Abstract:
The purpose of the article is to assess the weaknesses of Information and Communication Technology infrastructure security in Tanzania‟s public sector based on confidentiality, integrity, and availability of information to establish security controls. The vulnerabilities detected were exploited to find out the attacks which could gain successfully unauthorised access through them. Finally, security controls against vulnerabilities were recommended. Data collected from 107 respondents of two public sector organisations were analysed, and results showed the presence of Information and Communication Technology infrastructure vulnerabilities which required strong security controls for fixing them. On the other side, Practical Penetration Testing was conducted to get data which are relevant data about Information and Communication Technology infrastructure security weaknesses. Likewise, the penetration testing results indicated the presence of vulnerabilities. The obtained results were useful in recommending security controls to be established.
