Information Security Management Framework for Banking Industry in Ethiopia

No Thumbnail Available



Journal Title

Journal ISSN

Volume Title


Addis Ababa University


Modern Banking increasingly relies on the Internet and computer technologies to operate their businesses and market interactions. Banks are on the way of using state-of-the-art technologies to increase efficiency and effectiveness in service delivery. However, these benefits do not come without risks for information being misused, service disrupted or any other attacks interrupting the normal operation of computer based information systems. The threats and security breaches are highly increasing in recent years globally. No exception for Ethiopia. The objective of this study is to assess current Information Security Management (ISM) practices of banking sector, and to propose and develop ISM Framework. In this work, attempts were done to examine and compare the available ISM frameworks and best practices. This research combines ISO audit checklist and researcher’s own experience to assess the information systems security practices in banking industry. Both qualitative and quantitative research approach were used. Data were collected via questionnaire survey, document analysis, and interviews. To analyze the data SPSS tool is used. The study results show that surveyed banks are at diverse states in managing the security of their information systems. Moreover, they all are found to be at low level of ISM practice. A framework for ISM is developed and evaluated. The framework shows how banks identify their security requirements and select controls. Sixteen (16) main ISM domains are identified and in turn these ISM domains are classified under three categories viz. Administrative, Technical, and Physical & Environmental security. Further, some of areas that require policies and procedures are identified. Moreover, future research areas are also suggested to enhance the work. Keywords Information Security, Information Security Management, Information Security Management Framework, Threats, and Controls



Information Security, Information Security Management, Information Security Management, Framework, and Controls, Threats