Back
 JIS  Vol.9 No.3 , July 2018
Human Sensor Web Crowd Sourcing Security Incidents Management in Tanzania Context
Abstract: Security incidents affecting information systems in cyberspace keep on rising. Researchers have raised interest in finding out how to manage security incidents. Various solutions proposed do not effectively address the problematic situation of security incidents. The study proposes a human sensor web Crowd sourcing platform for reporting, searching, querying, analyzing, visualizing and responding to security incidents as they arise in real time. Human sensor web Crowd sourcing security incidents is an innovative approach for addressing security incidents affecting information systems in cyberspace. It employs outsourcing collaborative efforts initiatives outside the boundaries of the given organization in solving a problematic situation such as how to improve the security of information systems. It was managed by soft systems methodology. Moreover, security maturity level assessment was carried out to determine security requirements for managing security incidents using ISO/IEC 21827: Systems security engineering capability maturity model with a rating scale of 0 - 5. It employed descriptive statistics and non-parametric statistical method to determine the significance of each variable based on a research problem. It used Chi-Square Goodness of Fit Test (X2) to determine the statistical significance of result findings. The findings revealed that security controls and security measures are implemented in ad-hoc. For managing security incidents, organizations should use human sensor web Crowd sourcing platform. The study contributes to knowledge base management learning integration: practical implementation of Crowd sourcing in information systems security.
Cite this paper: Mshangi, M. , Nfuka, E. and Sanga, C. (2018) Human Sensor Web Crowd Sourcing Security Incidents Management in Tanzania Context. Journal of Information Security, 9, 191-208. doi: 10.4236/jis.2018.93014.
References

[1]   Tsega, H., Lemmens, R., Kraak, M.J. and Lung, J. (2015) Towards a Smarter System for Human Sensor Web. IEEE International Conference on Pervasive Computing and Communication Workshops (PerCom Workshops), St. Louis, MO, 14-19.
http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7133986&isnumber=7133953

[2]   Verma, R. and Ruj, S. (2014) Security Services Using Crowd Sourcing. Procedia Computer Science, 32, 505-512.

[3]   Verplanke, J., Becht, R., Miscione, G., Kimara, H., Benz, H., Jürrens, E., Yen, C. and Sung, S.Y. (2010) Empowering Communities in East Africa in Water Service Provision through Information from Human Sensor Webs.
ftp://ftp.itc.nl/pub/pgis/HSW/HSW%20final%20report.pdf

[4]   Kipanyula, M.J., Geofrey, A.M., Fue, K.G., Mlozi, M.R.S., Tumbo, S.D., Haug, R. and Sanga, C.A. (2016) Web and Mobile Phone Based Rabies Surveillance System for Humans and Animals in Kilosa District, Tanzania. International Journal of Information Communication Technologies and Human Development, 8, 47-59.

[5]   Lasnia, D., Broering, A., Jirka, S. and Remke, A. (2010) Crowd Sourcing Sensor Tasks to a Socio-Geographic Network. In: 13th AGILE International Conference on Geographic Information Science 2010, Guimarães, Portugal, 1-8.
http://plone.itc.nl/agile_old/Conference/2010-guimaraes/ShortPapers_PDF/98_DOC.pdf

[6]   Kamel, B.M.N., Resch, B., Crowley, D.N., Breslin, J.G., Sohn, G., Burtner, R., et al. (2011) Crowd Sourcing, Citizen Sensing and Sensor Web Technologies for Public and Environmental Health Surveillance and Crisis Management: Trends, OGC Standards and Application Examples. International Journal of Health Geographics, 10, 38-67.

[7]   Fue, K., Geoffrey, A., Mlozi, M.R., Tumbo, S.D., Haug, R. and Sanga, C.A. (2016) Analyzing Usage of Crowd Sourcing Platform Ushaurikilimo’ by Pastoral and Agro-Pastoral Communities in Tanzania. International Journal of Institutional Technology and Distance Learning, 13, 3-19.
http://www.itdl.org/Journal/Dec_16/Dec16.pdf

[8]   Havlik, D., Schade, S., Sabeur, Z.A., Mazzetti, P., Watson, K., Berre, A.J. and Mon, J.L. (2011) From Sensor to Observation Web with Environmental Enablers in the Future Internet. Sensors, 11, 3874-3907.

[9]   Karim, R. (2013) Using the Crowd as an Innovation Partner. Retrieved April 1, 2018.
https://hbr.org/2013/04/using-the-crowd-as-an-innovation-partner

[10]   Kasita, C. and Laizer, L.S. (2013) Information and Knowledge Management Security Architecture for Tanzania Higher Learning Institutions’ Data Warehouse. Information and Knowledge Management, 3, 25-32.
http://www.iiste.org/Journals/index.php/IKM/article/view/7996/8329

[11]   Sanga, C., Phillipo, J., Mlozi, M.R.S., Haug, R. and Tumbo, S.D. (2016) Crowd Sourcing Platform “Ushaurikilimo” Enabling Questions Answering between Farmers, Extension Agents and Researchers. International Journal of Instructional Technology and Distance Learning, 13, 19-28.
http://www.itdl.org/Journal/Oct_16/Oct16.pdf

[12]   Microsoft (2002) The STRIDE Threat Model.
https://www.microsoft.com/en-us/sdl/adopt/threatmodeling.aspx

[13]   Microsoft (2015) Microsoft Advanced Threat Analytics.
https://www.microsoft.com/en-us/cloud-platform/advanced-threat-analytics

