Kenyan banks have exponentially embraced the use of information and communication technologies in their service provision. They have invested huge sums of money in implementing the self and virtual banking services with the objective of improving the quality of customer service. The study was conducted in the banking environment revealed that attaining high levels of business information integrity and overcoming users’ security fears are of utmost concern. The study has also clearly established that more than coping with a technology change, a risk management strategy should address the issues related to the ethical and social areas. The study concludes that a strategy fit with appropriate, adaptable and sustainable information security solutions that addresses various social, ethical and technological issues would create a positive and secure environment that would welcome information security in banking sectors. In addition, well-formulated management strategies, security policies and data management processes that are developed with the required flexibility are the key aspects to a faultless security solution that could meet tomorrow’s needs as well. In addition future studies should include the customer element to understand security issues from their viewpoint for a comprehensive information security solution in banks in Kenya.
Published in | American Journal of Networks and Communications (Volume 5, Issue 3) |
DOI | 10.11648/j.ajnc.20160503.11 |
Page(s) | 51-59 |
Creative Commons |
This is an Open Access article, distributed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits unrestricted use, distribution and reproduction in any medium or format, provided the original work is properly cited. |
Copyright |
Copyright © The Author(s), 2016. Published by Science Publishing Group |
Online Banking, Online Banking Risks, IS Risk Management, IS Risk Assessment
[1] | Central Bank of Kenya, Kenya Monthly Economic Review, CBK, Nairobi. |
[2] | Central Bank of Kenya, Historical background. Available fromhttps://www.centralbank.go.ke/index.php/component/content/article/23-deposit-protection-fundboard/134-historical-background |
[3] | Steven A. (2002), Information Systems: The Information of E-Business, New Jersey: Natalie Anderson, pp. 11-36 |
[4] | Tiwari, Rajnish & Buse, Stephan & Herstatt, Cornelius, (2007). "Mobile services in banking sector: The role of innovative business solutions in generating competitive advantage," Working Papers 48, Hamburg University of Technology (TUHH), Institute for Technology and Innovation Management. |
[5] | Power, M. (2009). The risk management of nothing. Accounting, Organizations and Society, 34 (6–7), 849–855. |
[6] | Allen, J. H. (2013). Risk-centered practices. Build security in. Retrieved from https://buildsecurityin.uscert.gov/articles/bestpractices/deploymentandoperations/riskcentered-practices |
[7] | Ingerman, B. L., & Yang, C. (2010). Top-ten IT issues, 2010. EDUCAUSE Review, 45 (3), 46-60. |
[8] | Kouns, J., & Minoli, D. (2010). Information technology risk management in enterprise environments: A review of industry practices and a practical guide to risk management teams. Hoboken, NJ: John Wiley & Sons. |
[9] | Landoll, D. (2011). The security risk assessment handbook: A complete guide for performing security risk assessments (2nd ed.). Boca Raton, FL: CRC Press. |
[10] | NIST Joint Task Force Transformation Initiative. (2011). Managing information security risk: organization, mission, and information system view: Recommendations of the National Institute of Standards and Technology (Vol. NIST Special Publication 800- 39). Gaithersburg, MD: National Institute of Standards and Technology (NIST). |
[11] | McCumber, J. (2005). Assessing and managing security risk in IT systems: A structured methodology. Boca Raton, FL: Auerbach. |
[12] | Johnson, E. M., Goetz, E., & Pfleeger, S. L. (2009). Security through information risk management. IEEE Security and Privacy, 7 (3), 45-52. |
[13] | McCallister, E., Grance, T., & Scarfone, K. (2009). Guide to protecting the confidentiality of personally identifiable information (PII) (Special Publication 800- 122 Draft). Gaithersburg, MD: National Institute of Standards and Technology. |
[14] | Kouns, J., & Minoli, D. (2010). Information technology risk management in enterprise environments: A review of industry practices and a practical guide to risk management teams. Hoboken, NJ: John Wiley & Sons. |
[15] | Landoll, D. (2011). The security risk assessment handbook: A complete guide for performing security risk assessments (2nd ed.). Boca Raton, FL: CRC Press. |
[16] | Yanosky, R. (2007). Shelter from the storm: IT and business continuity in higher education. Boulder, CO: EDUCAUSE Center for Applied Research. |
[17] | NIST Joint Task Force Transformation Initiative. (2011). Managing information security risk: organization, mission, and information system view: Recommendations of the National Institute of Standards and Technology (Vol. NIST Special Publication 800- 39). Gaithersburg, MD: National Institute of Standards and Technology (NIST). |
[18] | Tohidi, H. (2011). The role of risk management in IT systems of organizations. Procedia Computer Science, 3, 881-887. |
