Article

Enhancing Information Security Risk Management for Organizations

Authors:
  • Independent Researcher
To read the full-text of this research, you can request a copy directly from the authors.

No full-text available

Request Full-text Paper PDF

To read the full-text of this research,
you can request a copy directly from the authors.

Article
Full-text available
This study aims to assess the level of maturity in the risk management practices of Yemeni banks and determine the extent of the gap that these institutions' security systems need to fill in order to reach the ideal level of maturity. To achieve this, a comprehensive survey approach is used, with 26 experts representing specialized experts in all 13 banks in the capital, Sana'a. An appropriate assessment framework and maturity model were selected and adapted to collect, process, analyze, and interpret the data. The main findings were that the Yemeni banking sector's ISMS only meets the requirements of the fourth ISRM maturity level in its practices relating to all information security risk management (ISRM) indicators and dimensions, with average MI values ranging from 3.58 to 4.08 and an overall average index not exceeding 3.84. The backup of the risk management processes is the most prominent strength of the banking sector's ISMS, while insufficient risk assessment and handling are the most significant disadvantages. With a one-level application gap, the TB bank's ISMS is the most compliant bank for risk management requirements, followed by the ISMS of the IYB, RDB, SB, QNB, NBY, SIB, YCB, IBY, and CAC banks; the YKB bank's ISMS is the least compliant bank for requirements. Other local studies have addressed the issue of information security assessment in the banking sector; however, this study takes a different track, discussing ISRM-related challenges and offering suggestions to help banks implement more beneficial policies, improve the security of their assets, and support business continuity.
ResearchGate has not been able to resolve any references for this publication.