A Survey of Information Systems Security Practices Adopted by Commercial Banks in Kenya

Abstract

Information systems security is a fundamental concept in the present times owing to the great dependency that almost all functions within an organization rely on information systems for their day to day operations to be successful in terms of cycle times, cost, efficiency, accuracy, and so on. Commercial banks perform functions such as safekeeping of money, transfer of money, and so on and they rely on information systems to perform these functions on behalf of their customers. The success of a bank is to a large extent determined by how efficiently, securely and confidentially they undertake these functions. This is determined by the information systems security practices that are put in place by a commercial bank. Some of these practices may be uniform but some may be determined by the characteristics of a particular commercial bank. The methodology used to identify the information systems security practices adopted by commercial banks in Kenya and the organization characteristics that determine the practices was done via a survey. Questionnaires were distributed to all the commercial banks in Kenya and the data collected analyzed. The key findings indicate that most banks have information security practices in place, however a high number do not review these practices frequently which should be of concern especially due to the rapid changes in information technology which then introduce new threats. Commercial banks are aware of the importance of having information security practices and the threats posed to the organization due to weak practices. Banks need to frequently review these practices and share the same with other banks so that they are all up to date. More also needs to be done to make staff aware of information security practices so that they can effectively play their part in protecting the organizations information systems.