As systems become more interconnected the vulnerability to cyber attack also increases. The increased use of information and communication technology (ICT) in developing countries and the dangers associated with interconnectivity grows equally. The lack of an established guideline for information security planning and execution in developing countries further complicates this problem. There is the need for a holistic approach to information security planning. This study will use a combination of the Value Focused Thinking methodology and the measured Delphi Method to develop a framework that can assist decision makers and stakeholders in developing countries to craft and execute their information security strategies.