Maturity of information systems' security in Ethiopian banks: case of selected private banks

Tadele Shimels, Lemma F. Lessa
{"title":"Maturity of information systems' security in Ethiopian banks: case of selected private banks","authors":"Tadele Shimels, Lemma F. Lessa","doi":"10.1108/ijieom-10-2021-0014","DOIUrl":null,"url":null,"abstract":"PurposeInformation systems' security is more critical than ever before since security threats are rapidly growing. Before putting in place information systems' security measures, organizations are required to determine the maturity level of their information security governance. Literature review reveals that there is no recent study on information systems' security maturity level of banks in Ethiopia. This study thus seeks to measure the existing maturity level and examine the security gaps in order to propose possible changes in Ethiopian private banking industry's information system security maturity indicators.Design/methodology/approachFour private banks are selected as a representative sample. The system security engineering capability maturity model (SSE-CMM) is used as the maturity measurement criteria, and the measurement was based on ISO/IEC 27001 information security control areas. The data for the study were gathered using a questionnaire.FindingsA total of 93 valid questionnaires were gathered from 110 participants in the study. Based on the SSE-CMM maturity model assessment criteria the private banking industry's current maturity level is level 2 (repeatable but intuitive). Institutions have a pattern that is repeated when completing information security operations but its existence was not thoroughly proven and institutional inconsistency still exists.Originality/valueThis study seeks to measure the existing maturity level and examine the security gaps in order to propose possible changes in Ethiopian private banking industry's information system security maturity indicators. This topic has not been attempted previously in the context of Ethiopian financial sector.","PeriodicalId":268888,"journal":{"name":"International Journal of Industrial Engineering and Operations Management","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2023-01-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Journal of Industrial Engineering and Operations Management","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1108/ijieom-10-2021-0014","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0

Abstract

PurposeInformation systems' security is more critical than ever before since security threats are rapidly growing. Before putting in place information systems' security measures, organizations are required to determine the maturity level of their information security governance. Literature review reveals that there is no recent study on information systems' security maturity level of banks in Ethiopia. This study thus seeks to measure the existing maturity level and examine the security gaps in order to propose possible changes in Ethiopian private banking industry's information system security maturity indicators.Design/methodology/approachFour private banks are selected as a representative sample. The system security engineering capability maturity model (SSE-CMM) is used as the maturity measurement criteria, and the measurement was based on ISO/IEC 27001 information security control areas. The data for the study were gathered using a questionnaire.FindingsA total of 93 valid questionnaires were gathered from 110 participants in the study. Based on the SSE-CMM maturity model assessment criteria the private banking industry's current maturity level is level 2 (repeatable but intuitive). Institutions have a pattern that is repeated when completing information security operations but its existence was not thoroughly proven and institutional inconsistency still exists.Originality/valueThis study seeks to measure the existing maturity level and examine the security gaps in order to propose possible changes in Ethiopian private banking industry's information system security maturity indicators. This topic has not been attempted previously in the context of Ethiopian financial sector.
埃塞俄比亚银行信息系统安全的成熟度:以选定的私人银行为例
由于安全威胁的快速增长,信息系统的安全比以往任何时候都更加重要。在实施信息系统的安全措施之前,组织需要确定其信息安全治理的成熟度级别。文献综述发现,目前尚无关于埃塞俄比亚银行信息系统安全成熟度水平的研究。因此,本研究旨在衡量现有的成熟度水平,并检查安全缺口,以提出埃塞俄比亚私人银行业信息系统安全成熟度指标可能发生的变化。设计/方法/方法选择四家私人银行作为代表性样本。采用系统安全工程能力成熟度模型(SSE-CMM)作为成熟度度量标准,度量基于ISO/IEC 27001信息安全控制领域。这项研究的数据是通过问卷调查收集的。研究共收集了110名参与者的93份有效问卷。基于SSE-CMM成熟度模型评估标准,私人银行业目前的成熟度等级为2级(可重复但直观)。机构在完成信息安全操作时存在重复的模式,但其存在并未得到彻底证实,并且机构不一致仍然存在。原创性/价值本研究旨在衡量现有的成熟度水平,并检查安全缺口,以提出埃塞俄比亚私人银行业信息系统安全成熟度指标可能发生的变化。这一主题以前没有在埃塞俄比亚金融部门的背景下进行过尝试。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信