Abstract:
The study sought to investigate factors that contribute information security vulnerabilities in public
organizations: A case of TEMDO and TAEC - Arusha. The study established the external
organizational factors that may contribute to information security vulnerabilities in public
organizations. The study also determined internal organizational factors that may contribute to
information security vulnerabilities in public organizations. Descriptive cross-sectional survey
research design was useful for collecting data and techniques used in analysis. Data was collected
using administered questionnaires and interviews. Data was analysed using IBM SPSS Version 25
for descriptive and inferential statistics. The results from the analysis revealed that externally,
attacker-victim remoteness, presence of skilled and knowledgeable hackers and fake offers on the
internet to share security credentials contribute to information security vulnerabilities in public
organizations. The findings unveiled that internally, employees action derived for personal financial
gains, ease to execute and available internet tools, disgruntled employees launching retaliatory
attacks to sabotage systems and weak information infrastructure systems contribute to information
security vulnerabilities in public organizations. Moreover, study findings revealed user awareness
training on cyber security issues, carrying out cyber risk assessment on its critical assets and cyber
security or information security audits as well as establishing cyber security policy will address the
issue information security vulnerabilities in public organizations. The study recommends that same
study should be conducted in other institutions and in other countries for comparison and
generalization of findings
