Assessment of Information Security Strategies in Safeguarding Public Assets in Tanzania:

Abstract

This study has assessed information system security in safeguarding public assets. The study was conducted in Mpanda Municipal Council, and specifically identified information security strategies implemented in protecting public assets; determining essential resources and capabilities needed to ensure effective implementation of information security strategies in protecting public assets; and assessing the effectiveness of information security strategies implemented in protecting public assets. The study was theoretically guided by the Theory of Information security. Study population was 1294 employees of the Mpanda Municipal Council and sample size was 140. The study used the descriptive research design and the concurrent mixed method approach. Systematic simple random sampling was used to obtain respondents who provided quantitative data. Purposive sampling was used to obtain management officers from provided qualitative data. The semi-structured questionnaire was used to collect the quantitative data, and an interview guide was used to collect the qualitative data. Quantitative data was analysed by using descriptive statistics with percentages, frequencies, mean and standard deviations. Thematic analysis was engaged to analyse qualitative data. The findings of this research demonstrate the effectiveness of information security strategies in protecting public assets within the Mpanda Municipal Council. The study concludes that measures such as user identity management, securing remote access, data centre security measures, cloud security measures, advanced threat defences, and anti-virus and Antimalware Software played crucial roles in safeguarding public assets. Furthermore, the study concludes that budget and funding, compliance and regulatory knowledge, risk assessment and management, incident response capability, continuous monitoring, and continuous security improvements are essential resources and capabilities that contribute to the successful protection of public assets in Tanzania. The research has as well underscores the significance of incident response metrics, risk response metrics, compliance metrics, and security incident metrics in protecting public assets in Tanzania. The study has suggested several recommendations in line with the study findings. The study recommends that LGAs and Government Institutions should enhance employee’s awareness on information security strategies through training and awareness programs. They should also conduct regular security assessments, vulnerability scanning, and penetration testing to identify and address potential weaknesses in their information security infrastructure. They should also develop and maintain a well-defined incident response plan that outlines the steps to be taken in the event of a security incident