Abstract:
Information is becoming the lifeblood of the twenty-first century enterprises. Most of
the top management teams have already identified that information should be treated
as other assets. However, some are still not much aware about the value of corporate
information. Nevertheless, members of these two groups have still not found a
comfortable solution to protect information and make their lives easy. Technology is
developing rapidly, parallel to that information security solutions are also becoming
cutting-edge. However, unfortunately technology advancements are also with
accessible to the hands of hackers and other vulnerable people. So the top
management or information security managers cannot successfully complete their job
only by providing cutting edge solution in place. Information security is very crucial
nowadays. Information security alone is not a technical exercise anymore. It’s hybrid.
A better information security is only when proper management blends with cuttingedge
technology.
In the Sri Lanka’s context, most enterprises are moving towards securing their
corporate information assets. This study focuses on Information Security Challenges
in relation to Enterprise Security Policies in the financial sector.
The research will be carryout on registered private commercial banks which are listed
in Colombo Stock Market (Public Listed Companies) and having Fitch Rating above
‘A’.
8
Throughout this research, the selected business entities will be checked on whether
they have identified corporate information as an asset to secure, possible risks, threats
and vulnerabilities for information security, measures taken to minimize shortfalls and
vulnerabilities and explore the obstructions to improve information security. These
areas will be check by a framework developed based on ISO 27001:2005 standard for
Information Security Management System (ISMS)