Assessment Of Information Security Incident Management Practice Inethiopian Bank
No Thumbnail Available
Date
2018-06-01
Authors
Journal Title
Journal ISSN
Volume Title
Publisher
Addis Ababa University
Abstract
Banks facilitate spending and investment, which fuel growth in the economy, however, despite
their important role in economy, banks are nevertheless susceptible to failure. Banks, like any
other business, can go bankrupt. But unlike most other businesses, the failure of banks,
especially very large ones, can have far-reaching implications.Ethiopian Banks continually increase their dependence on IT systems. Bank x is one of the
largest banks in Ethiopia. It adopted internationally recognized banking technologies. One of the
major technologies is the core banking solution, it also provide banking services such as the
ATM, mobile banking, Internet and payment terminals.The advancement of technology and an
increasing use of IT solutions exposed banks for attacks more than ever.Even though, banks are deploying prevention mechanisms to keep out hackers and attempts of
cyber-attacks, incidents occuroccasionally. This tells there is a need for an effective and efficient
management of information security incidents. International standards and guidelines for
incident management exist but,researchesthat assess current practices are few in literature. This
research conducted as a qualitative case study in which bank x’s information security incident
management current practice assessed. Where the data collection methods were face-to-face and
E-mail interview.The finding from this study revealed that bank x does not have a predefined and separate
information security incident management plan. But, to some extent it was compliant with
international standards and guidelines in some of incident handling procedures. An alarming
finding that indicated bank x never performed rehearsal was highlighted in this study. Lack of
employee awareness, information gap among departments,and lack of experienced and skilled
incident handlers and enhancement of new threats were among prominent challenges identified
in this research.Finally, recommendation for successful information security incident
management was proposed.
Description
Keywords
information security incident, information security incident management, incident response team.