Maturity of information systems security in selected private Banks in Ethiopia

Tadele Shimels, Lemma F. Lessa
{"title":"Maturity of information systems security in selected private Banks in Ethiopia","authors":"Tadele Shimels, Lemma F. Lessa","doi":"10.1109/ict4da53266.2021.9672221","DOIUrl":null,"url":null,"abstract":"Information system security is more critical than ever before because security threats are rapidly growing and the environment requires organizations to continuously adapt to changes. Before putting in place information systems security measures, organizations are required to determine the maturity level of their information security governance. Extant literature reveals that there is no recent study on information systems security maturity level of banks in Ethiopia. This study, thus, seeks to measure the existing maturity level and examine the security gaps in order to propose possible changes in Ethiopian private banking industry's information system security maturity indicators. Four private banks are selected as a representative sample. SSE-CMM (System Security Engineering Capability Maturity Model) is used as the maturity measurement criteria and the measurement was based on ISO/IEC 27001 information security control areas. The data for the study was gathered using a questionnaire. A total of 93 valid questionnaires were gathered from 110 participants in the study. Based on the SSE-CMM maturity model assessment criteria, the private banking industry's current maturity level is level 2 (repeatable but intuitive). Institutions have a pattern that is repeated when completing information security operations, but its existence was not thoroughly proven, and institutional inconsistency still exists. Recommendations are forwarded for management intervention in order to address the identified gaps.","PeriodicalId":371663,"journal":{"name":"2021 International Conference on Information and Communication Technology for Development for Africa (ICT4DA)","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2021-11-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 International Conference on Information and Communication Technology for Development for Africa (ICT4DA)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ict4da53266.2021.9672221","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0

Abstract

Information system security is more critical than ever before because security threats are rapidly growing and the environment requires organizations to continuously adapt to changes. Before putting in place information systems security measures, organizations are required to determine the maturity level of their information security governance. Extant literature reveals that there is no recent study on information systems security maturity level of banks in Ethiopia. This study, thus, seeks to measure the existing maturity level and examine the security gaps in order to propose possible changes in Ethiopian private banking industry's information system security maturity indicators. Four private banks are selected as a representative sample. SSE-CMM (System Security Engineering Capability Maturity Model) is used as the maturity measurement criteria and the measurement was based on ISO/IEC 27001 information security control areas. The data for the study was gathered using a questionnaire. A total of 93 valid questionnaires were gathered from 110 participants in the study. Based on the SSE-CMM maturity model assessment criteria, the private banking industry's current maturity level is level 2 (repeatable but intuitive). Institutions have a pattern that is repeated when completing information security operations, but its existence was not thoroughly proven, and institutional inconsistency still exists. Recommendations are forwarded for management intervention in order to address the identified gaps.
埃塞俄比亚选定私人银行信息系统安全的成熟度
信息系统安全比以往任何时候都更加重要,因为安全威胁正在迅速增长,环境要求组织不断适应变化。在实施信息系统安全措施之前,组织需要确定其信息安全治理的成熟度级别。现有文献表明,目前尚无对埃塞俄比亚银行信息系统安全成熟度水平的研究。因此,本研究旨在衡量现有的成熟度水平并检查安全缺口,以提出埃塞俄比亚私人银行业信息系统安全成熟度指标可能发生的变化。选取四家民营银行作为代表性样本。使用SSE-CMM(系统安全工程能力成熟度模型)作为成熟度度量标准,度量基于ISO/IEC 27001信息安全控制领域。这项研究的数据是通过问卷调查收集的。本研究共收集到110名参与者的93份有效问卷。基于SSE-CMM成熟度模型评估标准,私人银行业目前的成熟度等级为2级(可重复但直观)。机构在完成信息安全操作时存在重复的模式,但其存在并未得到彻底证实,机构不一致性仍然存在。提出建议供管理部门干预,以解决已查明的差距。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信