TY - GEN
T1 - Information security management scaffold for mobile money systems in uganda
AU - Kanobe, Fredrick
AU - Alexander, Margaret Patricia
AU - Bwalya, Kelvin Joseph
N1 - Publisher Copyright:
© 2019, Curran Associates Inc. All rights reserved.
PY - 2019
Y1 - 2019
N2 - Mobile money systems are widely accepted in Uganda as an easy way to transfer money and to settle domestic financial matters. However, although these systems play a critical role in bridging the financial inclusion gap, several oversight issues need to be addressed. Previous mobile money systems security studies focussed on technical applications and solutions paying less attention to subjective Information security management. The current study sought to understand information security management for mobile money systems using Uganda as a case study in order to develop an information security management framework suitable for mobile money systems in Uganda. Specific objectives included a detailed study of existing information security policies, procedures and standards, investigating and determining their weaknesses, developing and recommending a suitable framework and validating that framework. The case study involved three mobile network operators. Activity Theory guided the study throughout. Management of information security in mobile money systems was easy to understand when investigated as activities and allowed contradictions surrounding mobile money systems to be highlighted. The data collection methods used were semi-structured interviews and an internal documents review. The findings of the study revealed that there were insufficient tools, rules, community and division of labour for information security awareness related to outsourcing, risk management, business continuity planning and incident management. Furthermore, there appeared to be inadequate compliance monitoring, management controls and top management support for mobile money information security activities. The study contributes to theoretical, methodological, body of knowledge in information security management, practice and new areas of future research in information systems security for mobile money systems. In conclusion, the rules, tools, community and division of labour employed by the subjects (MNOs) to attain the intended objects and outcomes of the identified activities were found to be wanting and this indicates that continuous review and updating is needed. Mobile money systems and the associated activities, like any other information systems, are dynamic and require continuous updates. The PDCA (Plan, Do, Check, Act) approach to mobile money information security management activities is recommended for addressing information security management concerns for mobile money systems in Uganda.
AB - Mobile money systems are widely accepted in Uganda as an easy way to transfer money and to settle domestic financial matters. However, although these systems play a critical role in bridging the financial inclusion gap, several oversight issues need to be addressed. Previous mobile money systems security studies focussed on technical applications and solutions paying less attention to subjective Information security management. The current study sought to understand information security management for mobile money systems using Uganda as a case study in order to develop an information security management framework suitable for mobile money systems in Uganda. Specific objectives included a detailed study of existing information security policies, procedures and standards, investigating and determining their weaknesses, developing and recommending a suitable framework and validating that framework. The case study involved three mobile network operators. Activity Theory guided the study throughout. Management of information security in mobile money systems was easy to understand when investigated as activities and allowed contradictions surrounding mobile money systems to be highlighted. The data collection methods used were semi-structured interviews and an internal documents review. The findings of the study revealed that there were insufficient tools, rules, community and division of labour for information security awareness related to outsourcing, risk management, business continuity planning and incident management. Furthermore, there appeared to be inadequate compliance monitoring, management controls and top management support for mobile money information security activities. The study contributes to theoretical, methodological, body of knowledge in information security management, practice and new areas of future research in information systems security for mobile money systems. In conclusion, the rules, tools, community and division of labour employed by the subjects (MNOs) to attain the intended objects and outcomes of the identified activities were found to be wanting and this indicates that continuous review and updating is needed. Mobile money systems and the associated activities, like any other information systems, are dynamic and require continuous updates. The PDCA (Plan, Do, Check, Act) approach to mobile money information security management activities is recommended for addressing information security management concerns for mobile money systems in Uganda.
KW - Activity theory
KW - Information
KW - Mobile
KW - Money
KW - Security
KW - Uganda
UR - http://www.scopus.com/inward/record.url?scp=85069994168&partnerID=8YFLogxK
M3 - Conference contribution
AN - SCOPUS:85069994168
T3 - European Conference on Information Warfare and Security, ECCWS
SP - 239
EP - 247
BT - Proceedings of the 18th European Conference on Cyber Warfare and Security, ECCWS 2019
A2 - Cruz, Tiago
A2 - Simoes, Paulo
PB - Curran Associates Inc.
T2 - 18th European Conference on Cyber Warfare and Security, ECCWS 2019
Y2 - 4 July 2019 through 5 July 2019
ER -