A framework to guide information security initiatives for banking information systems: Kenyan banking sector case study

dc.contributor.authorNjiru, Stella Wanjiru
dc.date.accessioned2015-01-07T10:31:56Z
dc.date.available2015-01-07T10:31:56Z
dc.date.issued2013
dc.descriptionSubmitted in partial fulfillment of the requirements for the Degree of Master of Science in Information Technologyen_US
dc.description.abstractBanks are increasingly using technology to reduce their costs and deliver high quality services. As banks continue to become very dependent on computers, millions of shillings are being spent on these information systems. But even as modern banks increasingly rely on the internet and computer technologies to make their transactions, they have become vulnerable to technologically – based fraud. This is because of the speed at which information system security is evolving and therefore leaving a gap between where information security is now and where it needs to be. To be able to deal with the widening gap in information security, the banking industry has implemented various frameworks that act as a guide when evaluating information security vulnerabilities. However, this seem not be enough as the Kenyan banking industry is still losing millions thanks to technologically- based frauds on a monthly basis. Reason being the fact that some of the frameworks are too generic and they do not match the security needs of the bank. Moreover, some of the information security controls suggested by the frameworks are outdated. This leads to short-term, incremental changes to be done on the framework that is not enough to close the gap. Case study methodology was used to find out the different challenges banks within the industry are experiencing and the kind of measures they are using to information security risks mitigation. This methodology was extremely helpful in discovering the challenges that banks are facing when using the existing framework. The research findings show that people are the largest threat to information systems as lack of proper communication (at 93%), lack of skilled labor and security awareness by customers (at 83%) were cited as a major obstacle to security effectiveness. Moreover, fraud (at 88%), careless or unaware employees (at 83 %) and internal attacks (at 77%) were cited as the threats and vulnerabilities that have increased banks’ risk exposure. To close the ever-growing gap between vulnerability does not require complex technology. Leadership and the alignment of people, processes and technology is what is most important in the transformation of information securityen_US
dc.identifier.urihttp://hdl.handle.net/11071/2336
dc.language.isoenen_US
dc.publisherStrathmore Universityen_US
dc.subjectInformation securityen_US
dc.subjectBanking information systemsen_US
dc.subjectbankingen_US
dc.titleA framework to guide information security initiatives for banking information systems: Kenyan banking sector case studyen_US
dc.typeThesisen_US
Files