Designing a Security Operations Framework to Improve Information Security Monitoring the Case of Ethiopian Banks

No Thumbnail Available



Journal Title

Journal ISSN

Volume Title


Addis Ababa University


Ethiopian banks have continued investing heavily in Information technology to expand their banking services and products to their customers using different digital channels. However, this wide use of IT-based services in the banking sector has brought increased concern of information security threat from all involved stakeholders including customers, management, employees, shareholders and regulatory bodies. To overcome this concern, financial institutions have significantly strengthened their defenses in protecting their critical assets against cybersecurity threats using different mechanisms. Regulatory bodies such as National Bank of Ethiopia (NBE), and Information Network Security Agency (INSA) are also playing key roles in facilitating and pushing financial institutions to be equipped with the right information security technology, people, policies and procedures. However, assessment of existing security operation practices reveal, too little attention is given to proactive threat detection and information security continuous monitoring. Having continuous information security monitoring practices by establishing standard Security Operations Center (SOC) is crucial in proactively detecting and responding to cybersecurity attacks directed to this mission-critical banking infrastructure. This study has tried to fill this gap by proposing a comprehensive security operations framework for the Ethiopian banking industry using design science research methodology. Document analysis and expert discussions have been used to collect and understand the current practices and gaps in security operations. Unavailability of common security operations framework, inadequate security threat monitoring practices, lack of skilled cybersecurity analysts, budget constraints and insufficient collaboration and communication with national and international cybersecurity threat intelligence bodies are some of the gaps and obstacles preventing the SOC team and management in implementing effective and efficient security operations. Finally, threat detection and monitoring part of the designed artifact is sufficiently demonstrated and evaluated by simulating open-source SIEM solution in a virtual environment. The evaluation result also shows that the design artifact has adequately addressed the people, process and technology aspects. However, secured configurations, forensics and incident response procedures have not been covered in this research, even though they are part of the SOC main functions. Thus, these areas require further study. The financial institutions are also required to assess their readiness in adopting the designed SOC framework and information security monitoring.



Designing, Security Operations Framework, Improve Information, Security Monitoring, Case of Ethiopian Banks