[19] | Blustain, H., Chinniah, N., Newcomb, S., Plympton, M., & Walsh, J. (2008). Information technology and services. College and University Business Administration. National Association of Colleges and University Business Officers (NACUBO). Retrieved from http://www.nacubo.org/Products/Online_Publications/CUBA_7.html |
[20] | Blustain, H., Chinniah, N., Newcomb, S., Plympton, M., & Walsh, J. (2008). Information technology and services. College and University Business Administration. National Association of Colleges and University Business Officers (NACUBO). Retrieved from http://www.nacubo.org/Products/Online_Publications/CUBA_7.html |
[21] | Beachboard, J., Cole, A., Mellor, M., Hernandez, S., Aytes, K., & Massad, N. (2008). Improving information security risk analysis practices for small- and medium-sized enterprises: A research agenda. Issues in Informing Science and Information Technology, 5, 73-85. |
[22] | Johnson, E. M., Goetz, E., & Pfleeger, S. L. (2009). Security through information risk management. IEEE Security and Privacy, 7 (3), 45-52. |
[23] | National Counterintelligence Policy Board. (2009). The national counterintelligence strategy of the United States of America. Retrieved from http://www.ncix.gov/publications/strategy/docs/NatlCIStrategy2009.pdf |
[24] | Ghernaouti-Helie, S., Tashi, I., & Simms, D. (2011). Optimizing security efficiency through effective risk management. Paper presented at the International Conference on Advanced Information Networking and Applications Workshops, Biopolis, Singapore. |
[25] | Ponnam, A., Harrison, B., & Watson, E. (2009). Information systems risk management: An audit and control approach. In J. N. D. Gupta & S. K. Sharma (Eds.), Handbook of research on information security and assurance (pp. 68-84). Hershey, PA: Information Science Reference. |
[26] | Bruijn, W. D., Spruit, M. R., & van den Heuvel, M. (2010). Identifying the cost of security. Journal of Information Assurance and Security, 5, 74-83. |
[27] | Peltier, T. R. (2010). Information security risk analysis (3rd ed.). Boca Raton, FL: Auerbach. |
[28] | European Network and Information Security Agency (ENISA). (2010). ENISA emerging and future risks framework: Introductory manual. Retrieved from http://www.enisa.europa.eu/act/rm/emerging-and-future-risk/deliverables/emergingandfuture-risks-framework-introductory-manual |
[29] | Ghernaouti-Helie, S., Tashi, I., & Simms, D. (2011). Optimizing security efficiency through effective risk management. Paper presented at the International Conference on Advanced Information Networking and Applications Workshops, Biopolis, Singapore. |
[30] | Nikolic, B., & Ruzic-Dimitrijevic, L. (2009). Risk assessment of information technology systems. Issues in Informing Science and Information Technology, 6, 595-615. |
[31] | Caralli, R. A., Stevens, J. F., Young, L. R., & Wilson, W. R. (2007). Introducing OCTAVE Allegro: Improving the information security risk assessment process (No. CMU/SEI-2007- TR-012, ESC-TR-2007-012). Pittsburgh, PA: Software Engineering Institute: Carnegie Mellon University. |
[32] | Ewell, C. V. (2009, June). A method [ology] to the madness. Information Security Magazine, 21-29. |
[33] | Landoll, D. (2011). The security risk assessment handbook: A complete guide for performing security risk assessments (2nd ed.). Boca Raton, FL: CRC Press. |
[34] | McCumber, J. (2005). Assessing and managing security risk in IT systems: A structured methodology. Boca Raton, FL: Auerbach. |
[35] | Peltier, T. R. (2010). Information security risk analysis (3rd ed.). Boca Raton, FL: Auerbach. |
[36] | Syalim, A., Hori, Y., & Sakurai, K. (2009, March). Comparison of risk analysis methods: Mehari, Magerit, NIST800-30 and Microsoft's Security Management Guide. Paper presented at the 2009 International Conference on Availability, Reliability and Security, Fukuoka, Japan. |
[37] | NIST Joint Task Force Transformation Initiative. (2011). Managing information security risk: organization, mission, and information system view: Recommendations of the National Institute of Standards and Technology (Vol. NIST Special Publication 800- 39). Gaithersburg, MD: National Institute of Standards and Technology (NIST). |
[38] | Caralli, R. A., Stevens, J. F., Young, L. R., & Wilson, W. R. (2007). Introducing OCTAVE Allegro: Improving the information security risk assessment process (No. CMU/SEI-2007- TR-012, ESC-TR-2007-012). Pittsburgh, PA: Software Engineering Institute: Carnegie Mellon University. |
[39] | Voloudakis, J. (2006). The continuing evolution of effective IT security practices. EDUCAUSE Review, 41 (5), 30-44. |
[40] | Ewell, C. V. (2009, June). A method [ology] to the madness. Information Security Magazine, 21-29. |
[41] | Peltier, T. R. (2010). Information security risk analysis (3rd ed.). Boca Raton, FL: Auerbach. |
[42] | Kouns, J., & Minoli, D. (2010). Information technology risk management in enterprise environments: A review of industry practices and a practical guide to risk management teams. Hoboken, NJ: John Wiley & Sons. |
[43] | European Network and Information Security Agency (ENISA). (2010). ENISA emerging and future risks framework: Introductory manual. Retrieved fromhttp://www.enisa.europa.eu/act/rm/emerging-and-future-risk/deliverables/emergingandfuture-risks-framework-introductory-manual |
