Information security challenges in relation to Enterprise security policies in the financial sector In Sri Lanka

Abstract

Information is becoming the lifeblood of the twenty-first century enterprises. Most of the top management teams have already identified that information should be treated as other assets. However, some are still not much aware about the value of corporate information. Nevertheless, members of these two groups have still not found a comfortable solution to protect information and make their lives easy. Technology is developing rapidly, parallel to that information security solutions are also becoming cutting-edge. However, unfortunately technology advancements are also with accessible to the hands of hackers and other vulnerable people. So the top management or information security managers cannot successfully complete their job only by providing cutting edge solution in place. Information security is very crucial nowadays. Information security alone is not a technical exercise anymore. It’s hybrid. A better information security is only when proper management blends with cuttingedge technology. In the Sri Lanka’s context, most enterprises are moving towards securing their corporate information assets. This study focuses on Information Security Challenges in relation to Enterprise Security Policies in the financial sector. The research will be carryout on registered private commercial banks which are listed in Colombo Stock Market (Public Listed Companies) and having Fitch Rating above ‘A’. 8 Throughout this research, the selected business entities will be checked on whether they have identified corporate information as an asset to secure, possible risks, threats and vulnerabilities for information security, measures taken to minimize shortfalls and vulnerabilities and explore the obstructions to improve information security. These areas will be check by a framework developed based on ISO 27001:2005 standard for Information Security Management System (ISMS)