An Information security model for the commercial banking industry in Kenya: a case study of mwananchi bank
Gichengo, Mabel Wanjiru
MetadataShow full item record
In this research, the Information Security concerns that affect the banking industry in Kenya were examined. With the rapid changes in technology and the sensitivity of the information that is handled by banks, information security which, is the implementation of measures and structures to provide for confidentiality, integrity and availability of information based on business requirements and risk analysis, was identified as a key concern that has to be continuously addressed. This research reviews nine information security models and/or frameworks/standards that have been implemented in various organizations for the purposes of information security management. Of great interest to this research were the various aspects of security that were considered across the industry. There has been rapid growth in the banking industry and adoption of various Information Technologies that are dependent on the Internet. With Banks and customers being held responsible for Information Security, they must strive to keep their Information Security strategies at par with the advances in technology. In order to address this, what is needed is an Information Security model. The research delved into how the bank is currently managing security and proposes an appropriate and practical model for implementation and adoption within the banking industry. The research was a case study based on a specific commercial bank in Kenya — Mwananchi Bank. The researcher went into depths of establishing what information is considered valuable to this bank; what controls have been implemented to secure this information; persons responsible for information security; the adequacy of the security measures that are already in place and a review of the information security models already implemented, if any. This information was obtained by conducting detailed interviews with middle level management personnel in various functional areas of the bank. It was established that the Bank had not implemented any models but had began on the foundation stages of formulating a security policy which had not been communicated and subsequently not internalized by all staff. However, it was clear that various security controls had been implemented in the various functional areas but there was laxity in the enforcement of these controls. Appropriate and practical recommendations on how best the banking industry in Kenya can secure its information by sufficiently addressing all the security concerns for banks in Kenya have been made.