Enhancing Cyber Security Measures Against Advanced Persistent Threats

Enhancing Cyber Security Measures Against Advanced Persistent Threats

CHAPTER ONE

Objective of the Study

General Objective

The general objective of this study is proposing a cybersecurity auditing framework that enables bank industries to perform effective and efficient cyber security measures.

Specific Objectives

The specific objective of the research included:

• assess the existing practices and process of cyber security measures systems and the methods and techniques used in selected Nigerian banks
• identify variations in cyber security systems and process and major causes of their
• identify the predominant problems that impedes the cyber security measures process in the banking sector in
• assess different cyber security frameworks which are done by different scholars across the world.
• propose a cyber-security auditing framework that can address the current challenges and, standardize the process of cyber security management, this can be applied in Nigerian bank
• validate the framework based on the actual environment

CHAPTER TWO

REVIEW OF LITERATURE AND RELATED WORKS

Introduction

In this chapter, the researcher has tried to review the Overview of Cyber security measures and its theoretical and empirical framework in a bank sector. The reviewed points are: Overview of Cyber Security, Auditing Activities and implication process, Cyber security measures (CSA), Steps and procedures for security Audit, Cyber security measures Standards and regulations, Cyber security Audit Frameworks (CSAF), Cyber security measures Tool.

Overview of Cyber Security (CS)

Cyber security has become the heart of modern banking in our world today, and information has come to be the most valuable asset to protect from insiders, outsiders and competitors. The application of information technology has brought about significant changes in the way the institutions in the banking sector process and store data. This sector is now composed to face various developments such as internet banking, mobile banking, e-money, e-cheque, e-commerce etc., as the most modern methods of delivery of services to the customers. However, Customers are very concerned about privacy and identity of theft. Business partners, suppliers, and vendors are seeing security as the top requirement, particularly when providing mutual network and data access. Banks’ ability to take advantage of new opportunities often depends on their ability to provide open, accessible, available, and secure network services.

Having a good reputation for safeguarding data’s and information’s will increase market share and profit. Banks are clearly responsible for compromised data in their possession that results in fraud. Therefore, banks have to be responsible for fraudulent activity perpetrated via the internet channel.

Telecommunication networks have played a catalytic role in the expansion and integration of the Cyber Security (CS), within and between the institutions, facilitating data accessibility to different users. In view of the critical importance of Cyber Security (CS), there is a need to exercise constant vigilance for the safety of the financial systems. Structured, well defined and documented security polices, standards and guide lines lay the foundation for good cyber security.

CyberSecurity Management

Cyber Security management is the process of protecting electronic and non-electronic information assets against the risks of loss, misuse, damage, and disclosure or corruption.

ISO/IEC 27002:2005 is an international standard, refers to a code of practice for cyber security management, and is intended as a common basis and practical guideline for developing organizational security standards and effective management practices. According to this standard contains guidelines and best practices recommendations for these 10 security domains. Implementing a Cyber Security Management System involves with 3 key aspects of an organization; physical and environmental aspect, Management aspect and Operational aspect. Hence, the concept denotes those 3key aspects in the bank related to the direction and control of the cyber security over information assets.

₦5,000.00 – DOWNLOAD CHAPTERS 1-5 PROCEED TO DOWNLOAD Added to cart

 

CHAPTER THREE 

RESEARCH DESIGN AND METHODOLOGY

This chapter presents what research design and method was used to answer the research questions designed. Overview of the research methods: which includes qualitative, quantitative and mixed research methods are made and choice of the research methods and the reasons for that is stated. Questions answered in this part are: What research paradigm is used? How samples for the study are selected and why? What data collection techniques are employed? How data is analyzed? What instrument is used for data analysis?

Research Design

The research design was comprised by the result of the literature review. The study was conducted using survey questionnaire, document analysis, and interview as a method of data collection and mixed research method as a research paradigm

A mixed research method which combines both quantitative and qualitative method was employed to identify the existing cyber security audit system. The research begins with literature review by assessing previous researches conducted by different scholars and experts on cyber security in general and in the banking industry in particular in Nigeria context. [40]. For the purpose of data collection, survey questionnaires and interview which are validated by selected expertise were employed to gathered relevant information that goes with the research study problems. Data were encoded and analyzed by using SPSS version 20 and MS-excel programs, and the findings were discussed and interpreted. Finally, a workable framework was being proposed, in order to mitigate the existing cyber security measures problems.

