This paper presents an innovative Soft Design Science Methodology for improving information systems security using multi-layered security approach. The study applied Soft Design Science Methodology to address the prob...This paper presents an innovative Soft Design Science Methodology for improving information systems security using multi-layered security approach. The study applied Soft Design Science Methodology to address the problematic situation on how information systems security can be improved. In addition, Soft Design Science Methodology was compounded with mixed research methodology. This holistic approach helped for research methodology triangulation. The study assessed security requirements and developed a framework for improving information systems security. The study carried out maturity level assessment to determine security status quo in the education sector in Tanzania. The study identified security requirements gap (IT security controls, IT security measures) using ISO/IEC 21827: Systems Security Engineering-Capability Maturity Model (SSE-CMM) with a rating scale of 0 - 5. The results of this study show that maturity level across security domain is 0.44 out of 5. The finding shows that the implementation of IT security controls and security measures for ensuring security goals are lacking or conducted in ad-hoc. Thus, for improving the security of information systems, organisations should implement security controls and security measures in each security domain (multi-layer security). This research provides a framework for enhancing information systems security during capturing, processing, storage and transmission of information. This research has several practical contributions. Firstly, it contributes to the body of knowledge of information systems security by providing a set of security requirements for ensuring information systems security. Secondly, it contributes empirical evidence on how information systems security can be improved. Thirdly, it contributes on the applicability of Soft Design Science Methodology on addressing the problematic situation in information systems security. The research findings can be used by decision makers and lawmakers to improve existing cyber security laws, and enact laws for data privacy and sharing of open data.展开更多
Security incidents affecting information systems in cyberspace keep on rising. Researchers have raised interest in finding out how to manage security incidents. Various solutions proposed do not effectively address th...Security incidents affecting information systems in cyberspace keep on rising. Researchers have raised interest in finding out how to manage security incidents. Various solutions proposed do not effectively address the problematic situation of security incidents. The study proposes a human sensor web Crowd sourcing platform for reporting, searching, querying, analyzing, visualizing and responding to security incidents as they arise in real time. Human sensor web Crowd sourcing security incidents is an innovative approach for addressing security incidents affecting information systems in cyberspace. It employs outsourcing collaborative efforts initiatives outside the boundaries of the given organization in solving a problematic situation such as how to improve the security of information systems. It was managed by soft systems methodology. Moreover, security maturity level assessment was carried out to determine security requirements for managing security incidents using ISO/IEC 21827: Systems security engineering capability maturity model with a rating scale of 0 - 5. It employed descriptive statistics and non-parametric statistical method to determine the significance of each variable based on a research problem. It used Chi-Square Goodness of Fit Test (X2) to determine the statistical significance of result findings. The findings revealed that security controls and security measures are implemented in ad-hoc. For managing security incidents, organizations should use human sensor web Crowd sourcing platform. The study contributes to knowledge base management learning integration: practical implementation of Crowd sourcing in information systems security.展开更多
This paper investigates whether security headers are enforced to mitigate cyber-attacks in web-based systems in cyberspace. The security headers examined include X-Content-Type-Options, X-Frame-Options, Strict-Transpo...This paper investigates whether security headers are enforced to mitigate cyber-attacks in web-based systems in cyberspace. The security headers examined include X-Content-Type-Options, X-Frame-Options, Strict-Transport-Security, Referrer-Policy, Content-Security-Policy, and Permissions-Policy. The study employed a controlled experiment using a security header analysis tool. The web-based applications (websites) were analyzed to determine whether security headers have been correctly implemented. The experiment was iterated for 100 universities in Africa which are ranked high. The purposive sampling technique was employed to understand the status quo of the security headers implementations. The results revealed that 70% of the web-based applications in Africa have not enforced security headers in web-based applications. The study proposes a secure system architecture design for addressing web-based applications’ misconfiguration and insecure design. It presents security techniques for securing web-based applications through hardening security headers using automated threat modelling techniques. Furthermore, it recommends adopting the security headers in web-based applications using the proposed secure system architecture design.展开更多
文摘This paper presents an innovative Soft Design Science Methodology for improving information systems security using multi-layered security approach. The study applied Soft Design Science Methodology to address the problematic situation on how information systems security can be improved. In addition, Soft Design Science Methodology was compounded with mixed research methodology. This holistic approach helped for research methodology triangulation. The study assessed security requirements and developed a framework for improving information systems security. The study carried out maturity level assessment to determine security status quo in the education sector in Tanzania. The study identified security requirements gap (IT security controls, IT security measures) using ISO/IEC 21827: Systems Security Engineering-Capability Maturity Model (SSE-CMM) with a rating scale of 0 - 5. The results of this study show that maturity level across security domain is 0.44 out of 5. The finding shows that the implementation of IT security controls and security measures for ensuring security goals are lacking or conducted in ad-hoc. Thus, for improving the security of information systems, organisations should implement security controls and security measures in each security domain (multi-layer security). This research provides a framework for enhancing information systems security during capturing, processing, storage and transmission of information. This research has several practical contributions. Firstly, it contributes to the body of knowledge of information systems security by providing a set of security requirements for ensuring information systems security. Secondly, it contributes empirical evidence on how information systems security can be improved. Thirdly, it contributes on the applicability of Soft Design Science Methodology on addressing the problematic situation in information systems security. The research findings can be used by decision makers and lawmakers to improve existing cyber security laws, and enact laws for data privacy and sharing of open data.
文摘Security incidents affecting information systems in cyberspace keep on rising. Researchers have raised interest in finding out how to manage security incidents. Various solutions proposed do not effectively address the problematic situation of security incidents. The study proposes a human sensor web Crowd sourcing platform for reporting, searching, querying, analyzing, visualizing and responding to security incidents as they arise in real time. Human sensor web Crowd sourcing security incidents is an innovative approach for addressing security incidents affecting information systems in cyberspace. It employs outsourcing collaborative efforts initiatives outside the boundaries of the given organization in solving a problematic situation such as how to improve the security of information systems. It was managed by soft systems methodology. Moreover, security maturity level assessment was carried out to determine security requirements for managing security incidents using ISO/IEC 21827: Systems security engineering capability maturity model with a rating scale of 0 - 5. It employed descriptive statistics and non-parametric statistical method to determine the significance of each variable based on a research problem. It used Chi-Square Goodness of Fit Test (X2) to determine the statistical significance of result findings. The findings revealed that security controls and security measures are implemented in ad-hoc. For managing security incidents, organizations should use human sensor web Crowd sourcing platform. The study contributes to knowledge base management learning integration: practical implementation of Crowd sourcing in information systems security.
文摘This paper investigates whether security headers are enforced to mitigate cyber-attacks in web-based systems in cyberspace. The security headers examined include X-Content-Type-Options, X-Frame-Options, Strict-Transport-Security, Referrer-Policy, Content-Security-Policy, and Permissions-Policy. The study employed a controlled experiment using a security header analysis tool. The web-based applications (websites) were analyzed to determine whether security headers have been correctly implemented. The experiment was iterated for 100 universities in Africa which are ranked high. The purposive sampling technique was employed to understand the status quo of the security headers implementations. The results revealed that 70% of the web-based applications in Africa have not enforced security headers in web-based applications. The study proposes a secure system architecture design for addressing web-based applications’ misconfiguration and insecure design. It presents security techniques for securing web-based applications through hardening security headers using automated threat modelling techniques. Furthermore, it recommends adopting the security headers in web-based applications using the proposed secure system architecture design.
