A Model for Assessing Information Security Preparedness Level in E-Governance in Kenya's County Governments

The purpose of the study is to discuss fundamental information security control measures that can be used to develop a model to determine organization information security preparedness level. The model utilizes a web-based platform containing specific information security indicators against which governments can assess their capability to protect egovernance systems. The study adopted design science research methodology to implement the model. The target population were selected based on their knowledge, experience and roles in e-governance. The study adopted cluster and simple random sampling methods. To evaluate the model, a goal-based approach was used. The study established that technological, environmental and organization controls measures directly contribute to organization information security and that their individual implementations level affects the security posture of an organization. The study provides a method by which governments can use to assess their information security control measures and hence work towards improving their organizational information security posture.