Population and Sampling

According to the report from the National Bank of Nigeria, there are about 20 banks found in Nigeria owned by both Public and Private. All of these banks are currently engaged in financial transaction that includes, currency exchange, providing loan; depositing public moneys etc. These major activities are currently highly supported by information technologies. Among the existing banks the researcher used purposive sampling in order to select the banks.

CHAPTER FOUR

DATA PRESENTATION AND ANALYSIS

Introduction

Data analysis involves critical thinking. The data analysis is done after collecting all the data from the respondents. Thus, the analysis of the study follows the objective of the research. The findings are organized in to three basic categories namely, Administrative, Technical, and physical & Environmental security. Each category has list of security domains. In this section the findings of the study and its interpretations are presented under each question items whereas suggestions are stated at the end of each security category. Moreover, the data were analyzed using statistical tools, such as graphs, tabulation and percentage using Microsoft Excel. Whereas, the data from interviews and observations were presented using thematic coding to assess the existing cyber security measures for banking sector in Nigerian. The responses obtained through questionnaires were integrated with interview results and physical observation in order to address the research questions.

Study Sample

The following banks were included in the study. These are: Commercial Bank of Nigeria (CBE), Dashen Bank S.C. (DB), Abyssinia Bank S.C. (AB) and Nib International Bank S.C. (NIB). These banks were selected by purposive sampling method.

CHAPTER FIVE 

CONCLUSIONS, RECOMMENDATIONS AND FUTURE WORKS

This chapter presents recommendations for the banking industry in general and particularly for Nigeria banking industry; based on conclusions of the research described in the thesis, the objectives of the research, outlined in chapter one are reviewed and addressed their achievement. Finally, proposals for future work are suggested.

CONCLUSIONS

In today’s technological and social environment, cyber security is a very important part of a banking system. Business partners, suppliers, customers, and vendors require high cyber security from one to another, particularly when providing mutual network and data & information access. Banks’ ability to take advantage of new opportunities often depends on its ability to provide open, accessible, available, and secure network connectivity and services.

The general objective of this research was to propose generic cyber security measures for banking sector in Nigeria. To achieve this objective, the researcher selected Nigeria banking sector to understand the current cyber security measures by investigating the readiness situation and identify factors that influence security audit implementation on the industry. After sharing experiences and knowledge from the survey study, then put it in to the existing knowledge on the subject matter, which identified from document analysis and literature reviews. Finally, a new framework has been developed to help the banking industry for exercising cyber security audit activity. The empirical study was done through mixed research method; questionnaire designed was based on ISO, NIST, and ICT security readiness checklist based on twelve minimum security requirements and data was conducted with professionals, having good experience on the subject, by using Fredric framework model. Therefore, based on the researches finding, Nigeria banking industries are at low level of readiness. The capability to conduct cyber security audit partly depends on the existence of policies, procedures and processes, which the majority of Nigeria banking industries are lacking. The existence trained man power in the area, consulting firms specialized in cyber security measures, IT staffs readiness, etc. also have low readiness in the country. The study shows it is in adequate. To solve the existing situation we recommend having cyber security measures. It enables organizations to have standardized approach of addressing cyber security measures by realizing the requirements: cyber security polices, standards, procedure and processes in the different security management domains. Therefore, the research proposes a workable cyber security measures that contributes for the industry as a starting point for cyber security measures.

