A Social-Technical View of ICT Security Issues, Trends, and Challenges: Towards a Culture of ICT Security - The Case of Tanzania

This paper discusses the human dimension in a ‘security chain’ within information systems and networks. This dimension is often overlooked at different stages and levels of ICT development and implementation. An example of this omission could happen at the stages of design and implementation of various ICT systems or strategies and policy formulation concerning ICT use; at the level of an organisation or a country as a whole. As a consequence, this human dimension then forms a weak link in the overall ICT security chain. A common insight in this respect is that, a chain is as strong as its weakest link. A security chain involves coordinated measures both technical and non-technical (socialtechnical) necessarily taken to enable the provision and maintenance of adequate levels of ICT security within organisations or a nation as a whole. Several studies in the literature have shown that a supportive security culture is an important component in this chain. Security culture encompasses all socio-cultural measures that complement technical security measures. This paper will, drawing on available literature, attempt to identify and characterise the building blocks of a secure ICT environment in an organisation. The identified building blocks consist of: — people, ICT security requirements, ICT security culture, and security systems. Focusing on people, a discussion of the interaction between these building blocks in a social-technical context is provided based on some concepts from specific theories of Organisational Behaviour (OB). The building blocks and their interactions are then organized into a primary model. In order for an organisation to create, maintain and change its ICT security culture, certain enabling factors and changes at the national level are instrumental and necessary. Taking a socialtechnical context of Tanzania, the developed model is used to highlight and analyse some of these factors and needed changes in the light of some collected survey data. In particular, the current trends of ICT developments with respect to security and a supporting human capital are analysed. Further, recommendations of future strategies for ICT development in the country with respect to ICT security are also provided. This paper constitutes a part of an ongoing research from which we present some results.