Risk and security controls management in ICT: study of knowledge of implementation in Tanzania
No Thumbnail Available
Date
2008
Authors
Journal Title
Journal ISSN
Volume Title
Publisher
University of Dar es Salaam
Abstract
The purpose of this research was to study the extent of knowledge of implementation of most organizations' users in managing ICT risk and security controls for improved economic production, thus in turn to be used for developing workable guidelines. Data collected through interviews and questionnaires from organizations were analyzed using Microsoft Excel. Results show that the surveyed organizations were facing insufficient knowledge and technical personnel for implementation of necessary security controls as very few (27%) were doing only occasional trainings, leading to few used and knew existing policies/guidelines, attacks of information and assets including protection and detection. E.g. only 37% of them used licensed software for updates, only 22% were budgeting for security controls and no any Systems Administrator was involved in designing and formulating of organization's policies. This resulted into loss of: services, valuable data and assets, hence not meeting the set objectives. The developed workable guidelines will help most organizations' users in managing ICT risk and security controls. Therefore, research emphases the establishment of policy framework addressing classes of critical data and assets, aiming at security controls. It also emphases the frequent trainings of all users for awareness and knowledge on; policies, guidelines, threats and security controls. To support all this, all organizations have to support financially the ICT security controls, and thus involvement of the Systems Administrators in designing and formulating the policies have to be emphasized for improved economic production.
Description
Available in print form, East Africana Collection, Dr. Wilbert Chagula Library, Class mark (THS EAF QA76.9.A25S28)
Keywords
Computer networks, Security measures, Risk management, Management information systems, Tanzania
Citation
Sawenge, L. (2008) Risk and security controls management in ICT: study of knowledge of implementation in Tanzania, Master dissertation, University of Dar es Salaam. Dar es Salaam.