Assessment Of Information Security Incident Management Practice Inethiopian Bank

No Thumbnail Available



Journal Title

Journal ISSN

Volume Title


Addis Ababa University


Banks facilitate spending and investment, which fuel growth in the economy, however, despite their important role in economy, banks are nevertheless susceptible to failure. Banks, like any other business, can go bankrupt. But unlike most other businesses, the failure of banks, especially very large ones, can have far-reaching implications.Ethiopian Banks continually increase their dependence on IT systems. Bank x is one of the largest banks in Ethiopia. It adopted internationally recognized banking technologies. One of the major technologies is the core banking solution, it also provide banking services such as the ATM, mobile banking, Internet and payment terminals.The advancement of technology and an increasing use of IT solutions exposed banks for attacks more than ever.Even though, banks are deploying prevention mechanisms to keep out hackers and attempts of cyber-attacks, incidents occuroccasionally. This tells there is a need for an effective and efficient management of information security incidents. International standards and guidelines for incident management exist but,researchesthat assess current practices are few in literature. This research conducted as a qualitative case study in which bank x’s information security incident management current practice assessed. Where the data collection methods were face-to-face and E-mail interview.The finding from this study revealed that bank x does not have a predefined and separate information security incident management plan. But, to some extent it was compliant with international standards and guidelines in some of incident handling procedures. An alarming finding that indicated bank x never performed rehearsal was highlighted in this study. Lack of employee awareness, information gap among departments,and lack of experienced and skilled incident handlers and enhancement of new threats were among prominent challenges identified in this research.Finally, recommendation for successful information security incident management was proposed.



information security incident, information security incident management, incident response team.