Mitigating information security vulnerabilities in public institutions : case study of teachers service commission (TSC)
| dc.contributor.advisor | Sevilla, Joseph | |
| dc.creator | Kimwemwe, Emma Ngute | |
| dc.date | 01/04/2012 | |
| dc.date | Wed, 4 Jan 2012 | |
| dc.date | Fri, 4 Jan 2013 10:40:58 | |
| dc.date | Fri, 4 Jan 2013 10:40:58 | |
| dc.date.accessioned | 2015-03-18T11:28:46Z | |
| dc.date.available | 2015-03-18T11:28:46Z | |
| dc.description | Partial fulfillment for award of Master of Science in Information Technology (MSIT). Full text thesis | |
| dc.description | While Information security is a major concern in the private sector, many public institutions have not given it equal attention. However, the Government has taken keen measures on embracing ICT, but the concentration has been on the productivity and efficiency leaving the systems vulnerable to various attacks. This research was intended to find out information security vulnerabilities in public institutions that are likely to be exploited to cause harm to Information systems. The security controls existing were evaluated to find out their efficiency, effectiveness and applicability. Different types of information security risks were researched with an aim of classifying them to risk levels accordingly. The study sought to find out how information systems are monitored in Teachers Service Commission (TSC) as a case study of public institutions. The research documented information systems, threats and associated risks with a view of proposing interventions to minimize impacts of risks. The research was done using action research to study the system and concurrently to collaborate with members of the system who helped come up with the framework. It focused on observation and structured interviews in gathering information about the present existing condition. Secondary data was also gathered from TSC in the form of documentation analysis and from literature review. The study presents a framework for mitigating information systems security in public organizations which describes the steps to manage systems vulnerabilities as part of dealing with information systems risks. The framework includes system identification to provide an overview and basic understanding of the system and its interconnections. Additionally, the framework includes scanning system threats and vulnerabilities, and the resulting risks levels and the management of the vulnerabilties which contains recommended safeguards to reduce the system’s risk exposure to an acceptable risk level once the recommended safeguards are implemented. Monitoring and of review of vulnerabilities should be carried out to evaluate the information systems in response to new vulnerabilities and technologies. While the study appreciates that no system can be made absolutely secure, the results led the researcher to conclude that defining information systems enables organizations to implement proper security measures on them. Mitigating system vulnerabilities helps organizations to decrease possible damage and loss due to Information Systems security attacks.This framework is therefore recommended for use in public institutions for safegurding information systems. | |
| dc.description.abstract | While Information security is a major concern in the private sector, many public institutions have not given it equal attention. However, the Government has taken keen measures on embracing ICT, but the concentration has been on the productivity and efficiency leaving the systems vulnerable to various attacks. This research was intended to find out information security vulnerabilities in public institutions that are likely to be exploited to cause harm to Information systems. The security controls existing were evaluated to find out their efficiency, effectiveness and applicability. Different types of information security risks were researched with an aim of classifying them to risk levels accordingly. The study sought to find out how information systems are monitored in Teachers Service Commission (TSC) as a case study of public institutions. The research documented information systems, threats and associated risks with a view of proposing interventions to minimize impacts of risks. The research was done using action research to study the system and concurrently to collaborate with members of the system who helped come up with the framework. It focused on observation and structured interviews in gathering information about the present existing condition. Secondary data was also gathered from TSC in the form of documentation analysis and from literature review. The study presents a framework for mitigating information systems security in public organizations which describes the steps to manage systems vulnerabilities as part of dealing with information systems risks. The framework includes system identification to provide an overview and basic understanding of the system and its interconnections. Additionally, the framework includes scanning system threats and vulnerabilities, and the resulting risks levels and the management of the vulnerabilties which contains recommended safeguards to reduce the system’s risk exposure to an acceptable risk level once the recommended safeguards are implemented. Monitoring and of review of vulnerabilities should be carried out to evaluate the information systems in response to new vulnerabilities and technologies. While the study appreciates that no system can be made absolutely secure, the results led the researcher to conclude that defining information systems enables organizations to implement proper security measures on them. Mitigating system vulnerabilities helps organizations to decrease possible damage and loss due to Information Systems security attacks.This framework is therefore recommended for use in public institutions for safeguarding information systems. | |
| dc.format | Number of Pages:xiv, 86 p. | |
| dc.identifier | QA76.9.K569 2012 | |
| dc.identifier.uri | http://hdl.handle.net/11071/3391 | |
| dc.language | eng | |
| dc.rights | By agreeing with and accepting this license, I (the author(s), copyright owner or nominated agent) agree to the conditions, as stated below, for deposit of the item (referred to as .the Work.) in the digital repository maintained by Strathmore University, or any other repository authorized for use by Strathmore University. Non-exclusive Rights Rights granted to the digital repository through this agreement are entirely non-exclusive. I understand that depositing the Work in the repository does not affect my rights to publish the Work elsewhere, either in present or future versions. I agree that Strathmore University may electronically store, copy or translate the Work to any approved medium or format for the purpose of future preservation and accessibility. Strathmore University is not under any obligation to reproduce or display the Work in the same formats or resolutions in which it was originally deposited. SU Digital Repository I understand that work deposited in the digital repository will be accessible to a wide variety of people and institutions, including automated agents and search engines via the World Wide Web. I understand that once the Work is deposited, metadata may be incorporated into public access catalogues. I agree as follows: 1.That I am the author or have the authority of the author/s to make this agreement and do hereby give Strathmore University the right to make the Work available in the way described above. 2.That I have exercised reasonable care to ensure that the Work is original, and to the best of my knowledge, does not breach any laws including those relating to defamation, libel and copyright. 3.That I have, in instances where the intellectual property of other authors or copyright holders is included in the Work, gained explicit permission for the inclusion of that material in the Work, and in the electronic form of the Work as accessed through the open access digital repository, or that I have identified that material for which adequate permission has not been obtained and which will be inaccessible via the digital repository. 4.That Strathmore University does not hold any obligation to take legal action on behalf of the Depositor, or other rights holders, in the event of a breach of intellectual property rights, or any other right, in the material deposited. 5.That if, as a result of my having knowingly or recklessly given a false statement at points 1, 2 or 3 above, the University suffers loss, I will make good that loss and indemnify Strathmore University for all action, suits, proceedings, claims, demands and costs occasioned by the University in consequence of my false statement. | |
| dc.subject | Data protection--Kenya | |
| dc.subject | Internet security | |
| dc.subject | Computer networks--Access control | |
| dc.subject | Confidential Communication--Kenya | |
| dc.subject | Computer security | |
| dc.title | Mitigating information security vulnerabilities in public institutions : case study of teachers service commission (TSC) | |
| dc.type | Thesis |