Security in In-House Developed Information Systems: The Case of Tanzania

In this 21st century, the world is moving more and more into the information economy; and information held by organization‟s information systems is among the most valuable assets in the organization‟s care and is considered a critical resource, enabling the organizations to achieve their strategic objectives. Inhouse developed information systems meant to enable organizations to achieve their strategic objectives, are on the increase and security has become a major concern in recent years. Hackers are using new techniques to gain access to sensitive data, disable information systems and administer other malicious activities aimed at the information systems. The need to secure an information system is imperative for use in today‟s world. Until recently, information systems security was an afterthought; developers were typically focused on functionality and features, waiting to implement security at the end of development. This approach to information systems security has proven to be disastrous because vulnerabilities have gone undetected allowing information systems to be attacked and damaged. A survey done in three (3) organizations in Tanzania has proved that most of the information systems developers have drawn their background from traditional systems development without the sense of implementing security in the early stage of information system development. This paper attempts to identify in-house developed information system‟s security deficiencies and related risks to organizations, the paper also attempt to establish technique that can be used to detect those deficiencies. Lastly the paper provide guidance that can be used by organizations to mitigate the risks.