Determining the Factors Affecting Effective Implementation of ISO 27001:2013 Information Security Management Systems in Tana Water Services Board

Abstract

High quality information is often perceived as subjective and the quality of information can then vary among users and among uses of the information. Nevertheless, a high degree of quality increases its objectivity. In today’s technology environment, organizations depend so much on their information systems. The public is more and more concerned about the good use of information, especially personal information. The threats to data, from criminals and terrorists, are rising. Many organizations recognize information as important and thus the need for it to be protected as part of their system of inner control. Tana Water Services Board being one of the growing numbers of National Governments institutions with vast amounts of delicate data which is vulnerable to information attacks. The objectives of the study were to determine how information security policy influence implementation of ISO 27001:2013 Information Security Management Requirements in Tana Water Services Board; to establish how the level staff awareness determines the implementation of ISO/IIEC 27001:2013 Information Security Management Requirements in Tana Water Services Board and to establish how cost will influence on implementation of ISO/IIEC 27001:2013 Information Security Management Requirements in Tana Water Services Board.. The research adopted a descriptive survey design. The advantage of this research design was that it will allowed data collection using questionnaires. The study targeted the staff of Tana Water Services Board, as of January 2016, the organization had 56 employees. The researcher used a self-administered questionnaire as the data collection tool. The researcher prepared the questionnaire which had both closed and open ended questions. Descriptive statistics such as frequency distribution, percentages, mean, were used to analyze quantitative data. Qualitative data generated from questions was organized into themes, categories and patterns pertinent to the study and then analyzed by descriptive methods. The study found that the security of information at Tana water services board was high and hence data could not be lost easily. The study also found that the factor that highly affects the compliance of Tana Water services board implementation of ISO 27001:2013 is the cost of implementing information security standards. The study concluded that that during the implementation of security information systems, it is critical to ensure that user requirements are obtained to ensure that the system purchased meets the strategic goals of the organization and will fulfill the needs of the employees. The study recommended Information Security designing at the system level should take into consideration services obtained externally, planned system interconnections, and the different orientations of system users (e.g., customer service versus system administrators). The findings of this study will be useful to the management of Tana Water Services Board in identifying pitfalls in the effective implementation of ISO/IIEC 27001:2013 information security management requirements. The findings of the study may benefit other organizations wishing to get certified under ISO/IIEC 27001:2013. There is limited empirical evidence of implementation and success of implementation of ISO/IIEC 27001:2013 ISMS requirements, the findings of this study will add to the body of knowledge on the same.