Information Security Risk Management in Yemeni Banks: An Evaluation of Current Practices
Information Security Risk Management in Yemeni Banks: An Evaluation of Current Practices |
||
 |
 |
|
| © 2023 by IJETT Journal | ||
| Volume-71 Issue-4 |
||
| Year of Publication : 2023 | ||
| Author : Abdualmajed A. G. Al-Khulaidi, Mujib M. Y. Al-Ashwal, Adel. A. Nasser, Nada K. Al-Anesi |
||
| DOI : 10.14445/22315381/IJETT-V71I4P220 | ||
How to Cite?
Abdualmajed A. G. Al-Khulaidi, Mujib M. Y. Al-Ashwal, Adel. A. Nasser, Nada K. Al-Anesi, "Information Security Risk Management in Yemeni Banks: An Evaluation of Current Practices," International Journal of Engineering Trends and Technology, vol. 71, no. 4, pp. 225-237, 2023. Crossref, https://doi.org/10.14445/22315381/IJETT-V71I4P220
Abstract
This study aims to assess the level of maturity in the risk management practices of Yemeni banks and determine the extent of the gap that these institutions' security systems need to fill in order to reach the ideal level of maturity. To achieve this, a comprehensive survey approach is used, with 26 experts representing specialized experts in all 13 banks in the capital, Sana'a. An appropriate assessment framework and maturity model were selected and adapted to collect, process, analyze, and interpret the data. The main findings were that the Yemeni banking sector's ISMS only meets the requirements of the fourth ISRM maturity level in its practices relating to all information security risk management (ISRM) indicators and dimensions, with average MI values ranging from 3.58 to 4.08 and an overall average index not exceeding 3.84. The backup of the risk management processes is the most prominent strength of the banking sector's ISMS, while insufficient risk assessment and handling are the most significant disadvantages. With a one-level application gap, the TB bank's ISMS is the most compliant bank for risk management requirements, followed by the ISMS of the IYB, RDB, SB, QNB, NBY, SIB, YCB, IBY, and CAC banks; the YKB bank's ISMS is the least compliant bank for requirements. Other local studies have addressed the issue of information security assessment in the banking sector; however, this study takes a different track, discussing ISRM-related challenges and offering suggestions to help banks implement more beneficial policies, improve the security of their assets, and support business continuity.
Keywords
Information security, Information security assessment, Gap analysis, Maturity model, Risk management practices, yemeni banks.
References
[1] Hisham Hassan, and Panteha Farmanesh, “Customer Adoption of Self-Service Technologies in Jordan: Factors Influencing the Use of Internet Banking, Mobile Banking, and Telebanking,” Management Science Letters, vol. 12, no. 3, pp. 193-206, 2022.
[Google Scholar] [Publisher Link]
[2] Belinda L. Del Gaudio et al., “How do Mobile, Internet and ICT Diffusion Affect the Banking Industry? An Empirical Analysis,” European Management Journal, vol. 39, no. 3, pp. 327–332, 2021.
[CrossRef] [Google Scholar] [Publisher Link]
[3] Katarina Stalmachova, Roman Chinoracky, and Mariana Strenitzerova, “Changes in Business Models Caused by Digital Transformation and the Covid-19 Pandemic and Possibilities of Their Measurement—Case Study,” Sustainability, vol. 14, no. 1, pp. 127, 2022.
[CrossRef] [Google Scholar] [Publisher Link]
[4] Snopkov, V. N., A. A. Nasser, and Alexander Viktorovich Ivanov. "Neural network modeling and mathematical algorithms in the differential diagnosis of diabetic retinopathy," Bulletin of the Southwestern State University, 2-1, pp. 50-57, 2012.
[Google Scholar]
[5] Swapan Ghosh et al., “Digital Transformation of Industrial Businesses: A Dynamic Capability Approach,” Technovation, vol. 113, 2022.
[CrossRef] [Google Scholar] [Publisher Link]
[6] A. A. Nasser, "Information-Analytical Support and Information Modeling of Decision-Making Processes in Various Subsystems of the University," Contemporary Research and Innovation, vol. 8, pp. 4-4, 2011.
[Google Scholar]
[7] Xuanli Xie, and Shihui Wang, “Digital Transformation of Commercial Banks in China: Measurement, Progress and Impact,” China Economic Quarterly International, vol. 3, no. 1, pp. 35-45, 2023.
[CrossRef] [Google Scholar] [Publisher Link]
[8] Alexeis Garcia-Perez et al., “Resilience in Healthcare Systems: Cyber Security and Digital Transformation,” Technovation, vol. 121 2023.
[CrossRef] [Google Scholar] [Publisher Link]
[9] Nehal Chatterjee, and Ratul Goswami, “Information Technology and Security Analysis,” International Journal of Computer Trends and Technology, vol. 68, no. 10, pp. 66-68, 2020.
