The information systems (IS) in cyberspace experience various security incidents across the globe. An incident reporting, responding and handling is a cornerstone in managing security incidents by minimizing loss and impact through mitigating or reducing risks to an acceptable level, and quick recovery of IS from disruptive events. It is an increasingly problematic situation; researchers are trying to address. Thus, ensuring the security of IS in cyberspace is debatable due to the rapid growth of security incidents affecting IS. The study employs innovative human sensor web Crowd sourcing security incidents approach to improve the security of IS  . Human sensor web (HSW) Crowd sourcing security incidents management is an innovative approach for addressing security incidents using collaborative initiatives efforts outside the boundaries of the given organization, sector or country in solving a problematic situation such as how to improve the security of IS  . This involves making a public call to the community crowd by inviting people with diverse skills, experiences to respond to the public call to find out the solution to the problem.
The HSW Crowd sourcing uses the community in solving the problem instead of relying on internal efforts (internal resources). This public call to the community normally is accompanied with a prize to contest. This creates a room for people with diverse skills, knowledge, expertise, and experience to contest in finding the best optimal solution. This can result in getting correct solution, solving the complex problematic situation which could be impossible to solve by only depending on internal efforts (internal resources). HSW Crowd sourcing has been applied in various sectors for addressing various problems. For example, it has been applied in addressing real-world problematic situations such as empowering communities in East Africa in water service provision through information from human sensor webs in Zanzibar  ; rabies surveillance system for humans and animals in Kilosa district, Tanzania  . This study seeks to extend the application of HSW Crowd sourcing to security incidents management for IS in cyberspace.
HSW Crowd sourcing security incidents management enables interconnected people in the community to act as a sensor for reporting and responding to security incidents over the web or mobile-based platform. The function of responding to security incidents such as cybercrimes attacks in cyberspace is outsourced to people in the cyberspace   . HSW enables people to interact with their devices   to forward and respond to security incidents stimuli designated to receiving server  . The problem of security incidents can be observed and reported by human sensors in real-time basis  .
Many uncertainties still exist on reporting, responding and handling of security incidents affecting IS in cyberspace. This has been a long-standing problematic situation which researchers have been trying to address in order to come out with a solution. The approach of Crowd sourcing has been applied in different sectors to address the given problems, but its application to address security concerns such as security incidents managements in real time has been lagging behind. Practical techniques for implementation of HSW for Crowd sourcing platform in knowledge base management learning have not been undertaken into account     in information systems security. HSW Crowd sourcing platform in knowledge base management learning for security incidents management integration is lacking or ineffectively implemented in solving real-world problematic situation such as how to improve the security of IS.
The main objective of this research was to develop human sensor web Crowd sourcing security incidents management platform for addressing the problematic situation on how to improve the security of information in IS (during capturing, processing, storage, and transmission), a case study of the education sector in Tanzania.
This paper presents an innovative human sensor web Crowd sourcing geographical information system platform for instant managing of security incidents, a case study of the education sector in Tanzania. The rest of this paper is organized as follows: Section 2 presents the related work. Section 3 presents the materials and methods employed in this study. Section 4 presents the results findings and discussion. Section 5 describes the developed prototype for human sensor web Crowd sourcing platform for security incidents management. Section 6 presents software development crowd: using the crowd as an innovation partner. Finally, Section 7 presents the conclusion.
2. Related Work
Managing security incidents effectively involves detective and corrective controls designed to recognize and respond to events and incidents, minimize adverse impacts, gather forensic evidence    and take actions for improvements or other risk treatments   . Thus, it involves preparing to deal with incidents; identifying and reporting information security incidents; assessing the incidents and making decisions   : patch things and get back to business quickly, or collect forensic evidence; respond to incidents; learning the lessons: making changes that improve the processes  .
