Information Technology Security Governance Approach Comparison in E-banking

Tsiakis, Theodosios; Chatzipoulidis, Aristeidis; Kargidis, Theodoros; Belidis, Athanasios

doi:10.1007/978-3-642-27189-2_8

Cited by 2 publications

(3 citation statements)

References 16 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Tsiakis et al (2011) explored whether an IT security governance (ITSG) programme can mitigate e-banking risks. They evaluated ISG frameworks, international standards, “best practices”, principles and risk management methods against standard ISG objectives.…”

Section: Literature Reviewmentioning

confidence: 99%

Analysing information security in a bank using soft systems methodology

Damenu

Beaumont

2017

ICS

View full text Add to dashboard Cite

Purpose -This paper explores the use of Soft Systems Methodology (SSM) to analyse the sociotechnical information security issues in a major bank.Design/methodology/approach -Case study research was conducted on a major bank. Semistructured interviews with a purposive sample of key stakeholders in the business, comprising senior managers, security professionals and branch employees were conducted.Findings -SSM was particularly useful for exploring the holistic information security issues, enabling models to be constructed which were valuable analytical tools and easily understood by stakeholders, which increased the receptiveness of the bank, and assisted with member validation.Significant risks were apparent from internal sources with weaknesses in aspects of governance and security culture.Research limitations/implications -This research uses a single case study and whilst it cannot be generalised, it identifies potential security issues others may face and solutions they may apply.Practical implications -Information security is complex and addresses technical, governance, management and cultural risks. Banking attacks are changing, with greater focus on employees and customers. A systemic approach is required for full consideration. SSM is a suitable approach for such analysis within large organisations.Originality/value -Demonstrates how important benefits can be obtained by using SSM alongside traditional risk assessment approaches to identify holistic security issues. A holistic approach is particularly important given the increasing complexity of the security threat surface. Banking was selected as a case study since it is both critical to society and is a prime target for attack. Furthermore, developing economies are under-represented in information security research, this paper adds to the evidence base. Since global finance is highly interconnected, it is important that banks in such economies do not comprise a weak link and hence results from this case have value for the industry as a whole. | P a g e

show abstract

Section: Literature Reviewmentioning

confidence: 99%

Analysing information security in a bank using soft systems methodology

Damenu

Beaumont

2017

ICS

View full text Add to dashboard Cite

show abstract

“…In the current information security world, majority of organisations adopt the well-known "Plan-Do-Check-Act" (PDCA) lifecycle model to implement ISMS in their workplace. The PDCA approach emphasizes on the controls required in information security and only limited information is given regarding with the security objectives and potential strategies to be implemented on these objectives [10], [11]. Therefore, the model is unable to give information on any suggestion on how organisations must develop security strategies and objectives [10], [11].…”

Section: Introductionmentioning

confidence: 99%

“…The PDCA approach emphasizes on the controls required in information security and only limited information is given regarding with the security objectives and potential strategies to be implemented on these objectives [10], [11]. Therefore, the model is unable to give information on any suggestion on how organisations must develop security strategies and objectives [10], [11]. In addition, since the main reason for developing the PDCA model was to cater to the needs of a methodical methodology when optimizing automated manufacturing processes in the 1950s.…”

Section: Introductionmentioning

confidence: 99%

Information Structure Framework for ISMS Planning and Certification: Malaysian Data

Shamala¹,

Chinniah²,

Foozy³

et al. 2018

IJEECS

View full text Add to dashboard Cite

Information security are becoming an important aspect of organizations. Organisations also are progressively conscious of its important in their business strategy. The awareness make organisations are currently applying for information security management system (ISMS) to effectively manage their information assets. Therefore, this research aims to provide an Information Structure Framework for ISMS planning and certification. Then Likert structured questionnaire was distributed and the findings have been analyzed using Rasch Measurement Model (RMM). The results from this study, managed to develop Information Structure Framework for ISMS. The proposed framework consists of information structure focuses on providing the information outline which is structured in a way, in which the components are put together to form a meaningful structure which can be navigated at any time. The framework contributes to the field of ISMS and certification area. The framework provides an awareness on knowing beforehand what to do and to what extent they are already conquering the information needed for getting clear direction and to develop ISMS.

show abstract

Information Technology Security Governance Approach Comparison in E-banking

Cited by 2 publications

References 16 publications

Analysing information security in a bank using soft systems methodology

Analysing information security in a bank using soft systems methodology

Information Structure Framework for ISMS Planning and Certification: Malaysian Data

Contact Info

Product

Resources

About