Information technology evolution and the spread of internet connectivity have enabled globalization which allows communication and transaction of businesses across different countries. To ensure information infrastructure protection, understanding how the organizational, individual and technical aspects all together affect the outcome in information security is important. Having the necessary skill required to be able know how to react or what action to take in the event of a security incident is key. Information security incidents occur as a result of internal employee actions. In organizations, infrastructures that are considered critical are the physical infrastructure, information facilities and networks. This study endeavors to identify the weaknesses and strengths in the current information security architects being used by banks to protect information infrastructure and propose a multi-tiered security architecture to improve the protection of the information systems for the Kenyan banking sector.