Consequently, information security incidents are bound to occur to some extent, even in organizations that take their information security extremely seriously   . The study selected an information security incident management security domain as a case study for developing a prototype for human sensor web for Crowd sourcing platform: central repository information security incidents management. Security incidents such as cybercrimes affecting IS in cyberspace are on the rise   . The developed platform serves as a tool for reporting, communicating, sharing, visualizing the reported security incidents and responding to adverse events. This assists the incident response team (IRT) in receiving, analyzing, and responding to information security incidents reported through the human sensor web Crowd sourcing     security incidents platform.
3. Materials and Methods
The study employed mixed research methods (quantitative and qualitative) for data collection and analysis  . The quantitative research method employed  was survey questionnaire (Appendix A). The qualitative research methods employed were semi-structured interview using electronic assessment tools  for focused group/individuals and documentary review  . The data collection was conducted in seven organizations under study in the education sector in Tanzania   . The seven organizations selected are those which are mainly involved in the educational assessment and management of education in Tanzania, because of their high impact on the whole sector. In this study, the names of the seven selected organizations referred as K, L, M, N, O, P and Q were not disclosed for confidentiality purpose. In this case, the level of analysis is organizational. The research study adopted soft systems methodology (Figure 1) to guide the research process. Soft systems methodology (SSM) is an approach to tackling ill-defined complex problematic situation involving human factor    such as security incidents affecting IS.
3.1. Sampling Techniques
The sample size for this study was 154 respondents from seven organizations in the education sector; the distributions of these respondents are presented in Table 1. This sample was selected using purposive and stratified random sampling
Figure 1. How soft systems methodology was used   . Key: Sj is the given system under improvement which undergo cycles of iterations (i = 1, 2, 3, ∙∙∙); j = 1, 2, 3, ∙∙∙
Table 1. Respondents.
Source:   .
techniques. Purposive sampling relies on the judgment of the researcher when it comes to selecting the units (e.g., people, cases/organizations, events, pieces of data) that are to be studied   . The selected respondents in this study were those involved in the managing of ICT and security of IS; procurement decisions of ICT equipment/accessories; ICT use and compliances. The respondents were selected based on the organization structure. Taking into account these aspects, the purposive sampling technique was the optimal choice for sampling design. The respondents (Table 1) were comprised of top management (Permanent Secretary, Commissioners, and Chief Executive Officers), senior management (Directors, Chief Financial Officers, Divisions/ Head of Departments), operations management (Head of Units/Sections), ICT experts (Network/Systems Administrators, IT security specialists and other ICT Staff); and normal users (operations staff who interact with IS and know the business processes) from the 7 organizations under study.
A stratified random sampling was used for selecting respondents for normal users of IS from sampling frame (list of all normal users of IS for 7 organizations under study) based on research questions. The sampling frame was divided into 7 strata (strata K, L, M, N, O, P, and Q) comprising of normal users of IS from 7 organizations. The respondents from each stratum were selected using random sampling   .
3.2. Data Collection and Analysis
The data collection and analysis were based on systems security engineering-capability maturity model (SSE-CMM)  with a rating scale of 0-5: minimum 0 and maximum 5 was used; 0-not performed (non-existent); 1-performed informally (unplanned/ad-hoc); 2-partially implemented (planned); 3-implementation is in progress (planned and tracked); 4-fully implemented (well defined and auditable); 5-fully implemented and regularly updated (monitored and audited for compliance). The research study employed survey questionnaire (Appendix A), interview and documentary review techniques for data collection. The designed survey questionnaire was based on SSE-CMM. Due to the nature of the research problem, soft systems methodology     was adopted to manage the analysis of collected data in a systematic way and circular fashion  . Collected data were first cleaned and coded before being analyzed.
The analysis was carried out using both descriptive statistics and non-parametric statistical method to determine the significance of each variable based on a research problem. The statistical data analysis method employed was the Chi-Square Goodness of Fit Test (X2). This is given by Equation (1).
