Information Security Management in Palestinian Banking

Recently, organizations’ reliance on technology, communications and information has been increased, and this is accompanied with the increase of cyber threats and social engineering. Therefore, information security issues not only occupy high importance in management plans of organizations, but also in the strategic planning of organizations. Banks are considered as one of the most important sectors that depend on information, and are one of the most significant sectors in Palestine; therefore, information security management in Palestinian banking was selected for this study. The aim of this study is to examine and review the current state of information security management in Palestinian banks, and measure the application degree of information security management controls in this sector, as well as to highlight issues related to information security management such as governance, compliance and risk. In addition it aims to identify respondents’ point of view on the degree of influence of research domains (People, Process, Product/Technology, Partners/Suppliers and data) on the effectiveness of information security management. The researcher used the descriptive analysis methodology, so he designed a questionnaire distributed to the staff of information technology and internal audit departments, working in headquarters in Palestinian banks that are licensed to operate from Palestine Monetary Authority (PMA). Therefore, 94 questionnaires were distributed, but only 82 questionnaires were valid for analysis, with response rate 87%. Research results showed that Palestinian banks are applying information security management controls in a High degree, but the “training and awareness of employees”, and “Data integrity checking” controls were applied in a Moderate degree. In addition, the study indicated that banks that have (10-19) branches are the highest Palestinian banks in applying information security management controls, and the banks that hold international information security management standard apply information security management controls higher than others. The research also found that People domain (employees) is the most influential domain on the effectiveness of Information Security Management, and relate this result to a "training and awareness to employees" control were applied moderately; this leads to the need of Palestinian banks to further training courses and information security awareness for employees. Moreover; the study recommended the Palestinian banks to give more importance to “Data integrity checking” control. The study also recommended the Palestinian banks to follow international information security management standards because of their impact on the application of Information Security Management controls.