Designing a Multi-Tiered Security Architecture Towards Information Infrastructure Protection for Nbe
No Thumbnail Available
Date
2020-10-10
Authors
Journal Title
Journal ISSN
Volume Title
Publisher
Addis Ababa University
Abstract
Banking industry have increased dependency upon technology solution that enables their financial
products and services but the convergence of technology renders to increasingly vulnerable to
malicious attacks. As such, the need to ensure information infrastructure protection of the banking
industry is a must and hence designing security architecture ought to be seen as a good manner.
Multi-tiered security architecture is a term which has different security technologies and
measures to protect against different vectors of attacks. The main objective of the thesis is to
investigate and design a multi-tiered security architecture towards information infrastructure
protection. To achieve the main objective, it‟s imperative to identify factors affecting
information infrastructure protection. Therefore, a security architecture consisting three main
themes: communication network, associated software‟s and delivered services was used to
identify current practice in information infrastructure protection of the bank.
Design science research methodology was employed to approach the design and
development of the architecture following Peffer et al. (2007) process model. The design and
development of the architecture passed through several stages, initially factors affecting
information infrastructure protection were identified using the quantitative, qualitative,
observation and network traffic analysis tool, and then these were used as design inputs.
There were multiple brainstorming sessions for the design enhancement as participative
modeling was the overall approach for the architecture design. Given the difference in scope
and magnitude of the challenges identified in the study, the proposed architecture
approaches information infrastructure protection through continuous improvement.
The architecture was finally evaluated in terms of component‟s completeness,
comprehensiveness and fitness to the organization through an evaluation
questionnaire and expert interview, accordingly, the developed architecture has
capable to protect information infrastructure of the organization.
Description
Keywords
Security Architecture, Information Security, Multi-Layer Security, Multi-Tiered Security Architecture, Information Infrastructure Protection