[14]   Mbowe, J.E., Msanjila, S.S., Oreku, G.S. and Kalegele, K. (2016) On Development of Platform for Organization Security Threat Analytics and Management (POSTAM) Using Rule-Based Approach. Journal of Software Engineering and Applications, 9, 601-623.
https://doi.org/10.4236/jsea.2016.912041

[15]   Cichonski, P. and Scarfone, K. (2012) Computer Security Incident Handling Guide (Draft) Recommendations of the National Institute of Standards and Technology. National Institute of Standards and Technology (NIST), Revision 2, 1-57.
https://nvlpubs.nist.gov/nistpubs/specialpublications/nist.sp.800-61r2.pdf

[16]   ISO/IEC (2016) ISO/IEC 27035:2011 Information Technology—Security Techniques—Information Security Incident Management.
http://www.iso27001security.com/html/27035.html

[17]   Coole, M., Corkill, J. and Woodward, A. (2012) Defence in Depth, Protection in Depth and Security in Depth: A Comparative Analysis towards a Common Usage Language DEPTH: A Comparative Analysis towards a Common. Proceedings of the 5th Australian Security and Intelligence Conference, Perth, 3-5 December 2012, 27-35.
http://ro.ecu.edu.au/cgi/viewcontent.cgi?article=1023&context=asi

[18]   Nfuka, E.N., Sanga, C. and Mshangi, M. (2014) The Rapid Growth of Cybercrimes Affecting Information Systems in the Global: Is This a Myth or Reality in Tanzania? International Journal of Information Security Science, 3, 182-199.
http://www.ijiss.org/ijiss/index.php/ijiss/article/view/72

[19]   Mshangi, M., Nfuka, E.N. and Sanga, C. (2015) Using Soft Systems Methodology and Activity Theory to Exploit Security of Web Applications against Heartbleed Vulnerability. International Journal of Computing and ICT Research, 8, 32-52.
http://ijcir.mak.ac.ug/volume8-number2/article4.pdf

[20]   Goodchild, M.F. and Glennon, J.A. (2010) Crowd Sourcing Geographic Information for Disaster Response: A Research Frontier. International Journal of Digital Earth, 3, 231-241. https://doi.org/10.1080/17538941003759255

[21]   Jick, T.D. (1979) Mixing Qualitative and Quantitative Methods: Triangulation in Action Mixing Qualitative and Quantitative Methods: Triangulation in Action. Administrative Science Quarterly, 24, 602-611. https://doi.org/10.2307/2392366

[22]   Davey, J.W., Gugiu, P.C. and Coryn, C.L.S. (2010) Quantitative Methods for Estimating the Reliability of Qualitative Data. Journal of Multi-Disciplinary Evaluation, 6, 140-162.
http://journals.sfu.ca/jmde/index.php/jmde_1/article/download/266/254/0

[23]   EDUCASE (2015) Assessment Tool—Educause.
https://library.educause.edu/~/media/files/library/2015/11/heisctool-xlsm.xlsm

[24]   Cohen, L., Manion, L. and Morrison, K. (2007) Research Methods in Education. Professional Development in Education. 6th Edition, Vol. 38, Routledge, New York.

[25]   PMO-RALG (2016) The Prime Minister’s Office, Regional Administration and Local Government (PMO-RALG). http://www.tamisemi.go.tz/

[26]   MEST (2016) Ministry of Education, Science and Technology (MEST).
http://moe.go.tz/en/

[27]   Checkland, P.B. (1998) Systems Thinking, Systems Practice. John Wiley & Sons Ltd., Hoboken.

[28]   Sanga, C. (2010) A Technique for the Evaluation of Free and Open Sources E-Learning Systems. PhD Thesis, The University of the Western Cape, Cape Town.
http://etd.uwc.ac.za/xmlui/bitstream/handle/11394/2564/Sanga_PHD_2010.pdf?sequence=1

[29]   Mshangi, M., Nfuka, E.N. and Sanga, C. (2017) An Innovative Soft Design Science Methodology for Improving Development of a Secure Information System in Tanzania Using Multi-Layered Approach. Journal of Information Security, 8, 141-165.
https://doi.org/10.4236/jis.2017.83010

[30]   Checkland, P.B. and Scholes, J. (1990) Soft Systems Methodology in Action. John Wiley & Sons, Inc., New York. http://dl.acm.org/citation.cfm?id=130360

[31]   Saunders, M.N.K., Lewis, P., Thornbill, A. and Jenkins, M. (2009) Research Methods for Business Students. 5th Edition, Pearson Education Limited, London.

[32]   ISO/IEC 21827 (2008) ISO/IEC 21827:2008 Information Technology Security Techniques Systems Security Engineering Capability Maturity Model.
https://www.iso.org/standard/44716.html

[33]   Mshangi, M., Nfuka, E.N. and Sanga, C. (2018) Human Sensor Web Crowd Sourcing Security Incidents Management Platform. http://siapist.net/hsw/

[34]   Li, W., Huhns, M.N., Tsai, W.-T. and Wu, W. (2015) Crowd Sourcing Cloud-Based Software Development. Springer, Heidelberg, New York, Dordrecht, London.

[35]   Devi, V. (2013) Traditional and Agile Methods: An Interpretation.
https://www.scrumalliance.org/community/articles/2013/january/traditional-and-agile-methods-an-interpretation

[36]   Misra, A., Gooze, A., Watikins, K., Asad, M. and Le Dantec, C.A. (2014) Crowd Sourcing and Its Application to Transportation Data Collection and Management. Transportation Research Record: Journal of the Transportation Research Board, 2, 1-16. https://doi.org/10.3141/2414-01

 
 
Top