Tuesday, September 4, 2012


This is an abstract from my Msc Thesis:

In this study, acceptance and usability of mobile phones in the delivery of healthcare services among Health Surveillance Assistants (HSAs) in rural villages of Malawi was investigated using the Technology Acceptance Model (TAM) and principles of Human Computer Interactions to evaluate the perceived usability.

The study was conducted in Zomba district, Mwandama Village, which hosts the Millennium Villages Project. A total of 38 HSAs were interviewed from a population of 44 HSAs and a self reported questionnaire was administered.

Firstly, the results show that HSAs in the study environment have a positive attitude towards the use of mobile phones (mean = 5.02 and standard deviation = 0.901) on a 6 points Likert Scale. Furthermore, the results show that the HSAs attitude was positive irrespective of gender t (36) = 0.806, p < 0.05 and age F (37) = 2.68, p > 0.05. However, the attitude was moderated by level of education F (37) = 4.31, p < 0.05. HSAs with Junior Certificate of Education (JCE) had a lower attitude towards mobile phone technology (mean = 4.60, standard deviation = 0.632) than those with Malawi Schools Certificate of Education (MSCE) with (mean = 5.09, standard deviation = 0.668). Secondly, the results show that HSAs perceived overall usability of the mobile phones in support of healthcare services delivery was positive (mean= 4.33, standard deviation = 0.644). The usability was positive irrespective of gender t (36) = -0.896, p < 0.05 and age F (37) = 0.012, p > 0.05, or level of education F (37) = 2.72, p > 0.05. Finally, the results showed that there was a weak and negative relationship between mobile phone technology acceptance and usability among HSAs. However, this relationship was statistically significant R (37) = -0.127, p > 0.05. The study was however limited to HSAs who had received mobile phones and were residing in the rural villages under study. It will be interesting to assess the actual use of the mobile phones and further understand the issues flagged out in this study using qualitative research. Furthermore, there is need for a multivariate study to account for confounding factors in assessing the relationship between acceptance and usability.

Monday, June 29, 2009

Michael Jackson Malware Has Already Hit the Net

Trojans attempt to exploit the postmortem interest around the late King of Pop.
Story by Alex Goldman:
Malware writers, always eager to take advantage of breaking news to get victims to click on bad links and download Trojans, have already jumped on the largest recent Internet message stream -- the flood of grief and commentary surrounding the death of singer Michael Jackson.
The volume of Web traffic surrounding Jackson's death became so huge that there was a tangible Web slowdown, with problems affecting major Web sites and services. Google, for instance, admitted on its official blog that its Google News site initially took the spike in searches as an automated attack.
Not surprisingly, spammers and malware authors have also begun taking advantage on the public's interest in the King of Pop.
Today, F-Secure's chief research officer, Mikko H. Hyppönen, wrote in his blog that the security company has already found several Michael Jackson Trojans.
"When executed, Michael-www.google.com.exe drops files called reptile.exe and winudp.exe. These are IRC bots with backdoor capability," he wrote. "This file was distributed through a site called photos-google.com and possibly also through photo-msn.org, facebook-photo.net and orkut-images.com. Do not visit these sites."
MessageLabs, Symantec's cloud security service, said it had also uncovered similar Michael Jackson-themed threats.
"MessageLabs blocked 144 copies of a Trojan dropper identified as "W32/VB-Generic-0481-f36f," MessageLabs senior analyst Paul Wood said in an e-mail to InternetNews.com.
"All of the e-mails had the same subject, 'Remembering Michael Jackson,' with a ZIP attachment containing malware with double extension (xxx.jpg.exe)," he said. "The link in the mail downloads a malicious executable file, disguised as a JPG."
It's just the latest case where spammers are taking advantage of victims' trust in or eagerness to learn about celebrities. While Michael Jackson ranked 10th on the list of names used as spam bait even before his death, spammers have exploited the good names of actresses Kate Hudson and Kirsten Dunst and wrestler Hulk Hogan in one case, and Net guru Guy Kawasaki in another.
Yet, e-mail may soon be losing its luster the preferred attack vector for malware authors.
While e-mail is carefully policed, recent attacks show that Web 2.0 has more vulnerabilities. Symantec also recently reported that spammers have new tools specially designed for invading social networks.

