A Survey of Implementation of Information Security Awareness Programs by Financial Institutions in Kenya
Abstract
The need for ICT in financial institutions is increasingly inevitable given that the number of
transactions is high, customers are many and spread. In such cases manual methods of keeping
track of customer payments and transactions become very difficult and inefficient causing the
organizations to be susceptible to theft, frauds and errors. However with increased introduction
of ICT financial institutions are exposed to many risks that can result in the possibility of
financial loss or reputation risk. This has forced firms to undertake information security
awareness programs to protect these critical systems, hence the need for the study, which had
three objectives. The first objective was to determine the extent to which information system
security awareness program are implemented by financial institutions in Kenya. The second was
to determine the methods that financial institutions in Kenya use to propagate their information
system security awareness programs. The third was to establish the challenges faced in the
implementation of information system security awareness program in financial institutions in
Kenya.
Primary data was the main form of data used in this research and it was collected using
questionnaires. Forty questionnaires were personally administered to the respondents and out of
these thirty were collected. The questionnaires had both open and closed ended questions. The
respondents were IT security managers and the assistants in financial institutions. The ''drop and
pick later" method was used to administer the questionnaires. The data collected was subjected
to descriptive and factor analysis.
The findings of the of the study show that majority of the financial institutions in Kenya
appreciate the need for information security awareness and have implemented the same. The
findings further revealed that 100% of the organizations used New Hire Orientation and
Acceptance use Policy methods in undertaking information system security awareness. The
main challenges to implementing the awareness program in the firms were noted to be improper
training venue and lack of security awareness skills by trainers across most organizations.
The study shows that financial institutions have implemented information system security
awareness covering employees within the sector as a continued counter measures to security
threats. This is evidenced by the presence of information security team in most of the firms also
shows their inclination to reduce risks. Financial institutions are governed by a written and
formal information security policy which is continuously updated to keep abreast with
i x
technological changes. It was also evident that most financial institutions had budget for
information system security awareness programs.
It can therefore be concluded that information security awareness program have been
implemented by financial institutions in Kenya using various methods covering all employees
although faced with some challenges in its implementation.
Publisher
University of Nairobi
Subject
Information Security AwarenessRights
Attribution-NonCommercial-NoDerivs 3.0 United StatesUsage Rights
http://creativecommons.org/licenses/by-nc-nd/3.0/us/Collections
The following license files are associated with this item: