Regulation-based information security maturity assessment framework

The COVID-19 pandemic has spurred organizations to move up their digitalization timeline to cope and address the challenges and emerging need for technology-enabled services, including the banking industry. However, the rapid shift in technology adoption also opened an avenue for threats as banks in...

Full description

Saved in:
Bibliographic Details
Main Author: Baltasar, Jonas Jason T.
Format: text
Language:English
Published: Animo Repository 2022
Subjects:
Online Access:https://animorepository.dlsu.edu.ph/etdm_comtech/2
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: De La Salle University
Language: English
Description
Summary:The COVID-19 pandemic has spurred organizations to move up their digitalization timeline to cope and address the challenges and emerging need for technology-enabled services, including the banking industry. However, the rapid shift in technology adoption also opened an avenue for threats as banks introduced new technologies coinciding with their security transformation initiatives. Equally, bank examiners face the same challenge in assessing and evaluating the Bank’s information security maturity as they also experience the precipitous technology adaptions and implementations. This capstone project proposes a regulation-based standard and objective approach for evaluating information security management maturity. The structured and comprehensive assessment framework address the varying perspectives and examiner experience confines in maturity assessments and information security. From a macro viewpoint, the results shall provide a banking sector maturity to contribute to the Bangko Sentral ng Pilipinas (BSP) regulation issuances, IT, and digital innovation initiatives. The proposed framework is anchored by the BSP circular 982, which provides enhanced guidelines for information security management. Globally accepted standards and regulations of other jurisdictions were evaluated and synthesized during the framework design. The proposed framework was validated by experts with more than 50 years of collective experience. The evaluation covered five (5) thematic areas: Maturity Tiers, Activities/Tasks, Understandability, Ease of use, and applicability and practicality. Validation results found the proposed maturity assessment framework applicable and practical, easy to use, and understand. In addition, there are recommendations given in the maturity tier and activities/tasks to help enhance the clarity and delineation amongst the tiers and activities/tasks. The experts’ unanimously affirmed that the proposed maturity assessment framework adequately covers the BSP Circular 982 objectives and successfully integrated with globally accepted standards and maturity assessment framework.