Thursday, March 12, 2009

Msc in Informatics at the Universirty of Malawi

The University of Malawi has annaounced the introduction of a Masters degree programme in Informatics based at Chancellor College (Department of Mathematical Sciences)being run jointly with the Malawi Polytechnic(Department of computing and Information Technology) and the College of Medicine.
The rogramme will run for two years with the first year concentrating on the taught courses and the other for research.
I ,personally must congratulate the University for this innovative course ,it has been overdue.Iam not very sure what really are the logistics that the university needs to follow for it to start offering a masters course BUT i saw it as a matter of lack of creativity in our university. For example Mzuzu University has not been in the field for long but has been capable of introducing an Msc in coding and cryptography -which initially it looked as achallenge but so far the programme seems to be a success.
And i do not think that three institutions should sit down and offer one Msc ,what is the problem with Chancellor college ,or Polytechnic going it alone and just agree on the programme structure .
Maybe someone have answers to enlight my curiousity ,but i hope that this is the begining of more innovative in our university especially in the field of Sciences .

I can't wait to be the first student !!!!

Wednesday, November 26, 2008

Hazel ,Hazel ,Hazel !

Last Sunday ,the 23rd November ,2008 ,saw the Malawian representative in the Big Brother Africa III ,Hazel Warren missing the the $100,000 prize by a whisker. A lot of her fans especially here at the home soil were disappointed and including yours trully was equally disappointed at seeing Hazel not making history for Malawi by Winning the Cash. Alot of noise has been made with some accusing the transparentness of the statistical system that the Information Risk Consultants used to determine the winner. Others argue that ,if there was a tie ,the monies could have been split between Ricco and Hazel.
Whether the system that was used by the Risk Management Consultants was or the rules governing the ultimate winner are at fault ,me i see the results as a reflection and the issue of ICT at work. By the time KB announced that there was a tie between Hazel and Ricco with a six votes each and then that the risk management consultants had decided to use percentage votes ,i told my collegues that Hazel is going to loose ,straight away. Why ? If you look at the countries that voted for Hazel including ourselves are the likes of Botswana and Ricco apart from Angola had Nigeria .For Malawi ,we are not all that exposed to ICT and the internet usage is not all that large ,and even the alternative way of voting,the phone -not so many people could afford to lose the $0.40 just for the sake of voting Hazel to win .And most of the other countries that voted for Hazel face similar ICT Challenges . And for a country like Nigeria which voted for Ricco apart from having and advanced ICT infrastructre system has even the largest population in Africa -An advantage to Ricco. And Ricco had an advantage considering that the whole Africa apart from the 12 participating countries voted for him . As such ,i do not see the reason why some people should be mad that Hazel was robbed ,but rather ,the Country Malawi should learn one or two lessons from this ; ICT awareness should be improved and Accessibility -the System is just so expensive(may be the most expensive in the world) if you look at Airtime cost.
BUT all in all , i salute Hazel for being in the final and behaving so nicely ,atleast this time there was no boring kisses like the ones which our BBA 2 representative was giving to the Ugandan Mistress. Lets wait for BBA4 and may be the rules will change when there will be a tie and pray that by then we will be voting by phone for free and then our internet usage will be improved ,remember the Government idea of Rural Connectivity(ICT wise).

Wednesday, May 28, 2008

After the Break

I was abit off the site for some time since December ,actually i had a busy schedule that made posting something a bit difficult. A lot has happened ,we have seen our local IT Association ICTAM organising a DRP/BCP workshop .Honestly ICTAM and the facilitators need to be commended ,this is a good step in the right direction for it shows that issues of security as far as ICT is concerned can not be avoided. Interestingly i was impressed to see companies like National Bank of Malawi ,Celtel and others which offers real time ICT Services sending their employees to the workshop-this is great!
What i want to see now is companies creating positions of ICT Security Managers/Officers in their structures so that someone should be fully responsible for these security issues rather than the same person doing hardware ,software ,trainings and the like -This is time for specialisation ,and we need to move quickly in this area of ICT Security otherwise the Zimbabwe and South African Security Consultants will continue robbing our companies with their high and unjustied prices.

