Abstract
Mobile money systems are widely accepted in Uganda as an easy way to transfer money and to settle domestic financial matters. However, although these systems play a critical role in bridging the financial inclusion gap, several oversight issues need to be addressed. Previous mobile money systems security studies focussed on technical applications and solutions paying less attention to subjective Information security management. The current study sought to understand information security management for mobile money systems using Uganda as a case study in order to develop an information security management framework suitable for mobile money systems in Uganda. Specific objectives included a detailed study of existing information security policies, procedures and standards, investigating and determining their weaknesses, developing and recommending a suitable framework and validating that framework. The case study involved three mobile network operators. Activity Theory guided the study throughout. Management of information security in mobile money systems was easy to understand when investigated as activities and allowed contradictions surrounding mobile money systems to be highlighted. The data collection methods used were semi-structured interviews and an internal documents review. The findings of the study revealed that there were insufficient tools, rules, community and division of labour for information security awareness related to outsourcing, risk management, business continuity planning and incident management. Furthermore, there appeared to be inadequate compliance monitoring, management controls and top management support for mobile money information security activities. The study contributes to theoretical, methodological, body of knowledge in information security management, practice and new areas of future research in information systems security for mobile money systems. In conclusion, the rules, tools, community and division of labour employed by the subjects (MNOs) to attain the intended objects and outcomes of the identified activities were found to be wanting and this indicates that continuous review and updating is needed. Mobile money systems and the associated activities, like any other information systems, are dynamic and require continuous updates. The PDCA (Plan, Do, Check, Act) approach to mobile money information security management activities is recommended for addressing information security management concerns for mobile money systems in Uganda.
| Original language | English |
|---|---|
| Title of host publication | Proceedings of the 18th European Conference on Cyber Warfare and Security, ECCWS 2019 |
| Editors | Tiago Cruz, Paulo Simoes |
| Publisher | Curran Associates Inc. |
| Pages | 239-247 |
| Number of pages | 9 |
| ISBN (Electronic) | 9781912764280 |
| Publication status | Published - 2019 |
| Event | 18th European Conference on Cyber Warfare and Security, ECCWS 2019 - Coimbra, Portugal Duration: 4 Jul 2019 → 5 Jul 2019 |
Publication series
| Name | European Conference on Information Warfare and Security, ECCWS |
|---|---|
| Volume | 2019-July |
| ISSN (Print) | 2048-8602 |
| ISSN (Electronic) | 2048-8610 |
Conference
| Conference | 18th European Conference on Cyber Warfare and Security, ECCWS 2019 |
|---|---|
| Country/Territory | Portugal |
| City | Coimbra |
| Period | 4/07/19 → 5/07/19 |
UN SDGs
This output contributes to the following UN Sustainable Development Goals (SDGs)
-
SDG 1 No Poverty -
SDG 8 Decent Work and Economic Growth
Keywords
- Activity theory
- Information
- Mobile
- Money
- Security
- Uganda
ASJC Scopus subject areas
- Information Systems
- Information Systems and Management
- Safety, Risk, Reliability and Quality
Fingerprint
Dive into the research topics of 'Information security management scaffold for mobile money systems in uganda'. Together they form a unique fingerprint.Cite this
- APA
- Author
- BIBTEX
- Harvard
- Standard
- RIS
- Vancouver