Information Security Management Framework for Banking Industry in Ethiopia
No Thumbnail Available
Date
2013-06
Authors
Journal Title
Journal ISSN
Volume Title
Publisher
Addis Ababa University
Abstract
Modern Banking increasingly relies on the Internet and computer technologies to operate their businesses and market interactions. Banks are on the way of using state-of-the-art technologies to increase efficiency and effectiveness in service delivery. However, these benefits do not come without risks for information being misused, service disrupted or any other attacks interrupting the normal operation of computer based information systems. The threats and security breaches are highly increasing in recent years globally. No exception for Ethiopia.
The objective of this study is to assess current Information Security Management (ISM) practices of banking sector, and to propose and develop ISM Framework. In this work, attempts were done to examine and compare the available ISM frameworks and best practices. This research combines ISO audit checklist and researcher’s own experience to assess the information systems security practices in banking industry.
Both qualitative and quantitative research approach were used. Data were collected via questionnaire survey, document analysis, and interviews. To analyze the data SPSS tool is used. The study results show that surveyed banks are at diverse states in managing the security of their information systems. Moreover, they all are found to be at low level of ISM practice. A framework for ISM is developed and evaluated. The framework shows how banks identify their security requirements and select controls. Sixteen (16) main ISM domains are identified and in turn these ISM domains are classified under three categories viz. Administrative, Technical, and Physical & Environmental security. Further, some of areas that require policies and procedures are identified. Moreover, future research areas are also suggested to enhance the work.
Keywords
Information Security, Information Security Management, Information Security Management Framework, Threats, and Controls
Description
Keywords
Information Security, Information Security Management, Information Security Management, Framework, and Controls, Threats