Proposing Information Security Awareness Program For Enat Bank In Ethiopia
No Thumbnail Available
Date
2018-06-03
Authors
Journal Title
Journal ISSN
Volume Title
Publisher
Addis Ababa University
Abstract
has become lifeblood asset of organizations and protection of these assets became one of the major aspects that organizations have to deal with. The issue is too serious when it comes to financial institutions due to their sensitivity to information security attacks. Enat Bank is one of such organizations, where data protection and corporate security are a serious concern. While huge amounts of money and time are invested in technical solutions like deploying intrusion-detection systems, organizations often pay too little attention to the most important and vulnerable security component which is the human part and more importantly the insider threats. Extant literature reveal that employees are the subject and objective for most information security attacks. This study, tried to fill this gap by proposing employees information security awareness program based on the Bank context by reviewing existing information security awareness programs and the current practice of information security awareness in Enat Bank.
In this regard, the researcher followed a quantitative research approach with case study method to achieve the research intended goals. Two types of questionnaires were distributed one for IT technical staffs and other for all other staffs of the bank to collect the required data. The data analysis was taken place by using SPSSv21 frequency analysis technique.
Findings of the study showed that the information security awareness level of Enat Bank employees is unsatisfactory. Hence, the researcher proposed a program that will assist the Bank in terms of creating information security awareness and good practices to its employees to strengthen its security posture by mitigating vulnerabilities for computer attacks. Besides an implementation strategy is also proposed to help the organization to put the program on the ground. One of the best ways to make sure employees will not make costly errors in regard to information security is to institute organization-wide security awareness initiatives that include, but not limited to face-to-face and multi-media based awareness, techniques that can be fairly inexpensive to implement such as posters, do and don’t lists and warning banners. These methods can help ensure employees have a solid understanding of the organization security policy, procedure and best practices. Finally, recommendations are given for the bank to act in short and long-term basis to improve the information security awareness of its employees and in turn improve better information security practice in the bank.
Description
Keywords
Information Security Policy, Security Awareness Program, Information Systems Security