By Raymond Karamagi
I read some IT experts’ opinions on TrumpetNews website. I also read that the UNEB examination system is new.
Before anyone can think of any system compromise, we may need to first confirm the standard systems Implementation methodology.
When UNEB was implementing their system, did they use system implementation standards?
Were user requirements well documented and signed off by UNEB officials?
Was the system’s specification document signed off?
Did UNEB end users carry out and sign-off the user Acceptance tests?
Were all configurations & Parameterization confirmed as well setup?
Why I am saying all this is because systems process what you give them. Gabbage in Gabbage out.
May be we need to interrogate whether the cheats did not include their flaws in the UNEB system implementation.
Now after system implementation, does UNEB consider system security as a serious matter? I know UNEB always does physical security of the exams and examination process, is this effort and investment put on the system?
If the following I.T systems security layers are not what UNEB has, then they need to think and act. May be may be not, their examination system may suffer a compromise and thus bring this confusion.
UNEB needs to secure the following
1) Information
2) Data
3) Web, Application & Database servers
4) Hosts, End points & Mobile interfaces
5) Internal users and external access
6) Internal Network
7) Network Perimeter
8) All the above need physical security.
So my opinion is that before any conclusion of system compromise (hacking), all the above in place and maintained as required, or the new system is in a vulnerable environment
The writer is an IT Specialist
