School of Information Science

Permanent URI for this college

http://etd.aau.edu.et/handle/123456789/26

Browse

Browsing School of Information Science by Author "Abay, Abeje"

Now showing 1 - 1 of 1
  • No Thumbnail Available
    Item
    Towards Improving Information Systems Vulnerability Assessment Practice in an Ethiopian Bank
    (Addis Ababa University, 2021-06-11) Abay, Abeje; Lessa, Lemma (PhD)
    Now a day, information systems security is becoming a day-to-day concern for many organizations. Information security aims to protect the confidentiality, availability and integrity of information. One of the challenges faced by organizations is securing their information systems in light of the rising threats and compliance requirements. Vulnerability assessment is discovering the weaknesses and security holes of the information systems. Conducting vulnerability assessment stood out as one of the strategy to protect information systems from different cyber-attacks. It is one of the prerequisites as to what security control mechanisms to put in place. Extant literature indicated that a full-fledged security vulnerability assessment has not been a regular practice in banks in Ethiopia. This study intends to suggest strategies and recommendations for improving the information systems vulnerability assessment practice in a bank in Ethiopia. A qualitative case study research method is applied. Interview and document analysis were the data collection techniques. The respondents were purposively selected based on their role to vulnerability assessment practice and experience. This study used thematic analysis and the researcher transcribed interview recordings and used coding techniques. Initially the researcher read and re-read the transcripts from the recorded interview in order to filter out or identify the themes. And then review different initial codes to produce sub- themes. Next the sub themes were reviewed to define and name the themes. After the themes finalized the write up of the report has begun. The analysis has provided the following themes namely: - Creating baseline, vulnerability assessment, risk assessment, remediation, verification and Monitoring security and network traffics. The results of the analysis imply that bank does not have a defined vulnerability assessment procedure and policy. This indicates that the bank has many challenges on vulnerability assessment processes like baseline creation, vulnerability assessment, risk assessment, remediation, verification, and monitoring phases. The researcher highlights some recommendations and strategies for effective vulnerability assessment process.