In Equation (1), df is the degree of freedom; is the observed frequency for each category i; is the expected frequency for each category i. In this study, the category I = 0, 1, 2, 3, 4, 5 is based on SSE-CMM. Thus, for k categories,
; ; ; ; ; where is
proportional to expected frequency for category i in k categories. In this study k = 6; hence for each category i. N is the total number of observation in the sample size of respondents category under study.
In this study, with expected frequency and observed frequency , the null and alternative hypothesis can be stated as follows.
The variable for security measures or security controls does not contribute to improving the security of information in IS.
The variable for security measures or security controls does contribute to improving the security of information in IS.
where and denotes the null hypothesis and the alternative hypothesis respectively. The hypothesis was tested at 95% confidence interval, significance level . The choice of Chi-Square Goodness of Fit Test (X2) was due to the nature of research problem and nature of research data collected.
4. Results and Discussions
This section presents the results findings for addressing the problematic situation on how to improve the security of information in IS (during capturing, processing, storage, and transmission), a case study of the education sector in Tanzania. The data analysis was managed by SSM (Figure 1) in a circular fashion by executing every cycle i for a given iteration cycle (i = 1, 2, 3, ∙∙∙∙ n) for each criterion in security incident management security domain. The data were analyzed and statistically tested using Chi-square goodness of fit test. The Chi-square goodness of fit test with 0.05 significance level and df = 5 was carried to assess the effectiveness, efficiency, and efficacy of information security incident management controls implementation in the education sector in Tanzania. It was hypothesized that effective implementation of security incident management controls contributes to improving the security of IS. The results are as follows.
Table 2 presents views when the respondents were asked whether the given organization have incident-handling procedures in place to report and respond to security events throughout the incident lifecycle, including the definition of roles and responsibilities. The majority of respondents (71.8%: IT staff) revealed that organizations have implemented incident-handling procedures in ad-hoc (scale 1: unplanned); with a median of 1 in SSE-CMM rating scale of 0 - 5 (Table 2). Likewise, the findings revealed the views when management staff were asked (similar question) whether a given organization has an incident response team in place and is functional. The majority of respondents (62%: management staff) revealed that organizations do not have functional incident response team (scale 0); with a median of 0 in SSE-CMM rating scale of 0 - 5 (Table 2). The findings
Table 2. Incident management and response.
revealed the views when users of IS were asked (similar question) whether they know where to report information security incidents. The majority of respondents (80%: users of IS) revealed that information security incidents are reported in ad-hoc (scale 1: unplanned), with a median of 1 in SSE-CMM rating scale of 0 - 5 (Table 2).
Moreover, the Chi-square goodness of fit test results for all the three categories of respondents (IT staff: ( , p = .000, p < 0.05), management staff: ( , p = 0.000, p < 0.05), users of IS: ( , p = 0.000, p < 0.05)) in Table 2 revealed that organisations should implement security incident management controls such as HSW for Crowd sourcing security incidents management. Thus, in ensuring the security of IS, a given organization should implement incident management controls such as HSW Crowd sourcing security incidents management. Furthermore, it includes incident-handling procedures in place to report and respond to security events throughout the incident lifecycle; security incident response team in place and is functional; awareness to users of IS on how, what and where to report information security incidents.
Moreover, interview and documentary review results revealed that IS in cyberspace are affected by security incidents such as the hacking of IS; computer viruses; theft of computers; laptops in the office and theft of laptops during travels; information resources capacity limit such as web server capacity limit, LAN, WAN or Internet bandwidth limit capacity; hardware or software failures; fire; floods; developing applications using code generators frameworks, open sources software or content management systems (CMS) such Joomla without shutdown open holes (vulnerabilities).
5. Human Sensor Crowd Sourcing Platform for Security Incidents Management
The study proposes human sensor web crowd sourcing platform for managing security incidents. It comprises of system architecture, interfaces architecture for HSW crowd sourcing security incidents, mobile-based sub-system, interactive reports and database repository.
