| Pub. Date | : Jul, 2020 |
|---|---|
| Product Name | : The IUP Journal of Computer Sciences |
| Product Type | : Article |
| Product Code | : IJCS10720 |
| Author Name | : Kibreab Adane |
| Availability | : YES |
| Subject/Domain | : Management |
| Download Format | : PDF Format |
| No. of Pages | : 13 |
Security in financial institutions has become a crucial point to be considered, from design to deployment of the ICT systems, with proper care and follow-up. Today, most of the organizations have been transforming their professional activities towards end-to-end automation. Once the ICT systems or the data centers get connected via the internet, they are vulnerable or accessible to and threatened by malicious actors both from inside and outside the organization. Moreover, insiders cannot be easily detected, defended or quarantined because they are trusted insider employees. They do make innocent mistakes and sometimes erroneously pass on confidential customer records to outsiders. Their intention and coding conventions also cannot be easily traced, detected or disclosed. Hence, it is vital for the financial institutions to employ real-time surveillance to secure and protect organizational computing, communication and collaboration activities with data/ information integrity. These kinds of issues and challenges are common in the financial institutions of Ethiopia. As a matter of fact, there is an acute shortage of cyber security specialists in Ethiopia who can provide adequate security awareness and training to the stakeholders. To address the aforementioned issues and challenges, the paper has designed and developed advisory knowledge-based expert system which can identify and mitigate unintentional insider threats in financial institutions of Ethiopia with a structured guideline for legitimate users. Prolog has been used to develop the prototype of knowledge-based expert system. The paper applies exploratory applied research using quantitative approach, and rule-based approach is used as knowledge representation technique.
Insider threats are posed by individuals (such as current or former employees, part-time employees, temporary employees, contractors and trusted business partners) who have or had authorized access to the organization's critical assets (such as people, information, technology and facilities), use that access intentionally or unintentionally (fraud, theft of intellectual property, cyber sabotage, espionage, workplace violence, social engineering, accidental disclosure and accidental loss or disposal of equipment or documents) to act in a way that could harm the organization's employees, degrade information systems, disrupt the organization's ability to meet its mission, cause damage to organization's reputation and harm organization's clients (Trzeciak and Costa, 2018).
Insider threat, Security, Mitigation, Financial institutions