Information security management scaffold for mobile money systems in uganda

Fredrick Kanobe, Margaret Patricia Alexander, Kelvin Joseph Bwalya

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

1 Citation (Scopus)


Mobile money systems are widely accepted in Uganda as an easy way to transfer money and to settle domestic financial matters. However, although these systems play a critical role in bridging the financial inclusion gap, several oversight issues need to be addressed. Previous mobile money systems security studies focussed on technical applications and solutions paying less attention to subjective Information security management. The current study sought to understand information security management for mobile money systems using Uganda as a case study in order to develop an information security management framework suitable for mobile money systems in Uganda. Specific objectives included a detailed study of existing information security policies, procedures and standards, investigating and determining their weaknesses, developing and recommending a suitable framework and validating that framework. The case study involved three mobile network operators. Activity Theory guided the study throughout. Management of information security in mobile money systems was easy to understand when investigated as activities and allowed contradictions surrounding mobile money systems to be highlighted. The data collection methods used were semi-structured interviews and an internal documents review. The findings of the study revealed that there were insufficient tools, rules, community and division of labour for information security awareness related to outsourcing, risk management, business continuity planning and incident management. Furthermore, there appeared to be inadequate compliance monitoring, management controls and top management support for mobile money information security activities. The study contributes to theoretical, methodological, body of knowledge in information security management, practice and new areas of future research in information systems security for mobile money systems. In conclusion, the rules, tools, community and division of labour employed by the subjects (MNOs) to attain the intended objects and outcomes of the identified activities were found to be wanting and this indicates that continuous review and updating is needed. Mobile money systems and the associated activities, like any other information systems, are dynamic and require continuous updates. The PDCA (Plan, Do, Check, Act) approach to mobile money information security management activities is recommended for addressing information security management concerns for mobile money systems in Uganda.

Original languageEnglish
Title of host publicationProceedings of the 18th European Conference on Cyber Warfare and Security, ECCWS 2019
EditorsTiago Cruz, Paulo Simoes
PublisherCurran Associates Inc.
Number of pages9
ISBN (Electronic)9781912764280
Publication statusPublished - 2019
Event18th European Conference on Cyber Warfare and Security, ECCWS 2019 - Coimbra, Portugal
Duration: 4 Jul 20195 Jul 2019

Publication series

NameEuropean Conference on Information Warfare and Security, ECCWS
ISSN (Print)2048-8602
ISSN (Electronic)2048-8610


Conference18th European Conference on Cyber Warfare and Security, ECCWS 2019


  • Activity theory
  • Information
  • Mobile
  • Money
  • Security
  • Uganda

ASJC Scopus subject areas

  • Information Systems
  • Information Systems and Management
  • Safety, Risk, Reliability and Quality


Dive into the research topics of 'Information security management scaffold for mobile money systems in uganda'. Together they form a unique fingerprint.

Cite this