Track: Cyber Security

Abstract

These days, financial institutions such as banks are highly exposed to different cyberattacks and their electronic payment system is among the targets of the attack. This study is aimed at assessing the information security management practice with focus on electronic banking system in selected financial institutions in Ethiopia using international information security standard as a benchmark in order to identify the gaps and recommend the best security practices to help the financial institutions meet the required security compliance. Two financial sectors were purposively selected.  All the IT staff in the IT departments of the two institutions were included in this study. Quantitative data was collected using PCI-DSS security standard questionnaire. In addition to the questionnaire, observation and document analysis was made. The result shows that most of the essential security management activities in the financial sectors do not comply to meet the international security standard. Similarly, the level of most of the indispensable security requirement that should be in place is found below the acceptable level. The study also revealed the major security factors that prohibit the financial sectors from the PCI-DSS security standard compliance. Thus, recommendations for practice are forwarded to support the financial sectors’ effort to withstand and mitigate cyberattacks.