Designing a Security Operations Framework to Improve Information Security Monitoring the Case of Ethiopian Banks

dc.contributor.advisorMeshesha, Million (PhD)
dc.contributor.authorEmbafrash, Muluberhan
dc.date.accessioned2021-11-23T11:06:00Z
dc.date.accessioned2023-11-18T12:47:47Z
dc.date.available2021-11-23T11:06:00Z
dc.date.available2023-11-18T12:47:47Z
dc.date.issued2021-08-19
dc.description.abstractEthiopian banks have continued investing heavily in Information technology to expand their banking services and products to their customers using different digital channels. However, this wide use of IT-based services in the banking sector has brought increased concern of information security threat from all involved stakeholders including customers, management, employees, shareholders and regulatory bodies. To overcome this concern, financial institutions have significantly strengthened their defenses in protecting their critical assets against cybersecurity threats using different mechanisms. Regulatory bodies such as National Bank of Ethiopia (NBE), and Information Network Security Agency (INSA) are also playing key roles in facilitating and pushing financial institutions to be equipped with the right information security technology, people, policies and procedures. However, assessment of existing security operation practices reveal, too little attention is given to proactive threat detection and information security continuous monitoring. Having continuous information security monitoring practices by establishing standard Security Operations Center (SOC) is crucial in proactively detecting and responding to cybersecurity attacks directed to this mission-critical banking infrastructure. This study has tried to fill this gap by proposing a comprehensive security operations framework for the Ethiopian banking industry using design science research methodology. Document analysis and expert discussions have been used to collect and understand the current practices and gaps in security operations. Unavailability of common security operations framework, inadequate security threat monitoring practices, lack of skilled cybersecurity analysts, budget constraints and insufficient collaboration and communication with national and international cybersecurity threat intelligence bodies are some of the gaps and obstacles preventing the SOC team and management in implementing effective and efficient security operations. Finally, threat detection and monitoring part of the designed artifact is sufficiently demonstrated and evaluated by simulating open-source SIEM solution in a virtual environment. The evaluation result also shows that the design artifact has adequately addressed the people, process and technology aspects. However, secured configurations, forensics and incident response procedures have not been covered in this research, even though they are part of the SOC main functions. Thus, these areas require further study. The financial institutions are also required to assess their readiness in adopting the designed SOC framework and information security monitoring.en_US
dc.identifier.urihttp://etd.aau.edu.et/handle/12345678/28908
dc.language.isoenen_US
dc.publisherAddis Ababa Universityen_US
dc.subjectDesigningen_US
dc.subjectSecurity Operations Frameworken_US
dc.subjectImprove Informationen_US
dc.subjectSecurity Monitoringen_US
dc.subjectCase of Ethiopian Banksen_US
dc.titleDesigning a Security Operations Framework to Improve Information Security Monitoring the Case of Ethiopian Banksen_US
dc.typeThesisen_US

Files

Original bundle
Now showing 1 - 1 of 1
No Thumbnail Available
Name:
Muluberhan Embafrash 2021.pdf
Size:
3.37 MB
Format:
Adobe Portable Document Format
License bundle
Now showing 1 - 1 of 1
No Thumbnail Available
Name:
license.txt
Size:
1.71 KB
Format:
Plain Text
Description: