Browsing by Author "Mshangi, Maduhu"

Now showing 1 - 3 of 3

Designing secure web and mobile-based information system for dissemination of students’ examination results: the suitability of soft design science methodology
(International Journal of Computing and ICT Research, 2016-12) Mshangi, Maduhu; Nfuka, Edephonce Ngemera; Sanga, Camilius
The trend of organizations offering services through integrated applications using web- and mobile- based information systems has raised security concerns on how to ensure security goals are attained. The foundation of many systems’ security problems is the lack of integrating secure aspects throughout the processes of architecture design of information systems. This problem is contributed by lack of systematic research methodology and standard security guidelines and principles in many organizations dealing with development of systems in Tanzania. In order to address the weakness of previous studies in the research design, this study employed soft design science methodology (integration of Soft Systems Methodology and Design Science Research); this enabled triangulation of research methodology to take place. The security goals for the proposed secure information system design architecture were explored and incorporated in all stages of the design of system architecture. The proposed secure architecture design of information system for dissemination of students’ examinations results can be replicated to schools, colleges or universities in developing countries. The study contributes to body of knowledge by developing secure information systems architecture using a system thinking engineering approach (Soft System Methodology) compounded by Design Science Research principles. The application of the system engineering approach and design principles resulted to a new strategy, secure software development life cycle (secure-SDLC), in solving real world problematic situation and filling the identified research gap in terms of knowledge in the field of information systems’ security research.
An innovative soft design science methodology for improving development of a secure information system in Tanzania using multi-layered approach
(Journal of Information Security, 2017-07-06) Mshangi, Maduhu; Nfuka, Edefonce Ngerama; Sanga, Camelius
This paper presents an innovative Soft Design Science Methodology for im- proving information systems security using multi-layered security approach. The study applied Soft Design Science Methodology to address the problem- atic situation on how information systems security can be improved. In addi- tion, Soft Design Science Methodology was compounded with mixed research methodology. This holistic approach helped for research methodology trian- gulation. The study assessed security requirements and developed a frame- work for improving information systems security. The study carried out ma- turity level assessment to determine security status quo in the education sector in Tanzania. The study identified security requirements gap (IT security con- trols, IT security measures) using ISO/IEC 21827: Systems Security Engineer- ing-Capability Maturity Model (SSE-CMM) with a rating scale of 0 - 5. The results of this study show that maturity level across security domain is 0.44 out of 5. The finding shows that the implementation of IT security controls and security measures for ensuring security goals are lacking or conducted in ad-hoc. Thus, for improving the security of information systems, organisa- tions should implement security controls and security measures in each secu- rity domain (multi-layer security). This research provides a framework for enhancing information systems security during capturing, processing, storage and transmission of information. This research has several practical contribu- tions. Firstly, it contributes to the body of knowledge of information systems security by providing a set of security requirements for ensuring information systems security. Secondly, it contributes empirical evidence on how informa- tion systems security can be improved. Thirdly, it contributes on the applica-bility of Soft Design Science Methodology on addressing the problematic situation in information systems security. The research findings can be used by decision makers and lawmakers to improve existing cyber security laws, and enact laws for data privacy and sharing of open data.
Using soft systems methodology and activity theory to exploit security of web applications against heartbleed vulnerability
(International Journal of Computing and ICT Research,, 2015) Mshangi, Maduhu; Nfuka, Edephonce Ngemera; Sanga, Camilius
The number of security incidents exploiting security holes in the web applications is increasing. One of the recently identified vulnerability in the web applications is the Heartbleed bug. The Heartbleed bug is a weakness found in OpenSSL, open source cryptographic software. In this study, both quantitative and qualitative research methodologies were employed. Case study and content/documentary analysis research methods were used to collect data for probing the web applications which are vulnerable to the bug. Due to the complexity of the problem, Soft Systems Methodology was adopted for the management of the analysis of data. The evaluation of security of web applications involved 64 selected websites of higher education institutions in Africa. SSM was supported by a theory called Activity Theory. The collected data was analysed using “R statistical computing package”. The study found that 89% of the universities web applications in Africa were vulnerable to the Heartbleed attack; and 11% of the universities web applications in Africa were not vulnerable to Heartbleed on the public announcement of the bug. But about two months later after the public announcement of the bug, 16% of the most universities web applications which were vulnerable were patched for the Heartbleed bug. The study seeks to contribute in application of Soft Systems Methodology and Activity Theory in the body of knowledge of information systems security (ISS).