Developing access control guidelines for the records department of the Ministry of Education and Sports (MOES), Uganda.

Abstract

The project focused on developing access control guidelines for the records department, MoES. The study was based on different objectives which included; finding out the existing administrative, physical and logical access controls at the Ministry specifically for the records department of the institution, examining user authentication mechanisms used in support of access control to grant and control access to information, examining different access control models that the department use while enhancing information security. The study was conducted using a qualitative approach which included in-depth interviews, observations, focus groups and audio recordings, data was gathered from a sample size of 7 respondents selected purposively. The study found that there were no well-documented access control guidelines for the records department to adhere to at MoES as user roles and responsibilities were not well defined when it comes to ensuring the effectiveness of existing access controls which in the end would expose information held to risks and threats like modification or alteration of sensitive information from unauthorised access. In addition, existing access controls are ineffective in controlling access and some are not fully adhered to by the staff which puts the security of information at stake. The study proposed some access control mechanisms in enhancing information security which include; the use of multi-factor authentication mechanisms, biometrics adoption specifically for the records department, installation of intrusion detection system (IDS) on computerised systems, access control models (DAC, MAC, RBAC and ABAC ) etc. Such would aid in managing and controlling access to information from unauthorised access. Furthermore, by putting such access controls in practice, the records department and the Ministry at large would gain benefits including centrality in managing information which reduces time wastage in retrieval of such needed information, securing the reputation of the Ministry at large etc.