. To
evaluate the model, a goal-based approach was used and validity test was conducted. The
study established that while the government has invested heavily in technical information
security measures, it has however failed to evaluate and perform a routine review of its
information security practices. This research contributes to existing knowledge on egovernance
security
by
providing
a
method
by
which
governments
can
use
to
assess
their
information
security practices. The model is recommended for use by key information
security personnel in Kenya’s county governments to assess their information security
preparedness and hence work towards improving their organizational information
security practices. | en_US |