On The Standardization Practices of the Information Security Operations in Banking Sector: Evidence from Yemen

Adel A. Nasser¹ , Nada Kh. A. Al Ansi² , Naif A. N. Al Sharabi³

Section:Research Paper, Product Type: Journal-Paper
Vol.8 , Issue.6 , pp.8-18, Dec-2020

Online published on Dec 31, 2020

Copyright © Adel A. Nasser, Nada Kh. A. Al Ansi, Naif A. N. Al Sharabi . This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
 

View this paper at   Google Scholar | DPI Digital Library

XML View     PDF Download

How to Cite this Paper

Abstract :
This paper aims to discuss the efficacy of the standardization controls of the information security operations in Yemeni banks by investigating the main requirements for their implementation to carry out their security roles effectively. Also, to determine the standardization practices` main weaknesses in the information security management systems (ISMS) of the banking sector and to provide the necessary improvement recommendations based on the ISO 27002-2013 international security standard. The researchers designed a questionnaire distributed to workers responsible for information security statements in 13 banks regulated by Yemen`s central bank, in Sana`a. The result shows that these practices` actual maturity level is 3.66 out of 5, which means that best practices are not consistently followed. The gap between the maturity level of real application of information security practices and the robust level was found; it equals 1.34, which means that the ISMSs in this sector do not have most of the security requirements necessary for their practical and robust functioning. Two significant points of strength were defined. Three main lacks and weak points were discovered, and the improvement actions and recommendations have been suggested to improve the standardization practices of information security operations in this sector. Additional implementation matrix mapping schemes and ISO-based implementation guidance for each bank have been recommended.

Key-Words / Index Term :
Information security; Assessment; Banking sector; Yemen; Standardization Practices

References :
[1] IBM Security, "IBM X-Force Threat Intelligence Index ", 2020.
[2] SF. Alomgeer, “Cyber Crime In Banking Sector of Bangladesh, ”, diss., East West University, 2019.
[3] S. Kesharwani, M. P. Sarkar, & S. Oberoi, “Growing Threat of Cyber Crime in Indian Banking Sector.”, CYBERNOMICS, Vol 1, No 4, pp 19-22,2019.
[4] N. Tariq, “Impact of cyber-attacks on financial Institutions,” Journal of Internet Banking and Commerce, Vol. 23, No 2. pp. 1-11, 2018.
[5] A. R. Raghavan, & L. Parthiban, “The effect of cybercrime on a Bank’s finances,” International Journal of Current Research & Academic Review, Vol. 2, No 2. pp. 173-178, 2014.
[6] N. Alber, N., & M. Nabil, “The Impact of Information Security on Banks’ Performance in Egypt,” Available at SSRN 2752070
[7] Sanskriti Choubey , Astitwa Bhargava , "Significance of ISO/IEC 27001 in the Implementation of Governance, Risk and Compliance," International Journal of Scientific Research in Network Security and Communication, Vol.6, Issue.2, pp 30-33, 2018
[8] Hailye Tekleselase Woldemichael, "Emerging Cyber Security Threats in Organization," International Journal of Scientific Research in Network Security and Communication, Vol.7, Issue.6, pp 7-10, 2019
[9] M.A.M Stambul, R. Razali, “An assessment model of information security implementation levels.,” In the Proceedings of the 2011 Electrical Engineering and Informatics (ICEEI), IEEE, pp 1-6,2011
[10] Nnatubemugo Innocent Ngwum, “ Information Security Maturity Model (ISMM). ,” Diss., The University of Manchester., 2013.
[11] W. M. Zeiad, “The impact of information security risks on the accounting systems in the Central Bank of Yemen." Master Thesis. The Yemeni Academy for Graduate Studies, Sana`a, Yemen, 2019. [In Arabic]
[12] M. J. Hammodah, “ Evaluating information security strategies in banking institutions,” Master Thesis. Michigan State University- Dubai Branch, UAE,2017. [In Arabic]
[13] Nada Ismaeil , "Protecting the security of information systems, a case study in Al-Rafidain Bank," Tikrit Journal of Administrative and Economic Sciences. Vol.7 , Issue 21, pp 72—94, 2011. [In Arabic]
[14] A. L. Muhsen, “Information Security Management In Palestinian Banking," Master Thesis. An-Najah National University. Nablus. Palestine," 2014
[15] ?. A. Gürcan, “Assessing Information Security Management Requirements For Finance Sector Using An ISO27001 Based Approach,” Master Thesis. Bahcesehir University. Istanbul. The Republic Of Turkey, 2014
[16] D. Lang & D. Van der Haar, “Recommendations for Biometric Access Control System Deployment in a Vehicle Context in South Africa. ,” In Information Science and Applications, Springer, Singapore.?, pp. 305-317, 2020
[17] N. Agrawal, & S. Tapaswi, “A trustworthy agent-based encrypted access control method for mobile cloud computing environment,” Pervasive and Mobile Computing, Vol. 52, pp 13-28.?,2019
[18] Al-Mayahi, Ibrahim, and P. Mansoor Sa`ad. “ISO 27001 gap analysis-case study,” Proceedings of the 2012 International Conference on Security and Management (SAM). The Steering Committee of The World Congress in Computer Science, Computer Engineering and Applied Computing (WorldComp), 2012.?
[19] A. A Nasser, A. A. Al-Khulaidi, & M. N. Aljober, “ Measuring the information security maturity of enterprises under uncertainty using fuzzy AHP,” Int. J. Inf. Technol. Comput. Sci.(IJITCS), Vol. 10, No 4, pp 10-25, 2018
[20] M. F. Saleh,, “Information security maturity model ,” International Journal of Computer Science and Security (IJCSS), Vol.5, No 3: 21?,2011
[21] Team, CMMI Product. "Capability maturity model® integration (CMMI SM), version 1.1." CMMI for Systems Engineering, Software Engineering, Integrated Product and Process Development, and Supplier Sourcing (CMMI-SE/SW/IPPD/SS, V1. 1) , No 2,2002
[22] G. Karokola, S. Kowalski, & L. Yngström, Towards An Information Security Maturity Model for Secure e-Government Services: A Stakeholders View. In HAISA, pp 58-73, 2011