Proposed Information Security Framework for Organizational Culture in Institutions of Higher Learning, Kenya

Abstract

Information security policies are essential for the safety of Information Systems because they serve as a blueprint for the success of all information systems. The weakest link in information security is human activity, often known as human culture. Despite organizations' focusing on technology in information security, there are still concerns of poor information security management in higher learning institutions. The objective of this paper is to propose a framework to support organization culture incorporation into information security management. Research findings suggest that organizations majorly depend on technology and ignore the human component in formulating policies. With organizations depending majorly on technology in securing information systems, it is my recommendation that attention should now be focused on incorporating the human dimension with social cultural human centric approach in the overall framework for information security and start viewing the user as an asset instead of perceiving the user as a security threat.