Strengthening Fintech Security in Uganda: An Analysis of Insider Threats and Effective Risk Management Strategies

International Journal of Technology and Systems Pub Date : 2024-07-16 DOI:10.47604/ijts.2783

Deborah Mackenzie, Sam Njunwamukama

{"title":"Strengthening Fintech Security in Uganda: An Analysis of Insider Threats and Effective Risk Management Strategies","authors":"Deborah Mackenzie, Sam Njunwamukama","doi":"10.47604/ijts.2783","DOIUrl":null,"url":null,"abstract":"Purpose: The purpose of this study is to analyze security policies and risk management practices for reducing insider threats in the Fintech industry in Uganda. The study aims to classify and identify insider threats, examine how they relate to risk management procedures, and offer practical recommendations for improving Fintech companies’ security measures. \nMethodology: The study adopted a descriptive research design, focusing on diverse respondents across various sectors. Data was collected through surveys from 25 respondents, including IT security specialists, accountants, finance officers, and other relevant roles. The sectors represented included Banking and Finance (52%), Security (12%), Information Technology and Telecommunications (8% each), and others such as Agriculture, Civil Society, and Public Service (each 4%). The study employed both qualitative and quantitative data collection methods, with secondary data reviewed from existing literature and case studies. Statistical analysis was conducted using SPSS to interpret the data and identify trends in insider threat occurrences and risk management practices. \nFindings: The study revealed that insider threats in Uganda's Fintech sector can manifest in both physical and cyber forms. The predominant risk management practices identified include proactive measures such as robust security policies, access controls utilized by 88% of respondents, security awareness training by 80%, and continuous monitoring by 68%. Incident response and reporting procedures were also critical, ensuring that breaches are swiftly addressed to minimize impact. There was a significant positive correlation (r = .65; p < 0.05) between the frequency of past insider attacks and the regularity of risk assessments, underscoring the importance of regular evaluations in mitigating risks. \nUnique Contribution to Theory, Practice and Policy: The study contributes to the theoretical understanding of how local cultural attitudes and regulatory frameworks impact effectiveness of risk management strategies, providing insights that can inform RMF adaptations in similar contexts. For practitioners, it recommends development and implementation of robust security policies, employee training programs, and advanced monitoring systems. Policy-makers are advised to support regulatory frameworks that mandate regular risk assessments and the adoption of best Fintech practices.","PeriodicalId":519062,"journal":{"name":"International Journal of Technology and Systems","volume":"7 9","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2024-07-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Journal of Technology and Systems","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.47604/ijts.2783","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

Purpose: The purpose of this study is to analyze security policies and risk management practices for reducing insider threats in the Fintech industry in Uganda. The study aims to classify and identify insider threats, examine how they relate to risk management procedures, and offer practical recommendations for improving Fintech companies’ security measures. Methodology: The study adopted a descriptive research design, focusing on diverse respondents across various sectors. Data was collected through surveys from 25 respondents, including IT security specialists, accountants, finance officers, and other relevant roles. The sectors represented included Banking and Finance (52%), Security (12%), Information Technology and Telecommunications (8% each), and others such as Agriculture, Civil Society, and Public Service (each 4%). The study employed both qualitative and quantitative data collection methods, with secondary data reviewed from existing literature and case studies. Statistical analysis was conducted using SPSS to interpret the data and identify trends in insider threat occurrences and risk management practices. Findings: The study revealed that insider threats in Uganda's Fintech sector can manifest in both physical and cyber forms. The predominant risk management practices identified include proactive measures such as robust security policies, access controls utilized by 88% of respondents, security awareness training by 80%, and continuous monitoring by 68%. Incident response and reporting procedures were also critical, ensuring that breaches are swiftly addressed to minimize impact. There was a significant positive correlation (r = .65; p < 0.05) between the frequency of past insider attacks and the regularity of risk assessments, underscoring the importance of regular evaluations in mitigating risks. Unique Contribution to Theory, Practice and Policy: The study contributes to the theoretical understanding of how local cultural attitudes and regulatory frameworks impact effectiveness of risk management strategies, providing insights that can inform RMF adaptations in similar contexts. For practitioners, it recommends development and implementation of robust security policies, employee training programs, and advanced monitoring systems. Policy-makers are advised to support regulatory frameworks that mandate regular risk assessments and the adoption of best Fintech practices.

查看原文本刊更多论文

加强乌干达的金融科技安全：分析内部威胁和有效的风险管理战略

目的：本研究旨在分析安全政策和风险管理实践，以减少乌干达金融科技行业的内部威胁。本研究旨在对内部威胁进行分类和识别，研究内部威胁与风险管理程序的关系，并为改进金融科技公司的安全措施提供实用建议。研究方法：本研究采用描述性研究设计，重点关注各行业的不同受访者。通过对 25 名受访者（包括 IT 安全专家、会计师、财务人员和其他相关人员）的调查收集了数据。所代表的行业包括银行和金融（52%）、安全（12%）、信息技术和电信（各占 8%），以及农业、民间社会和公共服务等其他行业（各占 4%）。研究采用了定性和定量两种数据收集方法，并从现有文献和案例研究中查阅了二手数据。使用 SPSS 进行了统计分析，以解释数据并确定内部威胁事件和风险管理实践的趋势。研究结果：研究表明，乌干达金融科技行业的内部威胁既有物理形式的，也有网络形式的。已确定的主要风险管理实践包括积极主动的措施，如健全的安全政策、88% 的受访者使用的访问控制、80% 的安全意识培训和 68% 的持续监控。事件响应和报告程序也至关重要，可确保迅速处理违规事件，将影响降至最低。过去内部人员攻击的频率与风险评估的定期性之间存在明显的正相关关系（r = .65; p < 0.05），这突出表明了定期评估在降低风险方面的重要性。对理论、实践和政策的独特贡献：这项研究有助于从理论上理解当地文化态度和监管框架如何影响风险管理策略的有效性，提供了在类似情况下调整风险管理机制的启示。对于从业人员，研究建议制定并实施强有力的安全政策、员工培训计划和先进的监控系统。建议政策制定者支持要求定期进行风险评估和采用最佳金融科技实践的监管框架。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

International Journal of Technology and Systems

自引率

0.00%

发文量