Information Systems Security Policy Framework for enhanced ICT Governance in Public Institutions of Tanzania
DOI:
https://doi.org/10.59645/tji.v2i1.91Keywords:
ICT Policy, Information System Security, Policy framework, Tanzania, Higher learning institutionsAbstract
This study developed an Information Systems Security Policy Framework relevant in governing Information and Communication Technologies (ICT) in public institutions of Tanzania. It used higher learning institutions as the case for study, The framework
is to guide professionals on how to secure ICT environment. Operationally, this study used a qualitative approach. It began with a review of the literature, followed by a focus group discussion to formulate new themes for the proposed Information System Security policy framework. The output of the study suggests a policy framework with the following themes: Data and information handling, Internet and network Services Governance, the use of company-owned devices, physical security, guidelines on how
to acquire new hardware and software, incident handling and reporting, monitoring and compliance, and policy administration. This study recommends the use of a new comprehensive and harmonised Information Systems Security policy framework for
all public higher education institutions, for a more secure environment. In addition, the study recommends additional studies including other types of organisations for comparison.
References
Abbasi, A., A. S.-N., Jalili, M., & Choi, S.-M. (2018). Enhancing Response Coordination Through the Assessment of Response Network Structural Dynamics. PLOS ONE, 1-17.
Adler, D., & Grossman, K. L. (2001). Establishing a Computer Incidence Reporting Plan. Auerbatch Publications.
Aiafi, P. R. (2017). The Nature of Public Policy Processes in the Pacific Islands. Asia and Pacific Policy Studies, 4(3), 451-466.
Alexei, A. (2021). Network Security Threats to Higher Education Institutions. Central and Eastern European e|Dem and e|Gov Days 2021 (pp. 321-333). Budapest, Hungary: Technical University of Moldova.
Ali, R., & Zafar, H. (2018). A Security and Privacy Framework for e-Learning. International Journal for e-Learning Security, 7(2), 556-566.
Alinaghian, R., Rahman, A. A., & Ibrahim, R. (2011). Information and Communication Technology (ICT) Policy; Significances, Challenges, Issues and Future Research Framework. Australian Journal of Basic and Applied Sciences, 5(12), 963-969.
Almazán, D. A., Tovar, Y. S., & Quintero, J. M. (2017). Influence of Information Systems on Organizational Results. ScienceDirect, 62, 321-338.
Alqahtani, F. H. (2017). Developing an Information Security Policy: A Case Study Approach. Procedia Computer Science, 124(1), 691-697.
Alsaleh, M., Alomar, N., & Alarifi, A. (2017). Smartphone Users: Understanding How Security Mechanisms are Perceived and New Persuasive Methods. PLOS ONE, 1-35.
Apuke, O. D., & Iyendo, T. O. (2018, 12 4). US National Library of Medicine. Retrieved from NCBI: https://www.ncbi.nlm.nih.gov/pmc/articles/PMC6299120/
Asgary, A. (2016). Business Continuity and Disaster Risk Management in Business Education: Case of York University. AD-minister, 1, 49-72.
Balčiūnė, L., Ramanauskaitė, S., & Cenys, A. (2019). Information Security Management Framework Suitability Estimation for Small and Medium 64 Enterprise. Technological and Economic Development of Economy, 25(5), 1-19.
Botezatu, B. (2019). New Cyberattack Tactics Against Businesses Require Advanced Network Defenses. Illinois: Security Magazine.
Broadhurst, R. G., Skinner, K., Sifniotis, N., Matamoros-Macias, B., & Ipsen, Y. (2018). Phishing and Cybercrime Risks in a University Student Community. SSRN Electronic Journal, 1-28.
Brodin, M., Rose, J., & Åhlfeldt, R.-M. (2015). Management Issues For Bring Your Own Device . European, Mediterranean & Middle Eastern Conference on Information Systems (pp. 1-12). Athens: (EMCIS2015.
Bruijn, H., & Janssen, M. (2017). Building Cybersecurity Awareness: The Need for Evidence-Based Traming Strategies. Government Information Quarterly, 34(1), 1-7.
Cannoy, S., Prashant C. Palvia, & Schilhavy, R. (2006). A Research Framework for Information Systems Security. Journal of Information Privacy & Security, 1(1), 1-17.
Charoen, D. (2014). Password Security. International Journal of Security (IJS), 8(1).
Chen, Y., & He, W. (2013). Security Risks and Protection in Online Learning: A Survey. International Review of Research in Open and Distance Learning, 11(5), 108-127.
Chowdhury, I. A. (2015). Issues of Quality in a Qualitative Research: An Overview. Innovative Issues and Approaches in Social Sciences, 8(1), 142-162.
Dar, W. M. (2016). Cyber Security Challenges on Academic Institution and Need for Security Framework toward Institutions Sustainability Growth . Advances in Computational Research , 159-183.
Dawson, M. (2018). Applying a Holistic Cybersecurity Framework for Global IT Organizations. Business Information Review, 35(2), 60-67.
