An Innovative Soft Design Science Methodology for Improving Development of a Secure Information System in Tanzania Using Multi-Layered Approach

Mshangi, Maduhu; Nfuka, Edephonce Ngemera; Sanga, Camilius

doi:10.4236/jis.2017.83010

Cited by 3 publications

(6 citation statements)

References 25 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The research study adopted soft systems methodology ( Figure 1) to guide the research process. Soft systems methodology (SSM) is an approach to tackling ill-defined complex problematic situation involving human factor [27] [28] [29] such as security incidents affecting IS.…”

Section: Methodsmentioning

confidence: 99%

See 1 more Smart Citation

Human Sensor Web Crowd Sourcing Security Incidents Management in Tanzania Context

Mshangi¹,

Nfuka²,

Sanga³

2018

JIS

Self Cite

View full text Add to dashboard Cite

Security incidents affecting information systems in cyberspace keep on rising. Researchers have raised interest in finding out how to manage security incidents. Various solutions proposed do not effectively address the problematic situation of security incidents. The study proposes a human sensor web Crowd sourcing platform for reporting, searching, querying, analyzing, visualizing and responding to security incidents as they arise in real time. Human sensor web Crowd sourcing security incidents is an innovative approach for addressing security incidents affecting information systems in cyberspace. It employs outsourcing collaborative efforts initiatives outside the boundaries of the given organization in solving a problematic situation such as how to improve the security of information systems. It was managed by soft systems methodology. Moreover, security maturity level assessment was carried out to determine security requirements for managing security incidents using ISO/IEC 21827: Systems security engineering capability maturity model with a rating scale of 0-5. It employed descriptive statistics and non-parametric statistical method to determine the significance of each variable based on a research problem. It used Chi-Square Goodness of Fit Test (X 2) to determine the statistical significance of result findings. The findings revealed that security controls and security measures are implemented in ad-hoc. For managing security incidents, organizations should use human sensor web Crowd sourcing platform. The study contributes to knowledge base management learning integration: practical implementation of Crowd sourcing in information systems security.

show abstract

Section: Methodsmentioning

confidence: 99%

“…The designed survey questionnaire was based on SSE-CMM. Due to the nature of the research problem, soft systems methodology[19] [28][29]…”

mentioning

confidence: 99%

Human Sensor Web Crowd Sourcing Security Incidents Management in Tanzania Context

Mshangi¹,

Nfuka²,

Sanga³

2018

JIS

Self Cite

View full text Add to dashboard Cite

show abstract

“…Security threats and cyber attacks are accelerated by insecure design and security misconfiguration [2] of web-based applications. Security controls are missing or ineffective security controls [3] [4] [5] are defined during the system development lifecycle. Design flaws (vulnerabilities) are introduced [6] by insecure design which cannot be fixed by correct configurations or perfect implementations of the system [7].…”

Section: Security Headers Adoption and Implementation Have Raised Att...mentioning

confidence: 99%

“…This involves configuring and setting correct security header responses in web-based systems infrastructure. It provides another security tier layer [3] by helping to minimize or eliminate intrusions and security vulnerabilities and threats in web-based systems. Whenever a browser sends requests for a page from a web server, the server responds with the content along with HTTP security response headers [10].…”

Section: Security Headers Adoption and Implementation Have Raised Att...mentioning

confidence: 99%

Secure Web Application Technologies Implementation through Hardening Security Headers Using Automated Threat Modelling Techniques

Mlyatu¹,

Sanga²

2023

JIS

Self Cite

View full text Add to dashboard Cite

This paper investigates whether security headers are enforced to mitigate cyber-attacks in web-based systems in cyberspace. The security headers examined include X-Content-Type-Options, X-Frame-Options, Strict-Transport-Security, Referrer-Policy, Content-Security-Policy, and Permissions-Policy. The study employed a controlled experiment using a security header analysis tool. The web-based applications (websites) were analyzed to determine whether security headers have been correctly implemented. The experiment was iterated for 100 universities in Africa which are ranked high. The purposive sampling technique was employed to understand the status quo of the security headers implementations. The results revealed that 70% of the web-based applications in Africa have not enforced security headers in web-based applications. The study proposes a secure system architecture design for addressing web-based applications' misconfiguration and insecure design. It presents security techniques for securing web-based applications through hardening security headers using automated threat modelling techniques. Furthermore, it recommends adopting the security headers in web-based applications using the proposed secure system architecture design.

show abstract

“…Likewise, a logic model from the program evaluation discipline has featured the use of ISO/IEC standards on software quality to evaluate DSR studies in process assessments [29]. Beyond software artefacts, DSR projects have used International Standards for a human-centered design process in order to assess user experience in the context of Human-Computer Interaction [30] and for information security assessments [31]. However, the application of International Standards to demonstrate research relevance has not been discussed in any of the aforementioned DSR studies.…”

Section: Accepted Manuscriptmentioning

confidence: 99%

Benefits and relevance of International Standards in a design science research project for process assessments

Shrestha

Cater-Steel

Toleman

et al. 2018

Computer Standards & Interfaces

View full text Add to dashboard Cite

One critical challenge in IT Service Management (ITSM) process assessment is the issue of transparency in the way ITSM processes are assessed. A Design Science Research (DSR) project was executed to design, develop and evaluate an artefact in order to conduct software-mediated process assessments in ITSM. International Standards were used to validate the design, development and evaluation of the research artefact in order to demonstrate that the artefact is relevant to practice. Studies relating to the use of International Standards to validate DSR artefacts are scant regardless of broader adoption of the DSR studies and acceptance of the international standards in practice. DSR studies in particular are required to maintain a balance between research rigour and relevance by reporting artefacts that solve a class of problems based on scientific justification and practical evidence. International standards provide bodies of knowledge that ensure products, services and processes are of acceptable quality and relevant to practice. Our DSR project confirmed that the external validity of an artefact can be improved with the use of International Standards. Using three International Standards, process assessment ISO/IEC 15504-330xx series, IT Service Management ISO/IEC 20000 series, and System and Software Quality Models from ISO/IEC 25010, this manuscript presents an account of a DSR project with three evaluation sites where the artefact was tested in real organizational contexts. The project demonstrated the significant role of International Standards to confirm research relevance during artefact design, development and evaluation.

show abstract

An Innovative Soft Design Science Methodology for Improving Development of a Secure Information System in Tanzania Using Multi-Layered Approach

Cited by 3 publications

References 25 publications

Human Sensor Web Crowd Sourcing Security Incidents Management in Tanzania Context

Human Sensor Web Crowd Sourcing Security Incidents Management in Tanzania Context

Secure Web Application Technologies Implementation through Hardening Security Headers Using Automated Threat Modelling Techniques

Benefits and relevance of International Standards in a design science research project for process assessments

Contact Info

Product

Resources

About