A Framework for Human Factors Influence on Information Systems Security at Commercial Banks in Ethiopia

No Thumbnail Available



Journal Title

Journal ISSN

Volume Title


Addis Ababa University


The importance of protecting information in banks and mitigating security breach is becoming more important than ever. Human factors represent essential issue in information systems security in organizations, since human factors determine the behavior of employees toward information systems security. This thesis researched information systems security countermeasures that are used to reduce internal threat and how employees perceive them and create a human factors model to address human factor gaps in information systems security in commercial banks in Ethiopia. A case study research design was used, since case study research design helps to understand a situation in great depth. Purposive sampling was used by this thesis, since it is recommended for qualitative case researches. The samples were selected based on eligibility criteria that the respondents should have experience and expertise in information systems security and the banking activities. The sample consists of information systems security manager, branch manager, information systems auditor, audit division manager, information systems support officer and front users. For this research both structured and unstructured interviews were used. For data analysis thematic analysis and pattern matching techniques were used. The findings were used to create comprehensive model which can assist in information systems security to secure information. The study investigated the impact of employees behaviour with regard to information systems security. The findings prove that users engaged into risky actions that could make the bank system subject to attack. Employees’ behaviour has been shown in relation to technology interaction, perception and information systems security training. Employees behaviour on human factor in information systems security can be improved by supplying information security training. Information systems security oriented training can address human factor problems in banks by increasing theoretical and practical knowledge of the users. Since information systems has the human element as a fundamental component, information systems security process should include the users.



Information Systems Security, Human Behavior, Information Policy, Organizational Culture, Training