Thursday, December 6, 2007


Having born, lived and worked (especially working with the government IT department) in Malawi, one of the so called developing countries .I have seen, observed and experienced some of the issues worth sharing on the Information Systems security status. I was privileged some years back to travel overseas in Japan where I was trained as an information security Specialist and also had a stint with one of the renowned Audit Firms in the world(KPMG), working locally as an Information Risk Management Specialist. The general observation is that In Malawi like in any other developing country the ICT Sector is growing rapidly. But …..One of the challenges is the risk associated with the new technology…….is there advocacy for this or we are just promoting the introduction and ignoring the RISKS and how to mitigate them ?

In any field ,the business assumptions - the way it was……….
“That products would not change dramatically, that the processes used to produce them would remain basically the same that the workforce would remain loyal, that new competitors would occasionally appear but the playing field would be level”
But the above is not the same especially in IT.

Today’s IT Environment is associated with the growing cost if security is to be achieved ,distributed , heterogeneous, complex ,higher expectation , increasing risk ,high business dependency .

What the IT function must deliver

• Security / integrity
• Effectiveness and efficiency
• Implementation to impossible timetables
• Reduced Costs - (“Total cost of ownership” - TCO)
• Service levels
• Innovative solutions
• Value for money
• And….source, implement and exploit risky new technology

The above may be achieved but has a cost to a developing country like Malawi in terms of resources, personnel and Government commitment. Even in countries where ICT is like a model to us the road has not been smooth as I quote:

“IT has been the longest running disappointment in business in the last 30 years!”
Jack Welch, Chairman, General Electric, World Economic Forum, Davos, 1997

“Technology can help fulfil a visionary dream, but often its use is closer to a sobering nightmare!”
Vesa Vaino, CEO Merita Bank, SIBOS, Helsinki, 1998

I am writing a book on the history of information Technology…in order to better understand why it is such a mess!”
Philippe Corniou, CIO, Renault, IT Governance Forum, Paris, 2001

IT investments did not have an impact on productivity in 53 out of 59 economic sectors”
McKinsey report 2001

The above means that for a country like Malawi to have a sound ICT infrastructure and services ,there has to be a big investment planning for all ;Government and the Private sector.
The business IT challenges is all about increasing consumer trust in technology and ensuring that IT contributes significantly and effectively to enhanced and sustainable shareholder value and these include:
– Improving the value for money obtained from IT investment
– Improving security and control in order to increase trust in consumer and corporate use of technology solutions
– Improving accessibility and reliability of technology based solutions
– Seeking greater opportunities for the exploitation of advanced technology for stakeholder benefit
– Understand and promote best practices in IT governance
– Ensuring that we have the human capabilities to deliver satisfactorily on these objectives

But is a pathetic situation that the Government of Malawi has no NATIONAL ICT POLICY (The draft is not yet approved despite being sent to parliament). And even at departmental level there is an ICT Policy in the department of Information Systems and Technology Management Services –it is just gathering dust in the shelves-NO IMPLEMENTATION!!! Even if you go to companies ,ask for the ICT Security policy –oops, only a few would produce it, even if they mean that they rely on ICT for their business-Kodi inu mwayiwala za Celtel –itapsa bwanji ? There was no back up services –Take care!

The issue here is , "let’s start taking this issue of achieving IT security serious" –Mbite!!!