Dey, D., Lahiri, A., & Zhang, G. (2015). Optimal Policies for Security Patch Management. Informs Journal of Computing, 1-11.
Fouad, N. S. (2021). Securing higher education against cyberthreats: from an institutional risk to a national policy challenge. Journal of Cyber Policy, 6(2), 137-154.
French, A. M., Guo, C., & Shim, J. (2014). Current Status, Issues, and Future of Bring Your Own Device (BYOD). Communications of the Association for Information Systems, 191-197.
Galinec, D., Možnik, D., & Guberina, B. (2017). Cybersecurity and Cyber Defence: National Level Strategic Approach. Automatica, 58(3).
Guma, A., Mbabazi, P., Lawrence, N., & Andogah, G. (2017). Use of Mobile Devices by Students to Support Learning in Universities: A Case of MUNI University. International Journal of Research in Engineering & Technology, 69-80.
Hazut, N. (2019). Top Challenges When Securing Cloud Services Today. Illinois: Security Magazine.
Hina, S., & Dominic, P. D. (2018). Information Security Policies’ Compliance: a Perspective for Higher Education Institutions. Journal of Computer Information Systems, 1-11.
International Standard Organisation. (2018). ISO 27000 Standards. Geniva: ISO. Järveläinen, J. (2012). Information Security and Business Continuity Management in Interorganizational IT Relationships. Information Management & Computer Security, 20(5), 332-349.
Jr, C. D. (2017). Changes in Free and Open Source Software Licenses: Managerial Interventions and Variations on Project Attractiveness. 8(11), 1-12.
Jum, K. S., Raihan, D. M., & Clement, D. C. (2016). Role of ICT in Higher Educational Administration in Uganda. World Journal of Educational Research, 3(1), 1-10.
Kahyaoglu, S. B., & Caliyurt, K. T. (2018). Cyber Security Assurance Process From the Internal Audit Perspective. Managerial Auditing Journal, 33(1).
Korhonen, J. J., Hiekkanen, K., & Mykkänen, J. (2012). Strategic and Practical Approaches for Information Security Governance: Technologies and Applied Solutions. IGI Global.
Krishnaveni, D., & Meenakumari, J. (2010). Sage of ICT for Information Administration in Higher Education Institutions – A study. - International Journal of Environmental Science and Development, 282-286.
Kundy, E. D., & Lyimo, B. J. (2019). Cyber Security Threats in Higher Learning Institutions in Tanzania A Case Study of University of Arusha and Tumaini University Makumira. Olva Academy – School of Researchers, 2(3), 1-37.
Lafti, M. J., & MacDonald, J. L. (2019). Monitoring Threat Actors. SYDNEY: Australia Cyber Security Magazine.
Lewis, J. (2018). Economic Impact of Cybercrimes-No Slowing Down. Santa ClaraCA: McAFee. Retrieved August 6, 2018, from
https://www.mcafee.com/enterprise/en-us/assets/reports/restricted/economicimpact-cybercrime.pdf
Lubua, E. W., & Pretorius, P. D. (2019). Cyber-security Policy Framework and Procedural Compliance in Public Organisations. Proceedings of the International Conference on Industrial Engineering and Operations Management (pp. 1-12). Pilsen, Czech Republic: Proceedings of the International Conference on Industrial Engineering and Operations Management.
Lubua, E. W., Semlambo, A. A., & Pritorius, P. D. (2017). Factors Affecting the Use of Social Media in Learning Process. South Africa Journal of Information Management, 1-7.
Lundgren, B., & Möller, N. (2017). Defining Information Security. Science and Engineering Ethics, 25(3), 1-8.
Maple, C. (2017). Security and Privacy in the Internet of Things. Journal of Cyber Policy, 2(2), 155-184.
McDermott, Y. (2017). Conceptualising the Right to Data Protection in an Era of Big Data. Big Data & Society, 4(1).
Mitra, T., & Gilbert, E. (2012). Have You Heard?: How Gossip Flows Through Workplace Email. Proceedings of the Sixth International AAAI Conference on Weblogs and Social Media (pp. 242-249). Dublin, Ireland, Spain: The AAAI Press,.
Moran, J. (2018). The 5 Components Of A Successful Incident Response Program. ITSP Magazine.
Morgan, H. (2021). Conducting a Qualitative Document Analysis. The Qualitative Report, 27(1), 64-77.
Moses, S., & Rowe, D. C. (2016). Physical Security and Cybersecurity: Reducing Risk by Enhancing Physical Security Posture through Multi-Factor Authentication and other Techniques . International Journal for Information Security Research (IJISR), 667-676.
Mtebe Aron, J., & Kondoro, K. W. (2016). Using Mobile Moodle to Enhance Moodle LMS Accessibility and Usage at the University of Dar es Salaam. IST Africa. Durban, South Africa: IST Africa.
Mulenda, L., & Godfrey, M. (2018). Security Awareness and Social Media Usage in Learning Institutions in Tanzania. A Case Study of Mzumbe. Morogoro: Mzumbe University.