[CrossRef] [Publisher Link]
[10] Dervis Kirikkaleli, and Emine Ünar Kayar, “The Effect of Economic, Financial and Political Stabilities on the Banking Sector: Cases of Six Balkan Countries,” Sustainability, vol. 15, no. 4, pp. 3000, 2023.
[CrossRef] [Google Scholar] [Publisher Link]
[11] Luca Allodi, and Fabio Massacci, “Security Events and Vulnerability Data for Cybersecurity Risk Estimation,” Risk Analysis, vol. 37, no. 8, pp. 1606–1627, 2017.
[CrossRef] [Google Scholar] [Publisher Link]
[12] A. A. Nasser, “Information Security Gap Analysis Based on ISO 27001: 2013 standard: A case study of the Yemeni Academy for Graduate Studies Sana’a Yemen,” International Journal of Scientific Research Multidisciplinary Studies, vol. 3, no. 11, pp. 4-13, 2017.
[Google Scholar] [Publisher Link]
[13] A. A. Nasser Al-Shameri, “Hierarchical Multilevel Information security gap analysis models based on ISO 27001: 2013,” International Journal of Scientific Research in Multidisciplinary Studies, vol. 3, no. 11, pp. 14-23, 2017.
[Google Scholar] [Publisher Link]
[14] Nilo Legowo, and Yoyo Juhartoyo, “Risk Management; Risk Assessment of Information Technology Security System at Bank Using ISO 27001,” Journal of System and Management Sciences, vol. 12, no. 3, pp. 181-199, 2022.
[Google Scholar] [Publisher Link]
[15] Harrison Stewart, “Why ISO27001 Certified Organizations Still Experience Data Leakage?,” Journal of Digital Information Management, vol. 20, no. 3, no. 91, 2022.
[CrossRef] [Google Scholar] [Publisher Link]
[16] Adel A. Nasser, Abdualmajed A. Al-Khulaidi, and Mijahed N. Aljober, “Measuring the Information Security Maturity of Enterprises under Uncertainty Using Fuzzy AHP,” International Journal of Information Technology and Computer Science, vol. 10, no. 4, pp. 10-25, 2018.
[CrossRef] [Google Scholar] [Publisher Link]
[17] V.Usha Bala, and B.D.C.N.Prasad, "Steering the Enterprise’s Information System Security Risks in Relation with Uncertainty (Information System,Risks)," SSRG International Journal of Computer Science and Engineering , vol. 5, no. 2, pp. 5-8, 2018.
[CrossRef] [Publisher Link]
[18] Adel A. Nasser, Nada Kh. A. Al Ansi, and Naif A. N. Al Sharabi, “On the Standardization Practices of the Information Security Operations in Banking Sector: Evidence from Yemen,” International Journal of Scientific Research in Computer Science and Engineering, vol. 8, no. 6, pp. 8–18, 2020.
[Google Scholar] [Publisher Link]
[19] Abdualmajed A. G. Al-Khulaidi et al., “Information Security Gap Analysis: An Applied Study on The Yemeni Banking Sector's Technology and Innovation Practices,” Seybold Report journal, vol. 17, no. 10, pp. 2493–2519, 2022.
[CrossRef] [Google Scholar] [Publisher Link]
[20] Abdualmajed A. G. Al-Khulaidi et al., "Information Security Governance: An Exploration Study of Yemeni Banks' Information Security Management Systems,” Seybold Report journal, vol. 17, no. 10, pp. 133-153, 2022.
[CrossRef] [Google Scholar] [Publisher Link]
[21] Yudi Fernando et al., “Cyber Supply Chain Risk Management and Performance in Industry 4.0 era: Information System Security Practices in Malaysia,” Journal of Industrial and Production Engineering, vol. 40, no. 2, pp. 102–116, 2022.
[CrossRef] [Google Scholar] [Publisher Link]
[22] Khairur Razikin, and Benfano Soewito, “Cybersecurity Decision Support Model to Designing Information Technology Security System Based on Risk Analysis and Cybersecurity Framework,” Egyptian Informatics Journal, vol. 23, no. 3, pp. 383-404, 2022.
[CrossRef] [Google Scholar] [Publisher Link]
[23] I.Lakshmi, "A Study on the Internet of Things and Cyber Security with Intruders and Attacks," International Journal of P2P Network Trends and Technology, vol. 9, no. 3, pp. 4-13, 2019.
[Publisher Link]
[24] Richard Busulwa, Navigating Digital Transformation in Management, The Digital Business and Digital Transformation Imperatives, Routledge Taylor & Francis group, 2022.
[Publisher Link]
[25] Adel Abdulsalam Nasser, “Information-Analytical Support and Information Modeling of Decision-Making Processes in Various Subsystems of the University,” Modern Scientific Research And Innovation, no. 8, pp. 4-4, 2011.
