Abstract
This paper presents an innovative Soft Design Science Methodology for improving information systems security using multi-layered security approach. The study applied Soft Design Science Methodology to address the problematic situation on how information systems security can be improved. In addition, Soft Design Science Methodology was compounded with mixed research methodology. This holistic approach helped for research methodology triangulation. The study assessed security requirements and developed a framework for improving information systems security. The study carried out maturity level assessment to determine security status quo in the education sector in Tanzania. The study identified security requirements gap (IT security controls, IT security measures) using ISO/IEC 21827: Systems Security Engineering-Capability Maturity Model (SSE-CMM) with a rating scale of 0 - 5. The results of this study show that maturity level across security domain is 0.44 out of 5. The finding shows that the implementation of IT security controls and security measures for ensuring security goals are lacking or conducted in ad-hoc. Thus, for improving the security of information systems, organisations should implement security controls and security measures in each security domain (multi-layer security). This research provides a framework for enhancing information systems security during capturing, processing, storage and transmission of information. This research has several practical contributions. Firstly, it contributes to the body of knowledge of information systems security by providing a set of security requirements for ensuring information systems security. Secondly, it contributes empirical evidence on how information systems security can be improved. Thirdly, it contributes on the applicability of Soft Design Science Methodology on addressing the problematic situation in information systems security. The research findings can be used by decision makers and lawmakers to improve existing cyber security laws, and enact laws for data privacy and sharing of open data.
Highlights
The advancement of information communication technologies (ICT) enabled the integration of information systems in cyberspace which is accessible through the Internet and mobile based platforms
Soft Design Science Methodology was compounded with mixed research methodology
This holistic approach helped for research methodology triangulation
Summary
The advancement of information communication technologies (ICT) enabled the integration of information systems in cyberspace which is accessible through the Internet and mobile based platforms. Researchers have shown an increased number of cyber crimes affecting information systems in cyberspace. Security of information in information systems during capturing, processing, storage, and transmission is questionable. This is evidenced by past studies, such as [2] argued that the number of security incidents exploiting security holes in the information systems in cyberspace is increasing. One of the notable security holes is a heart-bleed attack. A study by [2] found that 89% of the universities information systems in cyberspace were vulnerable to heart-bleed attack. The heart-bleed attack is the vulnerability in Open SSL cryptographic software, and allows stealing of the protected information such as username, password, and private certificates in memory of the computer
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
