Developing an Information System Security Framework: a Case Study at Ministry of Finance (MOF)
No Thumbnail Available
Date
2024-04
Authors
Journal Title
Journal ISSN
Volume Title
Publisher
Addis Ababa University
Abstract
The digital financial institution sector encompasses a wide range of organizations, from small community microfinance institutions to large international corporations. In recent years, the financial sector has experienced a rapid growth in cybersecurity threats, as cyber-attacks targeting financial institutions have become increasingly predominant. These threats put sensitive data and organizational security at risk. Increasing the issue is the absence of a recognized information system security framework that can protect financial data between various customers such as banks, customs, governmental organization up to remote woreda and license registered traders. The study utilized a qualitative approach, specifically a case study and design science research methods. Data was collected through interviews with domain experts and document reviews. Thematic coding was used to analyze the collected data, which identified several key themes necessary for developing the information security framework.
The study revealed that there were different security challenges which include lack of cybersecurity expertise and awareness, various threats, facilitating conditions such as budget allocation and capacity building, preventive mechanisms encompassing technical and non-technical solutions, and security auditing and evaluation, as well as SOC real-time traffic monitoring. The study also developed Information System Security Framework for Ethiopia Ministry of Finance (MoF). The proposed framework serves as a guideline for the Ethiopian Ministry of Finance (MoF) to enhance Cyber resiliency, manage cyber threats and risks, and implement cybersecurity best practices. This proposed framework contributes to the government's held-on long-term digital Ethiopia plan at 2025 and complements existing initiatives aimed at infrastructure development and investment in cybersecurity. Domain experts who are Cyber experts/professionals at MoF review this proposed framework and they confirmed as it is relevance, applicability, usability, and effectiveness in addressing information system security issues within the Ethiopian MoF and other similar organizations.
Description
Keywords
Information System Security Framework, Information/Cyber Security, Digital Financial