[Google Scholar]
[26] S. S. Olimov, and D. I. Mamurova, “Information Technology in Education,” Pioneer: Journal of Advanced Research and Scientific Progress, vol. 1, no. 1, pp. 17-22, 2022.
[Publisher Link]
[27] Adel Abdulsalam Nasser, "The Concept of Building an Information System of the University Based on the Structural and Functional Analysis of Information Flows," Bulletin of APK Upper Volga 1, pp. 81-85, 2021.
[Google Scholar]
[28] Gulamov, A. A., S. N. Mikhailov, and A. A. Nasser, "Model of the processes of information and analytical support of scientific research of the university," Information-measuring and control systems, vol. 9, no. 4, pp. 28-31, 2011.
[Google Scholar]
[29] Subir Kochar et al., "Enhancing Information Security Risk Management for Organizations,” International Journal of Computer and Organization Trends, vol. 5, no. 2, pp. 55-59, 2015.
[CrossRef] [Publisher Link]
[30] Donghua Chen, and Runtong Zhang, “Exploring Research Trends of Emerging Technologies in Health Metaverse: A Bibliometric Analysis,” SSRN Electronic, 2022.
[Google Scholar] [Publisher Link]
[31] Abed Saif Ahmed Alghawli, Adel A. Nasser, and Mijahed N. Aljober, “A Fuzzy MCDM Approach for Structured Comparison of the Health Literacy Level of Hospitals,” International Journal of Advanced Computer Science and Applications, vol. 12, no. 7, pp. 81-97, 2021.
[CrossRef] [Google Scholar] [Publisher Link]
[32] Bobyr M.V., Nasser A.A., and Abduljabbar M., “Research of the Properties of Soft Fuzzy-Logical Inclusion Algorithm,” Proceedings of the Southwestern State University, vol. 1, pp. 31-49, 2016.
[Google Scholar]
[33] G. Saravanan et al., “Implementation of IoT in Production and Manufacturing: An Industry 4.0 approach,” Materials Today: Proceedings, vol. 5, pp. 2427–2430, 2022.
[CrossRef] [Google Scholar] [Publisher Link]
[34] Ibrahim Daud et al., “The Effect of Digital Marketing, Digital Finance and Digital Payment on Finance Performance of Indonesian SMEs,” International Journal of Data and Network Science, vol. 6, no. 1, pp. 37–44, 2022.
[Google Scholar] [Publisher Link]
[35] Roel van Klink et al., “Emerging Technologies Revolutionise Insect Ecology and Monitoring,” Trends in Ecology & Evolution, vol. 37, no. 10, pp. 872–885, 2022.
[CrossRef] [Google Scholar] [Publisher Link]
[36] Miton Abel Konnon et al., "An Extended Layered Information Security Architecture (ELISA) for e-Government in Developing Countries," International Journal of Engineering Trends and Technology, vol. 71, no. 1, pp. 109-123, 2023.
[CrossRef] [Google Scholar] [Publisher Link]
[37] Tory Cenaj, “Accelerating Digital Health Trends and Transformation through Scientific Communications,” Blockchain in Healthcare Today, 2021.
[CrossRef] [Google Scholar] [Publisher Link]
[38] Chat Chuchuen, “The Perception of Mobile Banking Adoption: The Study of Behavioral, Security, and Trust in Thailand,” International Journal of Social Science and Humanity, vol. 6, no. 7, pp. 547–550, 2016.
[CrossRef] [Google Scholar] [Publisher Link]
[39] Chirag Goel, “Information Security Least Privilege Requirement Analysis for SQL Database Backups,” International Journal of Computer Trends and Technology, vol. 68, no. 1, pp. 35-37, 2020.
[CrossRef] [Publisher Link]
[40] John R.S. Fraser, Rob Quail, and Betty J. Simkins, “Questions asked About Enterprise Risk Management by Risk Practitioners,” Business Horizons, vol. 65, no. 3, pp. 251–260, 2022.
[CrossRef] [Google Scholar] [Publisher Link]
[41] Nnatubemugo Innocent Ngwum, “Information Security Maturity Model (ISMM),” M.S. thesis, the University of Manchester, 2013.
[CrossRef] [Google Scholar] [Publisher Link]
[42] Gulamov, A. A., and A. Nasser, "Information model of university library resources management," Actual problems of infotelecommunications, 2010.
[Google Scholar]
[43] Adel A. Nasser, M.M. Saeed, and Mijahed N. Aljober, “Application of Selected MCDM Methods for Developing a Multi-Functional Framework for Eco-Hotel Planning in Yemen,” International Journal of Computer Sciences and Engineering, vol. 9, no. 10, pp. 7–18, 2021.
[CrossRef] [Google Scholar] [Publisher Link]