Thursday, February 9, 2012
The Wake of Information Security in Tanzania
Information age has turned information to be a precious resource. And thus any organization which wishes to compete be it a private company or public corporation the question of Information security must be given priority. Such wake for information security has taken pace in Tanzania. This paper tries to highlight that wake in Tanzania.
The initiative for information security in Tanzania can historically be linked with the 1970s incidence, where in 1970s there was a plan to computerize the whole Tanzania- Government accounting system using the computer model ICL 1900 which was located at the Ministry of Finance headquarter in Dar es salaam. The project terribly failed and has scrapped after a heavy loss. For two consecutive years the government could not tell how much money it had spent or collected as revenue.
As a response to that in 1974 the law was passed to ban importation of computers and related equipments after suffering heavy financial losses.
Though later in 1980s the computer importation was allowed in the country under the scrutiny of the Advisory Committee which had a duty to grant import licences.
With the coming of mobile phones and internet, ICT application in Tanzania got many clients. And the concern of about information security was and yet is more alarming.
There are hackers, malicious programs like computer viruses, worms, just to mention a few.
Attackers are assumed to have various levels of expertise, resources, and motivation. Attackers can either be insiders or outsiders. Relevant expertise may be in general semiconductor technology, software engineering, hacker techniques, or the specific system. Resources may range from personal computers and inexpensive card reading/coding devices to very expensive and sophisticated engineering test, measurement devices, and replica of Company vending devices. They may also include software routines, some of which are readily available on the Internet. Motivation may include economic reward, resentment, or notoriety of defeating high-grade security. Given sufficient time and expertise, any particular company vending application software can be compromised.
Threat to Security
The PP is required to counter threats that may be broadly categorized as:
- Threats addressed by the system:
- Threats associated with physical attack on the system
- Threats associated with logical attack on the system
- Threats associated with control of access
- Threats associated with unanticipated interactions
- Threats regarding the security module
- Threats that monitor informational
All these if not taken care of they will always be very costly to an individual or organization. “Information security assurance therefore must be taken into consideration as part of the business and systems engineering process.”
How information security is secured.
Information security program, blending best management practices with key physical and information technology safeguards. Drilling down to the critical building blocks of information security, covers security policies, awareness, administration, models, mechanisms, and architectures; availability, backup, recovery, and business continuity planning; firewalls; user authentication; cryptography; network concepts and security.
The initiatives so far undertaken are only in technical and training as such and here there are several IT vendors like the Agumba Computers Company which is very well known in Tanzania for providing inter alia IT Security training and consultancy. Agumba has presented several papers on IT Security in Tanzania. The other company dealing with providing IT Security Training is Tanzania Global Development Learning Centre.
Despite the initiatives undertaken there is yet still a problem particularly on the legal system. The legal infrastructure in Tanzania is yet to incorporate Information Security as an area worth legal safeguard. In this way it is not surprising to find hackers or those defrauding the IT system walking away unpunished by the law.
It is therefore prudent and sound that the initiatives should not only be on technical area put also the legal infrastructure should address such matters related to information security in Tanzania.
It Security: Security Management Practices – Theory and Practical.
Klodwig Mgaya, Development of Information Technology in Tanzania.
E-Security and Cyber Crimes Training Workshop
Job Asheri Chaula, at el , A Framework for Evaluation of Information Security Systems, A Case Study of Tanzania Electric Supply Company ( TANESCO).
Regional Information Security Consultative Forum; Status of Information Security in Tanzania, Paul Koyi, Agumba Computers, Tanzania http://www.uneca.org/aisi/NICI/EACeSecurity.htm
Howard Shila, Effectiveness of Informatics Policy Instruments in Africa, Tanzania. Available at
http://www.uneca.org/aisi/tanzania.htm visited on 03/02/2008
Tanzania Communications Regulatory Authority.
National Information and Communications and Technology Policy
The Parliament of Tanzania
 http://www.unu.edu/unupress/unupbooks/uu19ie/uu19ie0i.htmvisited on 17/11/2007
 Job Asheri Chaula, at el , A Framework for Evaluation of Information Security Systems, A Case Study of Tanzania Electric Supply Company ( TANESCO). Available at
www.icsa.cs.up.ac.za/issa/2005/Proceedings/Full/062_Article.pdf- last visited on 01/02/2008