A Framework to secure information and information technology assets in government a case study of ministry of education, Kenya

Abstract

Insecurity of information and Information Technology (IT) assets in public sector needs urgent attention. As observed in this study, there is no strategy to guide Ministries and Government Departments secure information and IT assets despite increasing demand to have data and information accessible online. This dissertation therefore proposes a framework that will help public institutions including Ministries and Government Departments setup comprehensive Information Technology (IT) security strategies to secure information and IT assets thus ensuring integrity and availability of information and/or services. The proposed framework is flexible and allows for continuous improvement as security requirements change due to new opportunities or challenges in the work environment. In using the Ministry of Education as a case study, the IT Security Framework was developed and tested with remarkable observation on security of information and IT assets. There is minimal disruption to online services due to impact of malicious code, better security of data and information through use of central user authentication and management, greater awareness and ownership by staff across all levels of operations. It is clear that at the beginning of this research, a high percentage (73%) of information and IT assets were exposed to risk levels between high to extreme due to various threats. After six months of framework implementation, a major reduction of information and IT assets (26%) were found to be exposed to high risks levels. The developed framework is flexible, easy to replicate and therefore, is highly recommended for use by any organization planning to secure its information and IT assets. Framework components and key strategies make an organization responsive to dynamic IT threats and risks to information and IT assets.