Analysing information security in a bank using soft systems methodology. (10th July 2017)
- Record Type:
- Journal Article
- Title:
- Analysing information security in a bank using soft systems methodology. (10th July 2017)
- Main Title:
- Analysing information security in a bank using soft systems methodology
- Authors:
- Damenu, Temesgen Kitaw
Beaumont, Chris - Abstract:
- Abstract : Purpose: This paper aims to explore the use of soft systems methodology (SSM) to analyse the socio-technical information security issues in a major bank. Design/methodology/approach: Case study research was conducted on a major bank. Semi-structured interviews with a purposive sample of key stakeholders in the business, comprising senior managers, security professionals and branch employees were conducted. Findings: SSM was particularly useful for exploring the holistic information security issues, enabling models to be constructed which were valuable analytical tools and easily understood by stakeholders, which increased the receptiveness of the bank, and assisted with member validation. Significant risks were apparent from internal sources with weaknesses in aspects of governance and security culture. Research limitations/implications: This research uses a single case study and whilst it cannot be generalised, it identifies potential security issues others may face and solutions they may apply. Practical implications: Information security is complex and addresses technical, governance, management and cultural risks. Banking attacks are changing, with greater focus on employees and customers. A systemic approach is required for full consideration. SSM is a suitable approach for such analysis within large organisations. Originality/value: This study demonstrates how important benefits can be obtained by using SSM alongside traditional risk assessment approaches toAbstract : Purpose: This paper aims to explore the use of soft systems methodology (SSM) to analyse the socio-technical information security issues in a major bank. Design/methodology/approach: Case study research was conducted on a major bank. Semi-structured interviews with a purposive sample of key stakeholders in the business, comprising senior managers, security professionals and branch employees were conducted. Findings: SSM was particularly useful for exploring the holistic information security issues, enabling models to be constructed which were valuable analytical tools and easily understood by stakeholders, which increased the receptiveness of the bank, and assisted with member validation. Significant risks were apparent from internal sources with weaknesses in aspects of governance and security culture. Research limitations/implications: This research uses a single case study and whilst it cannot be generalised, it identifies potential security issues others may face and solutions they may apply. Practical implications: Information security is complex and addresses technical, governance, management and cultural risks. Banking attacks are changing, with greater focus on employees and customers. A systemic approach is required for full consideration. SSM is a suitable approach for such analysis within large organisations. Originality/value: This study demonstrates how important benefits can be obtained by using SSM alongside traditional risk assessment approaches to identify holistic security issues. A holistic approach is particularly important given the increasing complexity of the security threat surface. Banking was selected as a case study because it is both critical to society and is a prime target for attack. Furthermore, developing economies are under-represented in information security research, this paper adds to the evidence base. As global finance is highly interconnected, it is important that banks in such economies do not comprise a weak link, and hence, results from this case have value for the industry as a whole. … (more)
- Is Part Of:
- Information and computer security. Volume 25:Number 3(2017)
- Journal:
- Information and computer security
- Issue:
- Volume 25:Number 3(2017)
- Issue Display:
- Volume 25, Issue 3 (2017)
- Year:
- 2017
- Volume:
- 25
- Issue:
- 3
- Issue Sort Value:
- 2017-0025-0003-0000
- Page Start:
- 240
- Page End:
- 258
- Publication Date:
- 2017-07-10
- Subjects:
- Information security culture -- Banking security -- Information security management system (ISMS) -- Security governance -- Socio-technical risks -- Soft systems methodology (SSM)
Computer security -- Management -- Periodicals
Computer networks -- Security measures -- Periodicals
Data protection -- Management -- Periodicals
658.47 - Journal URLs:
- http://www.emeraldinsight.com/loi/ics ↗
http://www.emeraldinsight.com/ ↗ - DOI:
- 10.1108/ICS-07-2016-0053 ↗
- Languages:
- English
- ISSNs:
- 2056-4961
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 4481.796000
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 4437.xml