Formulating an Information Security Policy Framework for Ethiopian Banking Industry
No Thumbnail Available
Date
2021-06-01
Authors
Journal Title
Journal ISSN
Volume Title
Publisher
Addis Ababa University
Abstract
Today's organizations rely heavily on information and information technology (IT) for the mere function of business operation s and stand out from the competition, especially for an organization like banks, as they acquire sensitive data. So these data must be protected at all times against any type or form of attack. Organizations fall victim to such attacks from poorly crafted, redundant, and weak information security policies (ISPs).
This study aims to answer the research question; what are the core values needed develop an information security policy for the Ethiopian banking industry? Furthermore, this ca n help to determine what security issues exist and the weaknesses and Vulnerabilities of the organization. The study explored international information security governance frameworks and best practices; and chooses ISO audit checklist, combined with the researcher's experience to develop the framework.
The researcher employed a qualitative research approach. Both primary data; through interviews and secondary data; document analysis are collected and used. A thematic analysis method is used in this research for analyzing the data. To analyze the data QDA MINER liter v2 .0.8 tool is used. Twenty four (24) core elements (codes) under ten (10) master themes; management of security, Acceptable use, data classification level, physical/environmental security,
intellectual property right, protection of malicious software, continuity of operations, contracts of employment and services, information asset management, and Access control are identified. The study findings show that the core elements availability in the Surveyed banks vary. Furthermore, they are at different position in handling the security of their systems. An entry-level ISP framework is formulated and evaluated . The Framework will be the basis of the organizations IS program and serve as a guideline for Creating an ISP.
Description
Keywords
Information security policy Development, thematic analysis, Banking Industry, Information Security Policy