• Login
    View Item 
    •   SU+ Home
    • Research and Publications
    • Faculty of Information Technology (FIT)
    • FIT Projects, Theses and Dissertations
    • MSIT Theses and Dissertations
    • MSIT Theses and Dissertations (2012)
    • View Item
    •   SU+ Home
    • Research and Publications
    • Faculty of Information Technology (FIT)
    • FIT Projects, Theses and Dissertations
    • MSIT Theses and Dissertations
    • MSIT Theses and Dissertations (2012)
    • View Item
    JavaScript is disabled for your browser. Some features of this site may not work without it.

    Mitigating information security vulnerabilities in public institutions : case study of teachers service commission (TSC)

    Thumbnail
    Author
    Kimwemwe, Emma Ngute
    Metadata
    Show full item record
    Abstract
    While Information security is a major concern in the private sector, many public institutions have not given it equal attention. However, the Government has taken keen measures on embracing ICT, but the concentration has been on the productivity and efficiency leaving the systems vulnerable to various attacks. This research was intended to find out information security vulnerabilities in public institutions that are likely to be exploited to cause harm to Information systems. The security controls existing were evaluated to find out their efficiency, effectiveness and applicability. Different types of information security risks were researched with an aim of classifying them to risk levels accordingly. The study sought to find out how information systems are monitored in Teachers Service Commission (TSC) as a case study of public institutions. The research documented information systems, threats and associated risks with a view of proposing interventions to minimize impacts of risks. The research was done using action research to study the system and concurrently to collaborate with members of the system who helped come up with the framework. It focused on observation and structured interviews in gathering information about the present existing condition. Secondary data was also gathered from TSC in the form of documentation analysis and from literature review. The study presents a framework for mitigating information systems security in public organizations which describes the steps to manage systems vulnerabilities as part of dealing with information systems risks. The framework includes system identification to provide an overview and basic understanding of the system and its interconnections. Additionally, the framework includes scanning system threats and vulnerabilities, and the resulting risks levels and the management of the vulnerabilties which contains recommended safeguards to reduce the system’s risk exposure to an acceptable risk level once the recommended safeguards are implemented. Monitoring and of review of vulnerabilities should be carried out to evaluate the information systems in response to new vulnerabilities and technologies. While the study appreciates that no system can be made absolutely secure, the results led the researcher to conclude that defining information systems enables organizations to implement proper security measures on them. Mitigating system vulnerabilities helps organizations to decrease possible damage and loss due to Information Systems security attacks.This framework is therefore recommended for use in public institutions for safeguarding information systems.
    URI
    http://hdl.handle.net/11071/3391
    Collections
    • MSIT Theses and Dissertations (2012) [24]

    DSpace software copyright © 2002-2013  Duraspace
    Contact Us | Send Feedback
    Theme by 
    @mire NV
     

     

    Browse

    All of SU+Communities & CollectionsBy Issue DateAuthorsTitlesSubjectsThis CollectionBy Issue DateAuthorsTitlesSubjects

    My Account

    Login

    Statistics

    View Google Analytics Statistics

    DSpace software copyright © 2002-2013  Duraspace
    Contact Us | Send Feedback
    Theme by 
    @mire NV