• Login
    View Item 
    •   SU+ Home
    • Research and Publications
    • Faculty of Information Technology (FIT)
    • FIT Projects, Theses and Dissertations
    • MSIT Theses and Dissertations
    • MSIT Theses and Dissertations (2013)
    • View Item
    •   SU+ Home
    • Research and Publications
    • Faculty of Information Technology (FIT)
    • FIT Projects, Theses and Dissertations
    • MSIT Theses and Dissertations
    • MSIT Theses and Dissertations (2013)
    • View Item
    JavaScript is disabled for your browser. Some features of this site may not work without it.

    A framework to guide information security initiatives for banking information systems: Kenyan banking sector case study

    Thumbnail
    View/Open
    Thesis (1.296Mb)
    Date
    2013
    Author
    Njiru, Stella Wanjiru
    Metadata
    Show full item record
    Abstract
    Banks are increasingly using technology to reduce their costs and deliver high quality services. As banks continue to become very dependent on computers, millions of shillings are being spent on these information systems. But even as modern banks increasingly rely on the internet and computer technologies to make their transactions, they have become vulnerable to technologically – based fraud. This is because of the speed at which information system security is evolving and therefore leaving a gap between where information security is now and where it needs to be. To be able to deal with the widening gap in information security, the banking industry has implemented various frameworks that act as a guide when evaluating information security vulnerabilities. However, this seem not be enough as the Kenyan banking industry is still losing millions thanks to technologically- based frauds on a monthly basis. Reason being the fact that some of the frameworks are too generic and they do not match the security needs of the bank. Moreover, some of the information security controls suggested by the frameworks are outdated. This leads to short-term, incremental changes to be done on the framework that is not enough to close the gap. Case study methodology was used to find out the different challenges banks within the industry are experiencing and the kind of measures they are using to information security risks mitigation. This methodology was extremely helpful in discovering the challenges that banks are facing when using the existing framework. The research findings show that people are the largest threat to information systems as lack of proper communication (at 93%), lack of skilled labor and security awareness by customers (at 83%) were cited as a major obstacle to security effectiveness. Moreover, fraud (at 88%), careless or unaware employees (at 83 %) and internal attacks (at 77%) were cited as the threats and vulnerabilities that have increased banks’ risk exposure. To close the ever-growing gap between vulnerability does not require complex technology. Leadership and the alignment of people, processes and technology is what is most important in the transformation of information security
    URI
    http://hdl.handle.net/11071/2336
    Collections
    • MSIT Theses and Dissertations (2013) [30]

    DSpace software copyright © 2002-2016  DuraSpace
    Contact Us | Send Feedback
    Theme by 
    Atmire NV
     

     

    Browse

    All of SU+Communities & CollectionsBy Issue DateAuthorsTitlesSubjectsThis CollectionBy Issue DateAuthorsTitlesSubjects

    My Account

    Login

    DSpace software copyright © 2002-2016  DuraSpace
    Contact Us | Send Feedback
    Theme by 
    Atmire NV