INFORMATION SECURITY GAP ANALYSIS: AN APPLIED STUDY ON THE YEMENI BANKING SECTOR'S TECHNOLOGY AND INNOVATION PRACTICES

Abstract:

This study aims to analyze the level of compliance of Yemeni banks' information security management systems (ISMSs) with technology and innovation controls, identify strengths and weaknesses in their practices, and provide appropriate solutions and treatments to reduce the gap. To this end, drawing on the analysis of previous studies, the problem of the study was determined, its dimensions were explained, and the appropriate assessment framework and maturity model were selected. A questionnaire was used to collect information from 26 carefully selected experts to assess the maturity level of 13 local banks in the Yemeni capital, Sana'a. Through data analysis, it was found that the level of security maturity in the banking sector meets only the key requirements of technology and innovation security, moving away from the ideal maturity level by a gap of 1.1 out of five. In addition, detailed results on maturity levels, weaknesses, and average applied gaps in TI practices were obtained. By interpreting the findings, a classification and ranking of indicators that represent the most likely technological weaknesses for banks and the average level of security gaps that must be reduced by each of them were determined. Finally, the classification and ranking presentations and proposals enable banks to compare their security status with each other, and to build appropriate strategies to bridge the gap and improve their competitive position. Accordingly, the classification and ranking presentations made by this study will enable banks to compare their security situations and take appropriate actions, policies, and technical solutions to bridge the gap and improve their competitive position.