A Framework to secure information and information technology assets in government a case study of ministry of education, Kenya
Date
2010
Authors
Sang, Barnabas
Journal Title
Journal ISSN
Volume Title
Publisher
Strathmore University
Abstract
Insecurity of information and Information Technology (IT) assets in public sector needs urgent attention. As observed in this study, there is no strategy to guide Ministries and Government Departments secure information and IT assets despite increasing demand to have data and information accessible online. This dissertation therefore proposes a framework that will help public institutions including Ministries and Government Departments setup comprehensive Information Technology (IT) security strategies to secure information and IT assets thus ensuring integrity and availability of information and/or services. The proposed framework is flexible and allows for continuous improvement as security requirements change due to new opportunities or challenges in the work environment. In using the Ministry of Education as a case study, the IT Security Framework was developed and tested with remarkable observation on security of information and IT assets. There is minimal disruption to online services due to impact of malicious code, better security of data and information through use of central user authentication and management, greater awareness and ownership by staff across all levels of operations. It is clear that at the beginning of this research, a high percentage (73%) of information and IT assets were exposed to risk levels between high to extreme due to various threats. After six months of framework implementation, a major reduction of information and IT assets (26%) were found to be exposed to high risks levels. The developed framework is flexible, easy to replicate and therefore, is highly recommended for use by any organization planning to secure its information and IT assets. Framework components and key strategies make an organization responsive to dynamic IT threats and risks to information and IT assets.
Description
Partial fulfillment for award of the degree of Master of Information Technology
Keywords
System Security, Data protection, Computer security, Network Security
Citation
QA76.9.A25S26 2010