Adoption of information systems has become a core issue in many sectors of the economy including secondary schools in education sector. These information systems have enabled the secondary schools to achieve efficiency in their daily operations; instructional, administrative and general management. However, these systems have risks associated with information security such as loss of data and reputation. Deployment of appropriate information security policies and controls is key to achieving effective information security. These are core information security determinants that may become a challenge rather than a solution for information security if not properly implemented. They enable achievement of the three core objectives of information security, confidentiality, integrity and availability (CIA). Many studies have focused on information security in organizations but do not seek to find out whether these organization have security controls and policies that achieve effective information security. This study looked at whether the secondary schools implemented information security policies and controls and their• effect in determining effective information security in secondary schools in Kisumu County. It adopted survey research design. Questionnaires were used to collect data from system information administrators and users of these systems. The collected data was analyzed using frequency tables, means, correlation and multiple linear regression analysis tools used to validate the proposed framework. The study found out that the schools had implemented mainly physical security controls on their systems and only 8 few had security policies in place. As a result, effective information security was not being achieved in these schools. The study recommended that the schools use the suggested model to help improve their information security based on standards such as ISO 27001 and ISO 27002 to develop their security policies together with the defense- in-depth security model to ensure information security in these schooIs.