5.1. System Architecture for Human Sensor Web Crowd Sourcing
The proposed system architecture for HSW crowd sourcing security incidents comprises of web-based geographic information system (GIS), GIS server, interactive geo-maps, database repository, SMS alert, report security incidents, web server and interactive reports (Figure 2).
5.2. Interface Architecture for HSW Crowd Sourcing Security Incidents
The interface architecture for HSW crowd sourcing comprises of security incidents reporting, mobile base sub-system: SMS Alert, visualize security incidents in the GIS and interactive reports (Figure 3). The descriptions are as follows:
Figure 2. System architecture for human sensor web Crowd sourcing.
Figure 3. The user interface for human sensor web  .
5.2.1. Security Incidents Reporting
Figure 4 presents a web-based user interface for reporting security incidents; with filled in sample data. The reporter of security incident fills in information about the incident. The reporter is required to select the category of organization, organization name in which security incident(s) has occurred; the incident category and enter other details about the incident(s) before submitting the data to the database-repository.
5.2.2. Mobile-Based Sub-System: SMS Alert
The HSW for Crowd sourcing security incidents management system has
Figure 4. The user interface for reporting security incidents.
mobile-based sub-system for pushing and pulling SMS (Figure 3). Push messages are those SMS that the organization chooses to send out to a mobile subscriber (customers, reporters), without the mobile subscriber initiates a request for the information. Pull messages are those SMS that are initiated by a subscriber (customer, reporter), using a mobile phone to obtain information or perform other operations. The pull SMS will involve SMS interactions by requesting incidents status from the database repository. The system has two sub-menus under SMS interactions menu: Push SMS and Pull SMS.
1) Push SMS
This menu gives a functionality of pushing SMS to many recipients at once (Figure 3). The central incidents response team can create SMS and broadcast to all relevant parties about critical information for security incident such as dangerous viruses; hackers. Furthermore, the “Push SMS” menu has functionalities for sending SMS to users/entities subscribed to that SMS; fired based on condition met or triggered. For example, a dangerous virus which erases all data in hard disks; the system can be configured to send SMS to all organizations/security incidents response teams for information, sharing solution; and any remedial action.
2) Pull SMS
The user of the HSW for crowding security incidents system can send SMS in a pre-defined format to request information about information security incidents in real time (Figure 3). These can include requesting statistics of information security incidents by incident category, by organization category.
5.2.3. Visualize Security Incidents in GIS
Web-based GIS is a geographical web-based application for visualizing reported security incidents in interactive geographical maps. The web-based GIS has been developed using R programming and shiny. The R language is widely used for data mining, developing statistical software and data analysis. Shiny is a web framework for R which uses a reactive programming model to simplify the development of R-powered web applications. Shiny apps have two components: a user-interface script (ui.R) and a server script (server.R). The user-interface (ui.R) script controls the layout and appearance of the application. The server.R script contains the instructions that computer needs to build the given application on execution.
The web-based GIS is hosted and executed by the GIS server (shiny server). The GIS server hosts shiny web applications and interactive documents online. The GIS server process and manipulates data such as reported security incidents, spatial data from the database repository. The GIS server calls various libraries such as leaflet for integrating interactive geo-maps; MySQL: interface to MySQL/MariaDB database repository. The web-based GIS allows the users to visualize the reported security incidents by selecting organization category; region and date range (Figure 3). The visualization of reported security incidents includes a histogram, 3D pie chart and interactive maps visualization using markers.
1) Visualization in GIS using Histogram
The HSW Crowd sourcing platform can visualize the reported security incidents through histogram (Figure 5). The histogram portrays the reported security incidents in a given category over a date range.
2) Visualization in GIS Using a 3D Pie Chart
HSW Crowd sourcing platform can visualize the reported security incidents
Figure 5. Visualize security incidents through histogram in GIS.
through 3D Pie chart (Figure 6). The 3D Pie chart portrays the reported security incidents in a given category over a date range. The area of each portion represents the relative proportion of data points falling into a given incident category (Figure 6).
