Information Security Services Outsourcing on Security Culture Development Among Commercial State Corporations in Kenya

Abstract

Purpose: The primary objective of this study was to determine the effect of outsourcing information security services on the development of security culture among commercial state corporations in Kenya.

Material/methods: The study was anchored on the Protection Motivation Theory and employed a cross-sectional research design. The target population consisted of 108 heads of security, finance, procurement, and information and communication technology (ICT) departments from 27 commercial state corporations. A census technique was used, and data were collected through both open-ended and close-ended questionnaires. The dependability of the research tool was evaluated using the Cronbach alpha coefficient. Data analysis involved descriptive statistics (means and standard deviations) and inferential statistics, including Pearson correlation and multiple regression analysis.

Findings: The findings revealed that outsourcing information security services had a positive and significant effect on the development of a security culture among commercial state corporations in Kenya.

Conclusion: The study concluded that outsourcing information security services not only contributes to the development of a robust security culture but also addresses challenges related to accountability, risk assessment, and confidentiality. The use of access control models and the effective tools employed by security firms were found to effectively mitigate the risks associated with outsourcing.

Value: The study recommended that commercial state corporations in Kenya should continue to harness the benefits of outsourcing information security services while prioritizing provider selection and risk assessment. This approach ensures that they can maintain a strong security culture and effectively manage associated risks.