Friday, November 16, 2007

Enterprises Lack Effective Risk Management According to New AESRM Report


Rolling Meadows, Illinois, USA (5 September 2007)—The currently popular silo approach to managing enterprise risk is inadequate because it leaves too many gaps and provides no reliable way to evaluate an enterprise’s risk position, according to a new research report issued by The Alliance for Enterprise Security Risk Management (AESRM), a partnership of leading international security associations ISACA and ASIS International. The report is available as a free download at www.aesrm.org.
The Convergence of Physical and Information Security in the Context of Enterprise Risk Management shows that while risk management is fundamental to most enterprise managers, many risk reduction initiatives are not coordinated or integrated across all risk areas. Only 19 percent of executives surveyed said their company has a robust process in place for identifying when risk tolerance approached or exceeded defined limits.
To address these risk challenges, organizations are investigating more inclusive enterprise risk management (ERM) programs and converging traditional and information security functions. Although this convergence is intuitive and logical, it is still in its early stages, according to the research conducted by Deloitte.
“The need for enterprises to understand, measure and mitigate their risk is a leading factor driving the increase in security convergence,” said Ray O’Hara, CPP, chairman of AESRM. “Globalization and high-profile security breaches have gained the attention of boards and management, who increasingly realize how effective risk management protects their assets and supports growth.”
When asked to identify the major drivers of their companies’ security integration efforts, 73 percent of the executives cited “reducing risk of combined information and physical security threats,” 58 percent said “increased information sharing,” and 50 percent noted “better protection of the organization’s people, intellectual property and corporate assets.” The survey shows that security integration and ERM, when aligned, add value throughout an organization.
“Even though our study found that convergence is in its infancy, it is clearly a concept that is not going away,” said Adel Melek, global leader of the security and privacy practice at Deloitte Touche Tohmatsu. “But like any new idea, it takes pioneers or ‘visionaries’ to propel it forward. The visionaries of our report’s case studies, typically executives, have a strong belief in the benefits of convergence and have the personal commitment to see their ideas to completion despite the uncharted territory in which they may find themselves.”
The report also includes case studies of successful ERM programs from SAP; Constellation Energy Group; the City of Vancouver, BC, Canada; and other organizations that achieved cost reductions, increased risk intelligence and mitigation, and reduced duplication. More information and examples of convergence are at http://www.aesrm.org/.
Media contact:For ISACA: Kristen Kessinger, kkessinger@isaca.org, 847.590.7455For ASIS: Eileen Smith, esmith@asisonline.org, 703.518.1404
About AESRM—The Alliance for Enterprise Security Risk Management (AESRM) (http://www.aesrm.org/) was formed in February 2005 to encourage board and senior executive attention to critical security-related issues and the need for a comprehensive approach to protect the enterprise. The alliance—consisting of ASIS International and ISACA—brings together more than 90,000 global security professionals with broad security backgrounds and skills to address the significant increase and complexity of security-related risks to international commerce from terrorism, cyber attacks, Internet viruses, theft, fraud, extortion and other threats.
About ISACA—With more than 65,000 members who live and work in more than 140 countries, ISACA (http://www.isaca.org/) is a recognized worldwide leader in IT governance, control, security and assurance. Founded in 1969, ISACA sponsors international conferences, publishes the Information Systems Control Journal®, develops international information systems auditing and control standards, and administers the globally respected Certified Information Systems Auditor (CISA) designation, earned by more than 50,000 professionals since inception, and the Certified Information Security Manager (CISM) designation, a groundbreaking credential earned by more than 6,500 professionals since it was established in 2002.
About ASIS—ASIS International (ASIS) (http://www.asisonline.org/) is the preeminent organization for security professionals, with more than 35,000 members worldwide. Founded in 1955, ASIS is dedicated to increasing the effectiveness and productivity of security professionals by developing educational programs and materials that address broad security interests, such as the ASIS Annual Seminar and Exhibits, as well as specific security topics. ASIS also advocates the role and value of the security management profession to business, the media, government entities, and the public. By providing members and the security community with access to a full range of programs and services, and by publishing the industry’s number one magazine—Security Management—ASIS leads the way for advanced and improved security performance.
About Deloitte—Deloitte refers to one or more of Deloitte Touche Tohmatsu, a Swiss Verein, its member firms, and their respective subsidiaries and affiliates. Deloitte Touche Tohmatsu is an organization of member firms around the world devoted to excellence in providing professional services and advice, focused on client service through a global strategy executed locally in nearly 140 countries. With access to the deep intellectual capital of approximately 150,000 people worldwide, Deloitte delivers services in four professional areas—audit, tax, consulting and financial advisory services—and serves more than 80 percent of the world’s largest companies, as well as large national enterprises, public institutions, locally important clients, and successful, fast-growing global growth companies. Services are not provided by the Deloitte Touche Tohmatsu Verein, and, for regulatory and other reasons, certain member firms do not provide services in all four professional areas. As a Swiss Verein (association), neither Deloitte Touche Tohmatsu nor any of its member firms has any liability for each other’s acts or omissions. Each of the member firms is a separate and independent legal entity operating under the names “Deloitte,” “Deloitte & Touche,” “Deloitte Touche Tohmatsu,” or other related names.