Assessig the Significance of Cia Triad Security Model in Establishing ICT Security Controls in The Public Sector.

Abstract

The ICT advancement in Tanzania's public sector has caused an increase in cyber security threats in terms of confidentiality, integrity, and availability of information. The statistics show cybersecurity threats index level of Tanzania is not stable at a low point. This means that there are some security vulnerabilities which have to be researched and recommended security controls against them. Therefore, the study aimed to assess vulnerabilities, exploit them, and suggest strong security controls which could fix the observed weaknesses. The research was designed (structured) as a case study of the Shinyanga public sector and their efforts to avoid cyber-attacks based on Confidentiality, Integrity and Availability (CIA) of information. This research focuses on the phenomena of public sector firms taking preventive measures against cyber security incidents. For the case of population, the study targeted the employees of two public organisations, which are KASHWASA and SHUWASA. The ICT unit heads, Cybersecurity specialists, and other ICT users were included in the population. The sample size was 105 respondents, which were obtained by purposive, simple, and random sampling techniques. The study was approached quantitatively, where both primary and secondary data were collected for analysis. Primary data were collected through a questionnaire and penetration test, while secondary data were collected from other researchers’ works. Ms Excel and STATA were the tools used for data analysis, which was followed by interpretation. The conclusion showed the existence of vulnerabilities in terms of users, infrastructure, and documents. Users’ awareness of cybersecurity was too low to stand against cyberattack techniques such as Social Engineering etc. However, the infrastructure was found vulnerable to attacks like DOS, payload and others. Moreover, ICT documents were not fully operationalised, so the users were utilising ICT resources without adhering to guidelines. According to the findings obtained, the researcher recommended strong security controls to be established to secure public sector information by considering confidentiality, integrity, and availability.