A survey of computer security vulnerability in the banking industry in Kenya

Abstract

In today's complex IT environments, managing security is made more challenging as businesses expand and extend to a broader consumer base. The enterprise security infrastructure has become populated with diverse technologies installed across heterogeneous systems. This has resulted in pressure on businesses to understand the need for information security, the choices that you have to implement and maintain the right information security strategy for the organisation. Quoting what Walter Wriston, the former chairman of Citicorp, said some years back:" Information about money is just as important as money itself." It underscores the importance of information and the need to guard this information from unauthorized access. This study aims at determining the Security posture of the banks in Kenya that are in normal operations as per the Central Bank of Kenya regulations. Out of a total of 44 banks, only 30 responded to the questionnaires. This is due to the fact that the study is focused on Security, an area considered very sensitive in the Banking domain. The study had two objectives namely: 1. To identify various approaches by the management towards security implementation in comparison to the Best practices of Computer security. 2. To establish the level of Computer Security Vulnerability III the Banking Sector in Kenya. - To satisfy the above objectives, data was collected using questionnaires and analysed using various statistical tools including descriptive statistics and factor analysis. The findings of the study indicate that most of the Banks have made averagely Kshs.I09.84 Million as investment in Information Technology. However, most of the Banks do not have an Information Technology professional at the executive Board level. lam pleased to present to you the results of a Survey on Computer Security Vulnerability at 30 medium and large banks in Kenya.It is my hope that this survey will provide valuable insight on the extent of Security Vulnerability and the level of security awareness in the Kenyan banking institutions and assist the managements' in the betterment of implementing the Best practices of Computer Security.