[44] | International Organization for Standardization/International Electrotechnical Commission (ISO/IEC). (2008). Information technology—Security techniques—Information security risk management (Vol. ISO/IEC 27005). Geneva, Switzerland |
[45] | Leeden, K. (2010). Security without risk? Investigating information security among Dutch universities (Master’s thesis, University of Twente, Enschede, The Netherlands). Retrieved from http://purl.utwente.nl/essays/60026 |
[46] | Mugenda, O. M & Mugenda. A. G (1999). Research methods. quantitative and qualitative approaches. (pp. 46 - 48). Nairobi, Kenya: ACTS Press. |
APA Style
Collins Odhiambo Ndalo Jowi, Elisha Abade. (2016). Evaluation of Information Security Risk Assessment for Internet Banking Among Commercial Banks in Kenya. American Journal of Networks and Communications, 5(3), 51-59. https://doi.org/10.11648/j.ajnc.20160503.11
ACS Style
Collins Odhiambo Ndalo Jowi; Elisha Abade. Evaluation of Information Security Risk Assessment for Internet Banking Among Commercial Banks in Kenya. Am. J. Netw. Commun. 2016, 5(3), 51-59. doi: 10.11648/j.ajnc.20160503.11
AMA Style
Collins Odhiambo Ndalo Jowi, Elisha Abade. Evaluation of Information Security Risk Assessment for Internet Banking Among Commercial Banks in Kenya. Am J Netw Commun. 2016;5(3):51-59. doi: 10.11648/j.ajnc.20160503.11
@article{10.11648/j.ajnc.20160503.11, author = {Collins Odhiambo Ndalo Jowi and Elisha Abade}, title = {Evaluation of Information Security Risk Assessment for Internet Banking Among Commercial Banks in Kenya}, journal = {American Journal of Networks and Communications}, volume = {5}, number = {3}, pages = {51-59}, doi = {10.11648/j.ajnc.20160503.11}, url = {https://doi.org/10.11648/j.ajnc.20160503.11}, eprint = {https://article.sciencepublishinggroup.com/pdf/10.11648.j.ajnc.20160503.11}, abstract = {Kenyan banks have exponentially embraced the use of information and communication technologies in their service provision. They have invested huge sums of money in implementing the self and virtual banking services with the objective of improving the quality of customer service. The study was conducted in the banking environment revealed that attaining high levels of business information integrity and overcoming users’ security fears are of utmost concern. The study has also clearly established that more than coping with a technology change, a risk management strategy should address the issues related to the ethical and social areas. The study concludes that a strategy fit with appropriate, adaptable and sustainable information security solutions that addresses various social, ethical and technological issues would create a positive and secure environment that would welcome information security in banking sectors. In addition, well-formulated management strategies, security policies and data management processes that are developed with the required flexibility are the key aspects to a faultless security solution that could meet tomorrow’s needs as well. In addition future studies should include the customer element to understand security issues from their viewpoint for a comprehensive information security solution in banks in Kenya.}, year = {2016} }
TY - JOUR T1 - Evaluation of Information Security Risk Assessment for Internet Banking Among Commercial Banks in Kenya AU - Collins Odhiambo Ndalo Jowi AU - Elisha Abade Y1 - 2016/06/17 PY - 2016 N1 - https://doi.org/10.11648/j.ajnc.20160503.11 DO - 10.11648/j.ajnc.20160503.11 T2 - American Journal of Networks and Communications JF - American Journal of Networks and Communications JO - American Journal of Networks and Communications SP - 51 EP - 59 PB - Science Publishing Group SN - 2326-8964 UR - https://doi.org/10.11648/j.ajnc.20160503.11 AB - Kenyan banks have exponentially embraced the use of information and communication technologies in their service provision. They have invested huge sums of money in implementing the self and virtual banking services with the objective of improving the quality of customer service. The study was conducted in the banking environment revealed that attaining high levels of business information integrity and overcoming users’ security fears are of utmost concern. The study has also clearly established that more than coping with a technology change, a risk management strategy should address the issues related to the ethical and social areas. The study concludes that a strategy fit with appropriate, adaptable and sustainable information security solutions that addresses various social, ethical and technological issues would create a positive and secure environment that would welcome information security in banking sectors. In addition, well-formulated management strategies, security policies and data management processes that are developed with the required flexibility are the key aspects to a faultless security solution that could meet tomorrow’s needs as well. In addition future studies should include the customer element to understand security issues from their viewpoint for a comprehensive information security solution in banks in Kenya. VL - 5 IS - 3 ER -