On The Standardization Practices of the Information Security Operations in Banking Sector: Evidence from Yemen
Keywords:
Information security, Assessment, Banking sector, Yemen, Standardization PracticesAbstract
This paper aims to discuss the efficacy of the standardization controls of the information security operations in Yemeni banks by investigating the main requirements for their implementation to carry out their security roles effectively. Also, to determine the standardization practices` main weaknesses in the information security management systems (ISMS) of the banking sector and to provide the necessary improvement recommendations based on the ISO 27002-2013 international security standard. The researchers designed a questionnaire distributed to workers responsible for information security statements in 13 banks regulated by Yemen`s central bank, in Sana`a. The result shows that these practices` actual maturity level is 3.66 out of 5, which means that best practices are not consistently followed. The gap between the maturity level of real application of information security practices and the robust level was found; it equals 1.34, which means that the ISMSs in this sector do not have most of the security requirements necessary for their practical and robust functioning. Two significant points of strength were defined. Three main lacks and weak points were discovered, and the improvement actions and recommendations have been suggested to improve the standardization practices of information security operations in this sector. Additional implementation matrix mapping schemes and ISO-based implementation guidance for each bank have been recommended.
References
IBM Security, "IBM X-Force Threat Intelligence Index ", 2020.
SF. Alomgeer, “Cyber Crime In Banking Sector of Bangladesh, ”, diss., East West University, 2019.
S. Kesharwani, M. P. Sarkar, & S. Oberoi, “Growing Threat of Cyber Crime in Indian Banking Sector.”, CYBERNOMICS, Vol 1, No 4, pp 19-22,2019.
N. Tariq, “Impact of cyber-attacks on financial Institutions,” Journal of Internet Banking and Commerce, Vol. 23, No 2. pp. 1-11, 2018.
A. R. Raghavan, & L. Parthiban, “The effect of cybercrime on a Bank’s finances,” International Journal of Current Research & Academic Review, Vol. 2, No 2. pp. 173-178, 2014.
N. Alber, N., & M. Nabil, “The Impact of Information Security on Banks’ Performance in Egypt,” Available at SSRN 2752070
Sanskriti Choubey , Astitwa Bhargava , "Significance of ISO/IEC 27001 in the Implementation of Governance, Risk and Compliance," International Journal of Scientific Research in Network Security and Communication, Vol.6, Issue.2, pp 30-33, 2018
Hailye Tekleselase Woldemichael, "Emerging Cyber Security Threats in Organization," International Journal of Scientific Research in Network Security and Communication, Vol.7, Issue.6, pp 7-10, 2019
M.A.M Stambul, R. Razali, “An assessment model of information security implementation levels.,” In the Proceedings of the 2011 Electrical Engineering and Informatics (ICEEI), IEEE, pp 1-6,2011
Nnatubemugo Innocent Ngwum, “ Information Security Maturity Model (ISMM). ,” Diss., The University of Manchester., 2013.
W. M. Zeiad, “The impact of information security risks on the accounting systems in the Central Bank of Yemen." Master Thesis. The Yemeni Academy for Graduate Studies, Sana`a, Yemen, 2019. [In Arabic]
M. J. Hammodah, “ Evaluating information security strategies in banking institutions,” Master Thesis. Michigan State University- Dubai Branch, UAE,2017. [In Arabic]
Nada Ismaeil , "Protecting the security of information systems, a case study in Al-Rafidain Bank," Tikrit Journal of Administrative and Economic Sciences. Vol.7 , Issue 21, pp 72—94, 2011. [In Arabic]
A. L. Muhsen, “Information Security Management In Palestinian Banking," Master Thesis. An-Najah National University. Nablus. Palestine," 2014
?. A. Gürcan, “Assessing Information Security Management Requirements For Finance Sector Using An ISO27001 Based Approach,” Master Thesis. Bahcesehir University. Istanbul. The Republic Of Turkey, 2014
D. Lang & D. Van der Haar, “Recommendations for Biometric Access Control System Deployment in a Vehicle Context in South Africa. ,” In Information Science and Applications, Springer, Singapore.?, pp. 305-317, 2020
N. Agrawal, & S. Tapaswi, “A trustworthy agent-based encrypted access control method for mobile cloud computing environment,” Pervasive and Mobile Computing, Vol. 52, pp 13-28.?,2019
Al-Mayahi, Ibrahim, and P. Mansoor Sa`ad. “ISO 27001 gap analysis-case study,” Proceedings of the 2012 International Conference on Security and Management (SAM). The Steering Committee of The World Congress in Computer Science, Computer Engineering and Applied Computing (WorldComp), 2012.?
A. A Nasser, A. A. Al-Khulaidi, & M. N. Aljober, “ Measuring the information security maturity of enterprises under uncertainty using fuzzy AHP,” Int. J. Inf. Technol. Comput. Sci.(IJITCS), Vol. 10, No 4, pp 10-25, 2018
M. F. Saleh,, “Information security maturity model ,” International Journal of Computer Science and Security (IJCSS), Vol.5, No 3: 21?,2011
Team, CMMI Product. "Capability maturity model® integration (CMMI SM), version 1.1." CMMI for Systems Engineering, Software Engineering, Integrated Product and Process Development, and Supplier Sourcing (CMMI-SE/SW/IPPD/SS, V1. 1) , No 2,2002
G. Karokola, S. Kowalski, & L. Yngström, Towards An Information Security Maturity Model for Secure e-Government Services: A Stakeholders View. In HAISA, pp 58-73, 2011.
Downloads
Published
How to Cite
Issue
Section
License
This work is licensed under a Creative Commons Attribution 4.0 International License.
Authors contributing to this journal agree to publish their articles under the Creative Commons Attribution 4.0 International License, allowing third parties to share their work (copy, distribute, transmit) and to adapt it, under the condition that the authors are given credit and that in the event of reuse or distribution, the terms of this license are made clear.