Nagunwa, T., & Lwoga, E. T. (2012). Developing eLearning technologies to implement competency based medical education : Experiences from Muhimbili University of Health and Allied Sciences Thomas Nagunwa Institute of Finance Management , Tanzania Edda Lwoga Muhimbii University of Health and. International Journal of Education and Development using Information and Communication Technology (IJEDICT), 8(3), 7-21.
National Institute of Technology and Standards (NIST). (2022, 11 28). Cyber Security Framework. Retrieved from NIST: https://www.nist.gov/cyberframework
Nyaranda, Z. I. (2012). Challenges and Opportunities of Technology Based Instruction in Open and Distance Learning: A Comparative Study of Tanzania and China.
Proceedings and report of the 5th UbuntuNet Alliance annual conference (pp. 130-145). Proceedings and report of the 5th UbuntuNet Alliance annual conference.
Olalere, M., Abdullah, M. T., Mahmod2, R., & Abdullah, A. (2015). A Review of Bring Your Own Device on Security Issues. SAGE Open, 1-11.
O'Leary, B. b. (2014). The Essential Guide to Doing Your Research Project. SAGE.
Olsen, B. M. (2008). The Role Of End-User Training In Technology Acceptance. Review of Business Information Systems – Second Quarter 2008, 12(2), 1-8.
Otito, G. (2013). The Reality and Challenges of E-Learning Education in Africa: The Nigeria Experience. International Journal of Humanities and Management Sciences (IJHMS), 1(3), 205-209.
Park, S. (2019). Why information security law has been ineffective in addressing security vulnerabilities: Evidence from California data breach notifications and relevant court and government records. International Review of Law and Economics, 132-145.
Patrick, H., Niekerk, B. v., & Fields, Z. (2018). Information Security Management: A South African Public Sector Perspective. Handbook of Research on Information and Cyber Security in the Fourth Industrial Revolution, 14.
Perry, R. (2019). Data Intelligence Not as Security, but as Accountability. Paris: CPO Magazine.
Pima, J. M., Odetayo, M., Iqbal, R., & Sedoyeka, E. (2016). Investigating the Available ICT Infrastructure for Collaborative Web Technologies in a Blended Learning in Tanzania: A Mixed Methods Research. The International Journal of Education and Development using Information and Communication Technology, 12(1), 37-52.
Rajaonah, B. (2017). A View of Trust and Information System Security Under the Perspective of Critical. Revue des Sciences et Technologies de l’Information -Série ISI : Ingénierie, 22(1), 109-133.
Ruzgar, N. S. (2005). A Research on the Purpose of Internet Usage and Learning Via Internet. The Turkish Online Journal of Educational Technology, 4(4), 27-32.
Sabbagh, B. A. (2019). Cybersecurity Incident Response; A Socio-Technical Approach. Kista: Stockholm University.
Sapronov, K. (2020). The Human Factor and Information Security. Kaspersky.
Security Magazine. (2019). Organizations At Risk for Data Breaches: System Vulnerabilities Increase by 92 Percent. Security Magazine.
Semlambo, Almasi, Liechuka. (2022). Perceived Usefulness and Ease of Use of Online Examination System: A Case of Institute of Accountancy Arusha. International Journal of Scientific Research and Management (IJSRM), 10(4), 851-861.
Semlambo, Leichuka & Almasi. (2022). Facilitators' Perceptions on Online Assessment in Public Higher Learning Institutions in Tanzania; A Case Study of the Institute of Accountancy Arusha (IAA). International Journal of Scientific Research and Management (IJSRM), 10(6), 34-42.
Shojaie, B. (2018). Implementation of Information Security Management Systems Based on the ISO/IEC 27001 Standard in Different Culture. Hamburg: Universitat Hamburg.
Solms, R. v., & Niekerk, J. v. (2013). From Information Security to Cyber Security. Sciencedirect, 97-102.
Sun, Y., Zhang, J., Xiong, Y., & Zhu, G. (2018). Data Security and Privacy in Cloud Computing. International Journal of Distributed Sensor Networks, 1-9.
Tanzania Communication Regulatory Authority. (2022). 2022 Quarterly Statistics Reports. Dar es Salaam: Tanzania Communication Regulatory Authority.
URT. (2007). Information and Communication Technology (ICT) for basic Education. Dar es Salaam: Ministry of Education and Vocational Training (MoEVT).
URT. (2018). Quarterly Communications Statistics. Dar es Salaam: Tanzania Communication Regulatory Authority.
Valencia, A. V., & Cázares, M. d. (2016). Academic and Research Networks Management: Challenges for Higher Education Institutions in Mexico. International Journal of Educational Technology in Higher Education, 1-12.
Vorakulpipat, C., Sirapaisan, S., Rattanalerdnusorn, E., & Savangsuk, V. (2017). A Policy-Based Framework for Preserving Confidentiality in BYOD Environments: A Review of Information Security Perspectives. Security and Communication Networks, 1-11.
Yıldırım, M., & Mackie, I. (2019). Encouraging Users to Improve Password Security and Memorability. International Journal of Information Security, 18(6)
