Evaluation of security of information systems in the Kenyan banking industry
Abstract
This project evaluates the security of information systems in the Kenyan banking industry
by examining the systems utilized by the Kenyan banks, challenges encountered in the
implementation of information security and benefits accrued from such implementations.
The advancement of global technological trends have made the issue of information
security very complex with huge losses being experienced daily through web based fraud,
denial of service attacks, computer viruses and hacking of corporate information. These
losses can be minimized with the implementation of sound information security systems.
The research uses COBIT framework that have been drawn from the literature especially
on implementation of information security and a descriptive survey has been used in this
study. Questionnaires were administered by a “drop and pick” method to all 46 banks in
Kenya. The respondents were the ICT Managers, Information Security Managers or any
other IT professionals with the knowledge of information security systems in the banks.
The data collected has been analyzed using the descriptive statistics and presented in
frequency tables, percentages and charts. In addition factor analysis was used to analyze
the data.
The project finds that, for the banking industry in Kenya the issue of information security
has been taken seriously and has deployed various systems and practices to enhance the
security of information. The study revealed that the most widely deployed information
security system in the banks is the firewall, followed by intrusion detection systems. The
study further reveals that the challenges can be grouped in two categories namely
information related challenges and financial related challenges. Majority of the
respondents see lack of senior management commitments to security initiatives as the
greatest challenge to implementation of information security due lack of understanding of
information security issues. This has contributed to lack of budget for information
security strategy and tactical plans. The study also found out that majority of the banks
agreed that they benefited by having a firm foundation for efficient and effective risk
management as a result of implementation of information security, a lesser number
strongly agreed that information security leads to improved trust in customer relationship.
To overcome the challenges and maximize the benefits the banks need that to give
information risks the same prominence given to financial risk. The senior management of
the banks needs to be educated on the importance of information security so that they can
give support to information security initiatives. Further the information security role must
be elevated in the organization hierarchy preferably to the board level. The best example
is of having a chief information security officer (CISO) sitting in the board who will
ensure that information security matters are discussed at the highest level of the bank
Publisher
University of Nairobi
Description
MBA Thesis