The purpose of this study was to develop a framework that employs multi-level access to enhance authentication mechanisms in public sector organisations and to restrict former employees whose prior elevated privileges could pose significant security risks if not effectively revoked. To achieve this purpose, the study identified multi-level policies used to control authentication in databases, examined the extent to which these policies can strengthen authentication in organisations, and developed an SQL procedure for multi-level security access authentication in database systems. Findings from the first objective revealed that most organisations have multi-level security access policies in place, which are primarily applied to database authentication based on the three security triads: confidentiality, integrity, and availability. Building on these policies, the second objective proposed a framework designed to enhance authentication and mitigate the risks posed by former employees. The framework defines three levels of authentication and recommends their implementation in public sector organisations. For the third objective, the framework was evaluated by database administration experts using SQL procedures developed from the model, and results confirmed its effectiveness in addressing the problem of access control for former employees. The study recommends the adoption of the proposed three-level security architecture, in which protection begins at the portal (level 1), continues through the engine (level 2), and extends to the database (level 3).

Received on, 21 September 2025

Accepted on, 23 November 2025

Published on, 30 November 2025

W. S. Admass, Y. Y. Munaye, and A. A. Diro, “Cyber security: State of the art, challenges and future directions,” 2024. doi: 10.1016/j.csa.2023.100031.

R. B, L. K, I. M, and P. S. H, “Distributed Scheme to Authenticate Data Storage Security in Cloud Computing,” International Journal of Computer Science and Information Technology, vol. 9, no. 6, pp. 59–66, Dec. 2017, doi: 10.5121/ijcsit.2017.9606.

M. R. Mphatheni and W. Maluleke, “Cybersecurity as a response to combating cybercrime: Demystifying the prevailing threats and offering recommendations to the African regions,” International Journal of Research in Business and Social Science, vol. 11, no. 4, 2022.

G. Silowash, T. J. Shimeall, D. Cappelli, A. Moore, L. Flynn, and R. Trzeciak, “Common Sense Guide to Mitigating Threats,” 2012.

M. Dewa and I. Zlotnikova, “Current Status of e-Government Services in Tanzania : A Security Perspective,” Advances in Computer Science: an International Journal, vol. 3, no. 3, 2014.

D. FELIX, “Investigating Human Factors Compromising the Security of Information Systems in the Public Sector in Tanzania,” IAA, 2023.

B. Bin Sarhan and N. Altwaijry, “Insider Threat Detection Using Machine Learning Approach,” Applied Sciences (Switzerland), vol. 13, no. 1, 2023, doi: 10.3390/app13010259.

T. Tian, C. Zhang, B. Jiang, H. Feng, and Z. Lu, “Insider threat detection for specific threat scenarios,” Cybersecurity, vol. 8, no. 1, p. 17, Mar. 2025, doi: 10.1186/s42400-024-00321-w.

N. Baracaldo, B. Palanisamy, and J. Joshi, “G-SIR: An Insider Attack Resilient Geo-Social Access Control Framework,” IEEE Trans Dependable Secure Comput, vol. 16, no. 1, pp. 84–98, Jan. 2019, doi: 10.1109/TDSC.2017.2654438.

R. A. Alsowail and T. Al-Shehari, “A Multi-Tiered Framework for Insider Threat Prevention,” Electronics (Basel), vol. 10, no. 9, p. 1005, Apr. 2021, doi: 10.3390/electronics10091005.

R. A. Alsowail and T. Al-Shehari, “A Multi-Tiered Framework for Insider Threat Prevention,” Electronics (Basel), vol. 10, no. 9, p. 1005, Apr. 2021, doi: 10.3390/electronics10091005.

A. M. Mostafa, M. H. Abdel-Aziz, and I. M. El-Henawy, “Design and implementation of multi-layer policies for database security,” Information Sciences Letters, vol. 2, no. 3, pp. 147–153, Sep. 2013, doi: 10.12785/isl/020303.

H. Ragavan and B. Panda, “Mitigating Malicious Updates: Prevention of Insider Threat to Databases,” in 2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, IEEE, Jul. 2013, pp. 781–788. doi: 10.1109/TrustCom.2013.95.

H. S. Abdulla and A. M. Aladdin, “Enhancing Design and Authentication Performance Model: A Multilevel Secure Database Management System,” Future Internet, vol. 17, pp. 1–22, 2025, [Online]. Available: https://ideas.repec.org/a/gam/jftint/v17y2025i2p74-d1586426.html

H. S. Abdulla and A. M. Aladdin, “Enhancing Design and Authentication Performance Model: A Multilevel Secure Database Management System,” Future Internet, vol. 17, no. 2, p. 74, Feb. 2025, doi: 10.3390/fi17020074.

D. S. Moore, G. P. McCabe, and B. A. Craig, Introduction to the Practice of Statistic, vol. 4. WH Freeman New York, 2009.

A. M. Umar and B. Wachiko, “Method for sample size calculation,” Mathematical Association Of Nigeria (Man), vol. 46, no. 1, p. 188, 2021.

M. Cristiá and G. Rossi, “Automated Proof of Bell–LaPadula Security Properties,” J Autom Reason, vol. 65, no. 4, pp. 463–478, Apr. 2021, doi: 10.1007/s10817-020-09577-6.

R. Zhang, G. Liu, H. Kang, Q. Wang, Y. Tian, and C. Wang, “Improved Bell–LaPadula Model With Break the Glass Mechanism,” IEEE Trans Reliab, vol. 70, pp. 1232–1241, 2021, doi: 10.1109/tr.2020.3046768.

J. E. Thy and L. Knutsen, “Leveraging Physical Access Data: Detecting Malicious Insider Activities During Employee Offboarding,” Ntnu.no, 2025, doi: no.ntnu:inspera:300877113:360135215.

A. Ali, M. Husain, and P. Hans, “Real-Time Detection of Insider Threats Using Behavioral Analytics and Deep Evidential Clustering,” 2025. [Online]. Available: https://arxiv.org/abs/2505.15383v1

C. Reddy, S. Prabhagaran, and A. Vaid, “Adaptive Anomaly Detection in Database Transactions: Bridging Security Gaps with Reinforcement Learning,” European Journal of Artificial Intelligence and Machine Learning, vol. 4, no. 2, pp. 8–14, Apr. 2025, doi: 10.24018/ejai.2025.4.2.53.