3) Interactive maps visualization using markers
The security incidents are presented in interactive maps using markers (Figure 7) on GIS map. The user should select organization category, region, and incident date range to visualize the security incidents.
5.2.4. Interactive Reports
This interface is comprised of interactive reports for security incidents management. The web-based “interactive reports” interface includes viewing the report by incidents category and by organization category (Figure 3).
1) View by Incidents Category
View by incidents category menu gives statics by category over a date range for information security incidents reported (Figure 3).
2) View by Organizations Category
View by organizations category menu gives statics by category over a date range for information security incidents reported (Figure 3).
5.3. Database Repository
Figure 8 presents the logical view of the database for HSW crowd sourcing security incidents management platform. It defines how the data is organized and how the relations among them are associated.
Figure 6. Visualize security incidents through 3D-pie chart in GIS.
Figure 7. Visualization in the geographical map.
Figure 8. The logical view of the database repository.
6. Software Development Crowd: Using the Crowd as an Innovation Partner
The development of HSW Crowd sourcing security incidents management platform was achieved using crowd and it was guided by SSM in a cyclic fashion   . Software development crowd is an emerging area of software engineering as opposed to traditional software engineering methodologies such as waterfall model, agile software development   . It is an open call for participation   in any task of software development, including documentation, design, coding, and testing  . These tasks are normally conducted by either member of a software enterprise or people contracted by the enterprise   . But in software Crowd sourcing, all the tasks can be assigned  to anyone in the general public   . The Crowd sourcing platform was developed participatory with crowds and thereafter, crowds used it for reporting security incidents such as cyber-attacks, hacking, cracking, viruses in real time  . The human sensor web Crowd sourcing security incidents management platform was used for searching, querying and sharing solutions for security incidents challenges based on dynamic knowledge base management learning. Thus, human sensor web for Crowd sourcing platform creates a dynamic knowledge base management learning for improving information systems security.
The paper proposes human sensor web Crowd sourcing platform for security incidents management. It is an innovative approach for addressing security incidents affecting information systems in cyberspace. It uses outsourcing collaborative initiatives efforts outside the boundaries of the given organization. The human sensor web incidents management platform comprises of system architecture, interface architecture, mobile-based sub-system, interactive reports and database repository. Open source software tools were used in creating the platform and the resulting data contained in the Crowd sourcing platform is open data. The proposed HSW Crowd sourcing platform creates a knowledge base management learning database repository for security incidents management. It employed descriptive statistics and non-parametric statistical method to determine the significance level contribution for improving the security of information systems. It used Chi-Square Goodness of Fit Test (X2) to determine the statistical significance of result findings. The results revealed that implementation of security controls and security measures for managing security incidents are done in an ad-hoc manner. Thus, for improving the security of information systems, organizations should use human sensor web Crowd sourcing platform for security incidents management. The future research work is to extend human sense web Crowd sourcing to cybersecurity whistleblowers using homomorphic cryptography techniques.
Survey Questionnaire for Security Incidents Management
The open university of Tanzania
Faculty of science, technology and environmental studies
The aim of this questionnaire is to find out your feelings, perception and options on the security incidents.
Note: All information, including answers to various questions in this questionnaire, shall be treated as confidential and solely for academic purposes only. Respondents should feel free to express themselves openly. Please do not reveal your name in this questionnaire.
Part One: Personal Information
For the following statements please tick (ü) the box that matches your view most closely.
(For Organization Name, Other and occupation fill in accordingly).
Part Two: Security incidents management
For the following statements, please indicate your response by ticking (ü) one checkbox per question: rating scale of 0 - 5: minimum 0 and maximum 5.
0-Not performed (non-existent);
1-Performed informally (unplanned);
2-Partially implemented (planned);
3-Implementation is in progress (planned and tracked);
4-Fully implemented (well defined and auditable);
5-Fully implemented and regularly updated (monitored and audited for compliance).
Comments and Suggestions (if any)
Thank you very much for your responses