Towards Improving Information Systems Vulnerability Assessment Practice in an Ethiopian Bank
No Thumbnail Available
Date
2021-06-11
Authors
Journal Title
Journal ISSN
Volume Title
Publisher
Addis Ababa University
Abstract
Now a day, information systems security is becoming a day-to-day concern for many organizations. Information security aims to protect the confidentiality, availability and integrity of information. One of the challenges faced by organizations is securing their information systems in light of the rising threats and compliance requirements. Vulnerability assessment is discovering the weaknesses and security holes of the information systems. Conducting vulnerability assessment stood out as one of the strategy to protect information systems from different cyber-attacks. It is one of the prerequisites as to what security control mechanisms to put in place. Extant literature indicated that a full-fledged security vulnerability assessment has not been a regular practice in banks in Ethiopia. This study intends to suggest strategies and recommendations for improving the information systems vulnerability assessment practice in a bank in Ethiopia. A qualitative case study research method is applied. Interview and document analysis were the data collection techniques. The respondents were purposively selected based on their role to vulnerability assessment practice and experience. This study used thematic analysis and the researcher transcribed interview recordings and used coding techniques. Initially the researcher read and re-read the transcripts from the recorded interview in order to filter out or identify the themes. And then review different initial codes to produce sub- themes. Next the sub themes were reviewed to define and name the themes. After the themes finalized the write up of the report has begun. The analysis has provided the following themes namely: - Creating baseline, vulnerability assessment, risk assessment, remediation, verification and Monitoring security and network traffics. The results of the analysis imply that bank does not have a defined vulnerability assessment procedure and policy. This indicates that the bank has many challenges on vulnerability assessment processes like baseline creation, vulnerability assessment, risk assessment, remediation, verification, and monitoring phases. The researcher highlights some recommendations and strategies for effective vulnerability assessment process.
Description
Keywords
Vulnerability, Vulnerability Assessment, Vulnerability Assessment Lifecycle