Information and communication technology security governance in Zambian banks

Abstract

This research seeks to broaden and strengthen the holistic understanding of ICT and Security governance effectiveness by specifically examining how ICT and Security governance practices provide a structure for banks to ensure that IT investments support business objectives. ICT and Security governance is one of these concepts that suddenly emerged and became an important issue in the information technology area. To address this objective, we investigate the operations of the banks, analyze IT governance practices and design an ICT and Security governance model and Information Security Strategy model that aligns Information Technology and Information Security with the corporate governance of the banks. Corporate Governance is the type of governance system that covers the organization's operations holistically. Corporate governances are cascaded to ICT and Security governance that covers and aligns IT strategy to the corporate business objectives. Therefore, Control Objectives for business-related technologies (COBIT) is one of the frameworks that is used for the implementation of ICT and Security governance in organizations. ICT and Security governance has been implemented by several organizations globally with the view of aligning IT to business requirements so that the shareholders may realize benefits from the investments. Locally, the Bank of Zambia has directed all the banks to implement good corporate governance. The republic of Zambia has also directed and mandated all the parastatal companies to formalize the implementation of the COBIT framework. In 2015, the auditor general indicated that all parastatal ICT audits were based on COBIT framework. The results showed that banks were not compliant with the COBIT process (EDM,AP0 and MEA) and only 3 banks had an IT representatives in the Executive Management. The study also showed that levels of ICT governance were practiced in the banks. However, the banks should conduct a gap analysis and formalize the implementation of COBIT as an ICT governance framework . The banks should further align operation processes with COBIT framework and also elevate Information Technology and Information Security to have a representation on Executive Management. Keywords: Bank, Governance, Strategy, Objectives and Procedures