Assessment of the Effectiveness of Card Banking Security in the Ethiopian Financial Sector

Gebrehawariat, Daniel (2017) Assessment of the Effectiveness of Card Banking Security in the Ethiopian Financial Sector. Masters thesis, Addis Ababa University.

[img] PDF (Assessment of the Effectiveness of Card Banking Security in the Ethiopian Financial Sector)
Daniel Gebrehawariat.pdf - Accepted Version
Restricted to Repository staff only

Download (1MB) | Request a copy

Abstract

Information is the most valuable and fundamental asset in the financial sector as it plays a major role in supporting the business operations and facilitate an organization to achieve a competitive advantage in the market. Information is valuable and critical; it is also vulnerable to a variety of attacks from both inside and outside of the organizations. Currently financial sectors are repetitively attacked by cybercrimes in addition to other internal and external attacks to their electronic payment system which is costing them in billions and affecting their business. To address this concern, it is indisputable to assess information security management practice in the financial sector card banking system using international information security standard as a benchmark and identify gaps and recommend the best security practices to help the financial sector to meet the standard security compliance. In this regard, two financial sectors were selected using purposive sampling method that issues electronic card and card PIN among the total financial sectors in Ethiopia which includes banks and e-payment processors. Regarding the target population, all the IT staffs in the two selected sectors were included to be part of this study. Thus, quantitative data was collected using PCIDSS security standard questioners; twenty seven questioners were distributed and twenty five were filled and returned which comprise 93% among the total distributed questioners. Further to the questioners, observation and document viewing was made to strengthen the respondents’ information. Accordingly, the data is processed using IBM SPSS Statistics V.20 tool. The result shows that most of the essential security practices and management activities in the financial sectors doesn’t comply the international security standard. In this regard, most of the indispensable security requirement that would address the financial sectors from security risk is below the acceptable level as there is no periodic vulnerability assessment, no access control in some critical areas, password policy and procedures is not implemented on some critical components, no change management procedure and information security policy is not maintained to be carried out in the daily operation. In general, the study shows that information security management and practice is not well maintained to address the current information security risk associated to the financial sector. Furthermore, this study identified the major security factors that prohibit the financial sectors from the PCI-DSS security standard compliance. Thus, the study provides directions and action items that can support the financial sector to be security standard complaint based on the findings.

Item Type: Thesis (Masters)
Subjects: H Social Sciences > HF Commerce > HF5601 Accounting
H Social Sciences > HG Finance
Z Bibliography. Library Science. Information Resources > Z665 Library Science. Information Science
Z Bibliography. Library Science. Information Resources > ZA Information resources > ZA4050 Electronic information resources
Divisions: Africana
Depositing User: Selom Ghislain
Date Deposited: 02 Oct 2018 09:38
Last Modified: 02 Oct 2018 09:38
URI: http://thesisbank.jhia.ac.ke/id/eprint/5694

Actions (login required)

View Item View Item