Building an Information Security Awareness Program for a Bank: Case from Ethiopia
Abstract
Information has become lifeblood asset of organizations and protection of these assets became one of the major aspects that organizations have to deal with. The issue is too serious when it comes to financial institutions due to their sensitivity to information security attacks. While huge amounts of money is invested in technical solutions, organizations often pay too little attention to the human part and more importantly the insider threats. Extant literature reveal that employees are the subject and objective for most information security attacks. This study tried to fill this gap by proposing employees information security awareness program for Enat bank in Ethiopia. The research tried to answer three questions, what is the current information security awareness creation practice in Enat Bank? what should the topics of an information security awareness program for Enat Bank be? and how should the information security awareness program be organized to deliver the necessary information to Enat Bank employees? A quantitative research approach with case study method is used. Findings showed that the information security awareness level of Enat Bank employees is unsatisfactory. One of the best ways to make sure employees will not make costly errors in regard to information security is to institute organization-wide security awareness initiatives. Hence, the researchers proposed a program that will assist the bank in terms of creating information security awareness and good practices to its employees to strengthen its security posture by mitigating vulnerabilities for computer attacks. Besides an implementation strategy is also proposed to help the bank to smoothly implement the program. Recommendations are also forwarded in short and long-term basis to improve the information security awareness of its employees.
Building an Information Security Awareness Program for a Bank: Case from Ethiopia
Information has become lifeblood asset of organizations and protection of these assets became one of the major aspects that organizations have to deal with. The issue is too serious when it comes to financial institutions due to their sensitivity to information security attacks. While huge amounts of money is invested in technical solutions, organizations often pay too little attention to the human part and more importantly the insider threats. Extant literature reveal that employees are the subject and objective for most information security attacks. This study tried to fill this gap by proposing employees information security awareness program for Enat bank in Ethiopia. The research tried to answer three questions, what is the current information security awareness creation practice in Enat Bank? what should the topics of an information security awareness program for Enat Bank be? and how should the information security awareness program be organized to deliver the necessary information to Enat Bank employees? A quantitative research approach with case study method is used. Findings showed that the information security awareness level of Enat Bank employees is unsatisfactory. One of the best ways to make sure employees will not make costly errors in regard to information security is to institute organization-wide security awareness initiatives. Hence, the researchers proposed a program that will assist the bank in terms of creating information security awareness and good practices to its employees to strengthen its security posture by mitigating vulnerabilities for computer attacks. Besides an implementation strategy is also proposed to help the bank to smoothly implement the program. Recommendations are also forwarded in short and long-term basis to improve the information security awareness of its employees.