A Framework for the Governance of Information Security in Banking System

Ula, Munirul; Ismail, Zuraini; Sidek, Zailani Mohamed

doi:10.5171/2011.726196

Cited by 30 publications

(13 citation statements)

References 8 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The integration of IT standards and best practices has many benefits. The primary one is the enabling of features that would be unavailable through the use of practices individually, leading to a more comprehensive and efficient approach [28,29]. Hence the need for an integrated solution to consolidate the best combination of IT standards and their best practices.…”

Section: It Governance It Framework and Digitalmentioning

confidence: 99%

Integrated Methodological Framework for Digital Transformation Strategy Building (IMFDS)

Korachi¹,

Bounabat²

2019

IJACSA

View full text Add to dashboard Cite

There is still a conflict among the definitions, frameworks, and formulation of the digital transformation strategy in the literature. Despite extensive research on Digital Transformation Strategies and Digital Transformation Assessment, there is not a clear and global meta-model describing the general concepts and guidelines of the digital transformation to frame and drive a successful digital transformation. Several digital transformation approaches have been presented in the literature, these approaches are focusing on specific cases and specific concepts. The present paper describes the digital transformation and its relationship with IT governance. It presents how IT governance can lead the digital transformation. A literature review has been conducted on the most well-known IT Frameworks (COBIT, ITIL, CMMI) and their structure in order to provide a standard and known framework by practitioners. This paper proposes an Integrated Methodological Framework for Digital Transformation Strategy Building. The proposed framework is called IMFDS, it is based on IT governance elements (Business Strategic Planning, IT Strategic Planning, IT Organizational Structure, IT Reporting, IT Budgeting, IT Investment Decisions, Steering committee, IT Prioritization Process and IT Reaction Capacity). It provides specific guidelines to help organizations formulating, implementing and monitoring their transformation strategies. IMFDS is articulated across 9 blocks (steps) and 34 processes.

show abstract

Section: It Governance It Framework and Digitalmentioning

confidence: 99%

Integrated Methodological Framework for Digital Transformation Strategy Building (IMFDS)

Korachi¹,

Bounabat²

2019

IJACSA

View full text Add to dashboard Cite

show abstract

“…The threats facing the banking sector are evolving rapidly; just five years ago cyber-attacks were not recognised as a primary threat but just one of many. Ula et al (2011) identified the following threats: physical destruction of premises and systems by natural disasters; unintentional damage due to human error; abuse of system and sensitive information by employees or agents of the bank; systematic collection of sensitive information by foreign intelligence services; and external attacks which compromise confidentiality, integrity and availability of information. …”

Section: Literature Reviewmentioning

confidence: 99%

“…Consequently, a bank which fails to protect its information systems not only loses its competitive advantage but also threatens its existence (Von Solms et al , 2011). Ultimately, the success of a bank can depend on its ability to manage its information security and provide secure services (Ula et al , 2011), and it is hardly surprising, therefore, that 80 per cent of leaders in the financial services sector cite cyber risks as a top concern (Travelers, 2015).…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Analysing information security in a bank using soft systems methodology

Damenu

Beaumont

2017

ICS

View full text Add to dashboard Cite

Purpose -This paper explores the use of Soft Systems Methodology (SSM) to analyse the sociotechnical information security issues in a major bank.Design/methodology/approach -Case study research was conducted on a major bank. Semistructured interviews with a purposive sample of key stakeholders in the business, comprising senior managers, security professionals and branch employees were conducted.Findings -SSM was particularly useful for exploring the holistic information security issues, enabling models to be constructed which were valuable analytical tools and easily understood by stakeholders, which increased the receptiveness of the bank, and assisted with member validation.Significant risks were apparent from internal sources with weaknesses in aspects of governance and security culture.Research limitations/implications -This research uses a single case study and whilst it cannot be generalised, it identifies potential security issues others may face and solutions they may apply.Practical implications -Information security is complex and addresses technical, governance, management and cultural risks. Banking attacks are changing, with greater focus on employees and customers. A systemic approach is required for full consideration. SSM is a suitable approach for such analysis within large organisations.Originality/value -Demonstrates how important benefits can be obtained by using SSM alongside traditional risk assessment approaches to identify holistic security issues. A holistic approach is particularly important given the increasing complexity of the security threat surface. Banking was selected as a case study since it is both critical to society and is a prime target for attack. Furthermore, developing economies are under-represented in information security research, this paper adds to the evidence base. Since global finance is highly interconnected, it is important that banks in such economies do not comprise a weak link and hence results from this case have value for the industry as a whole. | P a g e

show abstract

“…The number of threats to the financial institutions' economic security increases from year to year; their new, non-traditional forms and types that require the development of innovative approaches to counteract them appear ( Johnson, 2015;Amadae, 2017;Nelson, 2007). To prevent some of them, financial institutions needed to take comprehensive measures and to create security systems, for example, an information security system (Bank of Japan, 2000, Ula, Ismail, & Sidek, 2011. However, the protective effect would be more prominent in the context of creating a comprehensive economic security system of the financial institution, while one of those components would become the subsystem of information security.…”

