Security risk analysis and impact to a company network: a case study of Tanzania Telecommunications Company Limited.

Use of information technology is essential to most enterprises today and information security is now critical. User authentication, access control and the control of malicious logics is essential in service-oriented computer networks to identify any unauthorized or suspicious network access. Self assessment conducted on a system or multiple self assessments conducted for a group of interconnected system is one method used to measure information Technology (IT) security assurance. Self assessment provides a method for agency officials to determine the current status of their information security program and where necessary establish a target for improvement. This dissertation had the intention to concentrate on improvement and investigate the security risk situation for TTCL Company network and observe necessary security policy, access control procedures and communication and operations management. Thereafter if necessary to be revisited and necessary amendment could be made to minimize security risks to an acceptable level. This study was done at TTCL Company. The current security measures have been analyzed based on ISO 17799. TTCL is the Company which provides communication services in the country. The Company offers wide variety of product and services including fixed and mobile data solutions as the Tanzanians choice as the total communication solution provider. Findings show that in TTCL Company risk assessment are not done systematically; it is done only when there is breakdown (disaster). Acceptable level of risk to the asset is a measure of the likelihood of the compromise where the consequences are a function of the sensitivity.