An innovative soft design science methodology for improving development of a secure information system in Tanzania using multi-layered approach
Loading...
Date
2017-07-06
Journal Title
Journal ISSN
Volume Title
Publisher
Journal of Information Security
Abstract
This paper presents an innovative Soft Design Science Methodology for im-
proving information systems security using multi-layered security approach.
The study applied Soft Design Science Methodology to address the problem-
atic situation on how information systems security can be improved. In addi-
tion, Soft Design Science Methodology was compounded with mixed research
methodology. This holistic approach helped for research methodology trian-
gulation. The study assessed security requirements and developed a frame-
work for improving information systems security. The study carried out ma-
turity level assessment to determine security status quo in the education sector
in Tanzania. The study identified security requirements gap (IT security con-
trols, IT security measures) using ISO/IEC 21827: Systems Security Engineer-
ing-Capability Maturity Model (SSE-CMM) with a rating scale of 0 - 5. The
results of this study show that maturity level across security domain is 0.44
out of 5. The finding shows that the implementation of IT security controls
and security measures for ensuring security goals are lacking or conducted in
ad-hoc. Thus, for improving the security of information systems, organisa-
tions should implement security controls and security measures in each secu-
rity domain (multi-layer security). This research provides a framework for
enhancing information systems security during capturing, processing, storage
and transmission of information. This research has several practical contribu-
tions. Firstly, it contributes to the body of knowledge of information systems
security by providing a set of security requirements for ensuring information
systems security. Secondly, it contributes empirical evidence on how informa-
tion systems security can be improved. Thirdly, it contributes on the applica-bility of Soft Design Science Methodology on addressing the problematic
situation in information systems security. The research findings can be used
by decision makers and lawmakers to improve existing cyber security laws,
and enact laws for data privacy and sharing of open data.
Description
Keywords
soft design science, information systems security, design science research, soft systems methodology, multi-layered approach
Citation
Journal of Information Security, 2017, 8, 141-165