Section: Introductionmentioning

confidence: 99%

Diagnostics by Financial Regulators of Financial Institutions Preparedness to the Implementation of Economic Security Management

Zachosova

Babina

2018

BJES

View full text Add to dashboard Cite

In the conditions of the financial system destabilization in Ukraine, caused by such negative phenomenaas military actions in the East, the economic downturn, political and financial crises, population disappointment inthe institution of power and loss of the people’s confidence in power structures and so on, market mechanisms arenot able to ensure the restoration of the national financial market and to encourage its professional participantsto use mechanisms of protection their own assets and the assets of their clients from external and internal threatsactively. State interference in the functioning of financial institutions is necessary, especially for those of their types,whose bankruptcy may have fatal consequences for the welfare of the population and cause the liquidation ofeconomic entities of the domestic economy. Among them are: banks, insurance companies, credit unions, andother institutions of credit co-operation, investment companies, in particular, joint investment institutions (unit andcorporate investment funds), non-state pension funds, leasing, factoring, and other financial companies, pawns,etc. Therefore, it is expedient to consider the possibility of the influence of state regulators in financial servicesmarkets on the state of their participants’ economic security. However, the study of the realities of the financialmarket of Ukraine development has made it possible to assert that for a number of financial institutions, the conceptof economic security is something abstract, and the understanding by their top management the importanceof economic security management, taking into account the negative market trends, is completely absent.So, the purpose of this study is to diagnose the level of financial institutions preparedness for the implementationof economic security management into their common system of management. The high level of financial marketparticipants’ readiness for safe-oriented management will allow regulators to rapidly implement in their practicea list of recommendations that will minimize the threat of bankruptcy and liquidation of domestic financialinstitutions. Methodology. In the process of preparing a scientific article, a great number of literary sources wasconsidered. Some of them were developed using the method of theoretical generalization and the monographicmethod. The theoretical results presented in the research materials were obtained on the basis of the study ofworks of such scientists as Amadae S. M., Baily M. N., Elliott D. J., Ismail Z., Johnson K. N., Mirtchev A., Nelson J. A.,Raczkowski K., Schneider F., Sidek Z. M., Ula M., Whalen C. J., Wierzbicka E., Yong J. To confirm the reliability of thescientific results presented in the article, the authors used the Delphi method and expert evaluation. The list ofindicators for assessing the level of financial institutions readiness for the implementation of a mechanism formanaging economic security in the following five areas is formed. These areas are: the availability and conditionof the economic security system, the state of information and analytical support for the adoption of managementdecisions in the field of economic security, the state of intellectual and personnel management provision ofeconomic security, reserves of financial support of economic security, the level of external influence on the stateof economic security (state regulation and supervision). In May 2018, representatives of the top management ofvarious types of financial institutions, scientists, researchers, and analysts who were interested in the issues ofeconomic security management of the financial sector were interviewed. Their answers were analysed and the levelof readiness for managing the economic security of the most common types of financial institutions in the financialmarket of Ukraine was determined. Using the graphical method, the obtained scientific results are presented ina convenient and understandable form for the perception of all interested persons. Results of the survey. The necessityof carrying out diagnostics of the readiness to manage economic security at the level of state regulatory bodies andat the level of top management of financial institutions in the near future is substantiated. A large-scale analytical work was carried out on determining the parameters of financial institutions readiness for the continuous and professional economic security management, which should be carried out with the use of a systematic approach. Based on expert opinions, a preliminary assessment of the various types of financial intermediaries’ readiness to integrate security-oriented management into the financial institutions’ common management system was made. Practical implications. The proposed methodological approach for assessing the level of financial institutions readiness to manage their own economic security should be used by the state regulators of the financial market, in particular, by the National Bank of Ukraine and the National Commission, which performs state regulation in the field of financial services markets, to monitor the activities of professional financial market participants in order to conduct advisory and consultative work with their owners and managers, as well as for the development of strategic guidelines for the provision of the state financial security. It is desirable to implement into the practical activities of financial intermediaries our proposals for increasing the readiness for implementation of the economic security management mechanism in the existing systems of management. Value/originality. For the first time, a scoring methodology was prepared for assessing the level of financial institutions readiness for the implementation of economic security management as an independent direction of management, and not as one of the tasks of other types of their management activity. At the theoretical level, the substantive interpretation of the notion of the readiness of financial institutions to manage their own economic security is proposed. The reasons for the impossibility of the modern financial institutions to manage their own economic security effectively are identified, and a few suggestions to minimize their number in the near future were made.

show abstract

A Framework for the Governance of Information Security in Banking System

Cited by 30 publications

References 8 publications

Integrated Methodological Framework for Digital Transformation Strategy Building (IMFDS)

Integrated Methodological Framework for Digital Transformation Strategy Building (IMFDS)

Analysing information security in a bank using soft systems methodology

Diagnostics by Financial Regulators of Financial Institutions Preparedness to the Implementation of Economic Security Management

Contact Info

Product

Resources

About