Cyber Security Auditing Framework (CSAF) For Banking Sector in Ethiopia

Abstract

The advancement of cyber security and technology offers a vital benefit for business. Modern Banking increasingly relies on the Internet and computer technologies to operate their businesses and market interactions. Banks are on the way of using up-to-date technologies to increase efficiency and effectiveness in service delivery. However, these benefits do not come without risks for information being misused, service disrupted or any other attacks interrupting the normal operation of computer based cyber systems. The threats and security breaches are highly increasing in recent years globally. Ethiopian case is not an exception. The main objective of this study is to propose and develop a workable Cyber Security Auditing Framework (CSAF) in banking sector. In this work, attempts were made to examine and compare the available cyber security frameworks and best practices. This research combines ISO audit checklists and expert experiences to assess the cyber security system practices in the banking industry. By applying a mixed research method approach the study assesses the existing practices, process and challenges of the selected banks cyber security issues and proposed cyber security audit framework which is workable for the Ethiopian banking industry. The framework is constructed from two basic pillars. The first is the requirement identification mechanism which is further broken into ERM (Entity Relation Model) and organizational & process models. The second one is the counter measure which focuses on the organizational policy, procedure, guideline, and controls. Finally, the researchers proposed a workable framework that can assist the industry from cyber-attacks. The framework has both practical and theoretical contributions to the industry at large and for researchers for further similar efforts.