Category |
N |
Observed Prop. |
Test Prop. |
Exact Sig. (2-tailed) |
||
Are the users provided training on application system functioning |
Group 1 |
Acceptable |
19 |
1 |
0.50 |
p=0.000 |
Group 2 |
Not Acceptable |
0 |
0 |
|||
Total |
19 |
1.00 |
||||
Who provides the training |
Group 1 |
Acceptable |
16 |
0.84 |
0.50 |
p=0.04 |
Group 2 |
Not Acceptable |
3 |
0.16 |
|||
Total |
19 |
1.00 |
||||
Is adequate training in the technical details of the application system provided for necessary trouble shooting / help to users |
Group 1 |
Not Acceptable |
17 |
0.89 |
0.50 |
p=0.01 |
Group 2 |
Acceptable |
2 |
0.11 |
|||
Total |
19 |
1.00 |
Finally, from the above table it can been seen in all the 3 control parameters, observed proportion is more than 0.5 and the p value is less than 0.05 and hence the null hypothesis is rejected and hypothesis "The employees of the Urban Cooperative Banks are not aware of the concept of security control and need training" is proved
1.5.2 Hypothesis 2:- "The employees of the Urban Cooperative Banks are not aware of the concept of security controls and need training"
1.5.2.1 Statistical test :- sign binomial test
1.5.2.2 Variables and measurement:- The bank system administrators were asked to provide information on the following areas related to the above hypothesis. The responses were later converted into 2-point scale (1= "Acceptable" and 2= "Not acceptable") using "The recode into different variable" command of IBM SPSS 21.
Level of significance α = 0.05
Table 1-2 Hypothesis 1 statistical analysis
Category |
N |
Observed Prop. |
Test Prop. |
Exact Sig. (2-tailed) |
||
Have you gone through a Information system security training |
Group 1 |
Not Acceptable |
13 |
0.68 |
0.50 |
p=0.008 |
Group 2 |
Acceptable |
6 |
0.32 |
|||
Total |
19 |
1.00 |
||||
How do you remember your password |
Group 1 |
Not Acceptable |
14 |
0.74 |
0.50 |
p=0.000 |
Group 2 |
Acceptable |
5 |
0.26 |
|||
Total |
19 |
1.00 |
||||
Do you know Why do you need a more than 8 digit password with Alphanumeric character |
Group 1 |
Not Acceptable |
17 |
0.89 |
0.50 |
p=0.000 |
Group 2 |
Acceptable |
2 |
0.11 |
|||
Total |
19 |
1.00 |
||||
Have you read the security policy |
Group 1 |
Not Acceptable |
17 |
0.89 |
0.50 |
p=0.000 |
Group 2 |
Acceptable |
2 |
0.11 |
|||
Total |
19 |
1.00 |
||||
Are you aware of the steps to be carried in case of contingency due to non-availability of systems. |
Group 1 |
Not Acceptable |
14 |
0.74 |
0.50 |
p=0.000 |
Group 2 |
Acceptable |
5 |
0.26 |
|||
Total |
19 |
1.00 |
||||
Does the Employee wear identification badge |
Group 1 |
Not Acceptable |
16 |
0.84 |
0.50 |
p=0.000 |
Group 2 |
Acceptable |
3 |
0.16 |
|||
Total |
19 |
1.00 |
1.6 Findings
- In all the 19 banks under study in 100% banks users were provided training on application system functioning. Hence in all banks the users were provided training on application system functioning and the control was properly implemented and in tune with the best practices
- Out of the 19 respondents, in 84 % banks the training was provided by the vendor and 16% cases the training wad provided by experienced employees. Hence in majority of the banks the training was provided by the vendor and the control was properly implemented and in tune with the best practices
- Out of the 19 respondents, in 89 % banks employees said that adequate training was provided and 11% said they were not provided adequate training. Hence in majority of the banks adequate training in the technical details of the application system was provided for necessary trouble shooting / help to users and the control was properly implemented and in tune with the best practices
- Out of the 19 respondents 31.6% banks employees said that they have undergone information system security related training and 68.4% said No. Hence majority of the banks did not provide training on Information System security to its employees and the control was not properly implemented
- Out of the 19 respondents 26.3% banks employees memorize their password, 26.3% write it down in a secure place and 47.4% write it down close to the office table. Hence majority of the banks did not memorize their password and the control was not properly implemented
