The ICT initiatives and ICT use are on the rise across the global including the education sector in Tanzania. Departments, agencies, authorities, and ministries responsible for education in Tanzania have deployed information systems for delivering e-services. The focus is on ICT use in which security concern has not been fully put into consideration. Information systems (IS) are being deployed without incorporating fully security requirements during systems development lifecycle (SDLC). This result in deployed IS to be insecure. The study adopted mixed research methods, quantitative and qualitative. The study assessed and identified appropriate security requirements (security measures and security controls) for ensuring security goals (confidentiality, integrity and availability) of information in IS. It employed ISO/IEC 21827: Systems Security Engineering- Capability Maturity Model (SSE-CMM) to assess the security maturity in IS, a case study of the education sector in Tanzania. It established the security status quo research gap for improvement and developed a multi-layered security framework for enhancing the security of IS. The study used field experiments in the education sector and employed cryptographic algorithm-based techniques to validate the developed framework. The framework was further evaluated for its performance, perceived ease of use and perceived usefulness in improving the security of IS. The developed multi-layered security framework can be employed in a real-world environment to enhance the security of IS. The proposed solution can be extended to other sectors with similar security requirements.