Recommendations

1. The framework can be used as an initial effort for practitioners in the banking industry to manage their cyber  The results of the research also imply the need for further researches to make the framework more compressive and useful.
2. The framework should also be inclusive through rigorous testing to minimize the limitation of the framework
3. The framework should also be strong through upgrading it elements in different approaches
4. There need continues follow up for its validation as per the dynamic cyber security challenges of the real-world.
5. The Organizational management aspect, operational aspects and the physical and environmental aspect should fit to the best level of the current challenge, mitigation
6. Beside the above listed recommendation there needs cyber security training for all employees in organization is important;
7. Frequent workshops or seminars should be organized on cyber security on top of training;
8. Government and other responsible organizations need to formulate ethical hackers team and cyber security audit firms by encouraging with some special benefit (like tax shield, office facility) up until the proper awareness about cyber security audit made to people and organizations in the country;
9. Need to formulate security professions association for challenging things in group:
10. Encourage researchers to work more on security and related areas to develop more personnel in the area.
11. A national or regulatory bodies that manages and leads the country’s cyber security needs to formulate a program and give training to different organizations in country about the use of cyber security and policies;
12. Laws and policies must define what is right what is wrong as well as what penalties are put in place for violating security policy and prepare legal framework for security audit;

FutureWorks

Generally, cyber security is still a very complex field of research, with a lot of unexplored facts in the areas. Therefore, we recommend that, the subject needs more researches to explore essentials. But particularly, as it is stated on scope and limitation section, the scope of this research was proposing cyber security audit framework only for banking sectors. However, as a future work researchers need to address the following:

• The situation in other financial institutions, governmental organizations and/or generally designs international or national approach that could benefit general public, organizations and individuals help to solve the real cyber security
• Although, in the banking sector, quality of services and technological adoption is their major focus but, there is a trade-off strong security implementation and internal control with their  Therefore, it has to be considering for future research.
• Enhancing the same research by considering all branches of
• Due to time constraint the researcher couldn’t properly explore the proof of concepts in adequate testing environment and
• Determine the impact level of trust, ethical conduct, and culture on the process of CSRM development and implementation in banking
• To make users life easy , this research work shall be changed to research project based on model that was proposed by this research framework and better to create some mechanical or robotic techniques to implement quantitative measurement of judgments( to avoid some subjective decisions of High, Low, or Medium)

References

• Abiy, W., and Lemma, L. Information Security Culture in the Banking Sector. Nigeria.5th ICT 2012 Nigeria Conference. Venue: UN ECA, Abuja, Nigeria, (2012),
• Ana-maria, nizol & F. Gheorghe, “Audit for information system security”, Informatical economical Vol, 14, no. 1/2010, pp5, 2010, retrieval from http: // revistaie.ase.ro/content/53/049620 suduc, % 2013, 201, %20Filip.pdf, last accessed on October 2012.
• Anene, L. N., & Annette, L. S.. An Architectural and Process Model Approach to InformationSecurity  Lawrence Technological University. (2007)
• AnonInternational Journal of Electronic Security and Digital Forensics [Online] 2(3), 306– 321Retrievedfrom: http://www.inderscience.metapress.com/openurl.asp?genre=article&issn=1751- 911X&volume=2&issue=3&spage=306. Accessed Date: 12 Sep 2012 9:31 AM, (2009).

• Catherine, D. “Introduction to Research Methods a Practical guide for any one undertaking aResearch Project”, Oxford, 2009, 4^th
• Ettaul1, L. Rathod, V. “The zachman framework, the owner’s perspective & security” retrievedfrom http://www.mcs.csueastabl.e.Last accessed on March
• Franklin D. Kramer, An Integrated Governmental Strategy for Progress, IOSR – JCE pp. 136-150, (2011),http://www.jstor.org/stable/43133822.
• J. B. Discovering information Security Management. Stockholm: Department of Computer and Systems Sciences Stockholm University & Royal Institute of Technology. (2005).
• George, S., Dawn, C., Andrew, M., Randall, T., Timothy, S., & Lori, F. Common Sense Guide to Mitigating Insider Threats 4th Edition. Software Engineering Institutes. (2012).
• Griffin L. K. “Analysis & comparison of DODAF and ZACHMAN framework for use as theArchitecture   for   the   united   states   coast   guard’s   Maritime   patrol   coastal   (WPC)”

₦5,000.00 – DOWNLOAD CHAPTERS 1-5 PROCEED TO DOWNLOAD Added to cart