Information Security Management Framework for Effective Implementation of Integrated Financial Management Information System (IFMIS) the Case of MoF
No Thumbnail Available
Date
2020-08-06
Authors
Journal Title
Journal ISSN
Volume Title
Publisher
Addis Ababa University
Abstract
The main purpose of the study is to propose Information Security management framework for integrated financial management information system (IFMIS). In this study, MoF was selected using purposive sampling that issues service for different financial sectors around in Addis. The target population constituted 108 employees, the IFMIS and IT staffs located at MoF were included to be part of this study. Data was collected by means of questionnaire; interview and group discussions and analyzed using descriptive statistics. The analyses include frequency distributions, tables, figures and Narrative description. 108 questionnaires were distributed and 84 (78.8%) were returned. In addition to the questionnaires, observation and document review was made to strengthen the respondents‟ view. Accordingly, the data is processed using IBM SPSS V 20.0 Statistical tool. The framework that is proposed extracted from ISO security standard, NIST cyber security framework, literatures, and supported by findings from survey conducted in the MoF. The components are interwoven and all together support implementation of effective security solutions. The study shows that the financial information security management framework and practice is not well maintained to address the MoF information security managements with associated to the IFMIS system. In general, the study shows that there is no standard to security, technical challenge management associated with the financial sectors. The study recommends that the management should involve on any aspect of the IFMIS project to improve the efficiency and minimize risks and technical challenges, the Ministry should have standard information security management framework and risk management techniques and policy to minimize and manage the risk and system. One of the best ways to make sure employees will not make costly errors in regard to information security is to institute organization-wide security awareness initiatives that include, but not limited to face-to-face and multi-media based awareness, techniques that can be fairly inexpensive to implement such as posters, do and don‟t lists and warning banners. These methods can help ensure employees have a solid understanding of the organization security policy, procedure and best practices. With the intention of elaborating on the underlying research that produced it, the proposed ISM framework for IFMIS was presented and discussed in detail – all the components, sub components, as well as the processes followed in preparing the framework. Finally, recommendations are given for the Ministry to act in short and long-term basis to improve the information security management awareness of its employees and in turn improve better information security management practice in the IFMIS.
Description
Keywords
IFMIS, Mof, Security, Information Security Policy, Information Systems Security