Abstract:

Information Security Governance addresses security issues in the business practices especially for banks and financial institutions. As banks increasingly rely on information technology and the
Internet to operate their businesses and market interactions, technology risks will potentially increases, both for the individual banks and the financial industry at large. This paper presents a research project that has recently been initiated in other to establish the framework for Information security governance (ISG) in banking sector. The aim of this paper is to propose the initial design of ISG framework for banking sector based on existing primary sources and literature reviews. The paper further examines several information security governance practices and standards to identify its elements. Their strength and weakness are considered in its approaches. As a result, the initial design of ISG framework is categorized in to three levels which are Governance and Strategic Level, Tactical, Managerial, and Operational Level, and Technical Level. This proposed ISG framework will be implemented in real banking environment for further study.