- Out of the 57 respondents 26.5% bank employees responded that they are aware of the steps to be carried in case of contingency due to non-availability of systems and 73.5% said they were somewhat aware of the steps. Hence majority of the employee not fully aware of the steps to be carried out in case of contingency due to non-availability of systems and the control is not properly implemented
Recommendations and Suggestions
- Identification badges establishes the identity of an employee of the organization. It also helps customers to identify the right person to reach out for their need. Hence it is very important to have identification badges. It is therefore strongly suggested that in cases where the employees are not provided the identification badges, the banks should provide the same at the earliest and ensure the employees wear them during office hours
Fig. 6-2 Notification for employees to wear ID Cards
- If your personnel do not know or understand how to maintain confidentiality of information, or how to secure it appropriately, you not only risk having one of your most valuable business assets (information) mishandled, inappropriately used, or obtained by unauthorized persons, but also risk being in noncompliance of a growing number of laws and regulations that require certain types of information security and privacy awareness and training activities. You also risk damaging another valuable asset, your bank's reputation. In view of the same it is important the employees of the bank are provided proper training on information system security. It is seen from the study that most of the banks have neglected this area. It is therefore strongly suggested that employees be provided training in information system security on a periodic basic so as to emphasize on the importance of it.
- It was observed that maximum employees were not aware of the steps to be carried in case of contingency due to non-availability of systems. Since availability of the information is utmost important in a banking scenario, the employees should be provided proper training on the steps they need to carry out in case of contingency due to non-availability of the system.
References:
1.http://web.archive.org/web/20070903115947/http://www.sei.cmu.edu/publications/documents/03.reports/03tr002/03tr002glossary.html
2. Kroenke, D M. (2008). Experiencing MIS. Prentice-Hall, Upper Saddle River, NJ
3. O'Brien, J A. (2003). Introduction to information systems: essentials for the e-business enterprise. McGraw- Hill, Boston, MA
4. Alter, S. The Work System Method: Connecting People, Processes, and IT for Business Results. Works System Press, CA
5. Gordon B Davis, Olson Margrethe (2007) Management Information System, Tata Mcgraw-Hill, India
6. Kenneth C. Laudon and Jane P. Laudon (1998) Management Information Systems Organization and Technlogy, Printice-Hall,India
7. http://www.britannica.com/EBchecked/topic/287895/information-system
8. COBIT® 5 for Information Security ISBN 978-1-60420-255-7 Printed in the United States of America
9. http://en.wikipedia.org/wiki/Information_security
10. Nina Godbole (2009). Information systems security, Wiley India Pvt ltd, India
11. Ron Weber (2003) Information Systems Control and Audit, Pearson Education, India
12. T.N. Haliya (1998) Principle Problem and Practice of Cooperative Banks
13. Report on Trend and Progress of Banking in India 2011-12- Reserve Bank of India
14. Nov 17,2003 :- Overivew Reserve Bank of India
15. Annual report of Pune District Urban Co-Operative Banks Association Ltd. Year 1999-2000
16. http://www.dnb.co.in/bfsisectorinindia/BankC6.asp
17. Kakoli Saha (July-September 1986) Computerization in Banks: Implications for Organizational Development- Vikalpa Journal Vol 11
18. http://www.banknetindia.com/banking/bsoftware.htm
19. Keynote address Dr. Rakesh Mohan, the then Deputy Governor, RBI at the Conference on e-Security organised jointly by IBA and MAIT on July 30, 2004 at Mumbai.
20. Apr 30, 2004 : Information System Audit - A review of Policies and Practices, Reserve Bank of India. 21. Website www.isaca.org
22. Webste www.rbi.org.in
23. Annual reports of the banks under study.