Login

AAU Institutional Repository

AAU-ETD Home
→
College of Natural Sciences
→
School of Information Science
→
Information Sciences
→
View Item

Search AAU-ETD
Cyber Security Practices and Challenges at Selected
Critical Infrastructures in Ethiopia: Towards Tailoring Cyber
Go

Security Framework Search AAU-ETD

Getaneh, Tewodros This Collection

URI:
http://etd.aau.edu.et/handle/123456789/19110
Date:
2018-06-02
Browse
All of AAU-ETD
Colleges & Collections
Abstract: By Issue Date
Cyber security is the activity of protecting information and information systems (networks, computers, data centers Authors
Titles
and applications) with appropriate procedural and technological security measures (Tonge, Kasture and Chaudhari,
Subjects
2013, p.1). Cyber security threats and breaches are increasing from year to year. A Cyber security breach has the This Collection
potential to disrupt the proper functioning of nation states. It affects the reputation of organization and erodes By Issue Date
Authors
customers trust. Cyber security breaches at critical infrastructures can affect the existence of a nation and can disrupt
Titles
the social, economic and political realm of governments. Critical infrastructures mean any infrastructure vulnerable to Subjects
information communication network security threats having considerable impact to the social, economic, or political
interest of the country.
The purpose of this study is to examine the practices and challenges of cyber security at
My Account
three selected critical infrastructures in Ethiopia. These critical infrastructures are Ethiopian Electric Power, Ethiopian
Login
Electric Utility, and Ethio Telecom. In this study attempts were made to tailor cyber security framework based on the
Register
challenges of cyber security, INSA’s Critical Mass Cyber Security Requirement Standard Version 1.0 and NIST
Framework to improve critical infrastructures cyber security version 1.1.
The study is based on International
Telecommunication Union’s /ITU/ Cyber Security Agenda three pillars Legal, technical and Capability Building. The
core processes of NIST framework, Identify, Detect, Prevent, Respond and Recover functions are used as technical
sub pillars.
This research used both qualitative and quantitative research approaches. Questionnaires and Interviews
are used as data collection instruments. The questionnaire is adopted and modified from International
Telecommunication Union’s Global Cyber Security Index of 2017 and MIT Technology Review Customs Research of
2016.
The study subjects are the total population of IT/ICT security or cyber security unit of the selected critical
infrastructures. The total of 75 questionnaires were distributed with a response rate of 84%. Interviews were
conducted to grasp the processes, challenges and to evaluate the tailored cyber security framework.
Descriptive
data analysis techniques are used in SPSS version 23 on the data collected using questionnaire. The survey
indicated that the top rated cyber security challenges are lack of in-house expertise (66.7%), inadequate enabling
technology and difficulty in locating the right security alert (with equal percentile of 61.9%), and evasion of existing
preventive security controls (60.3%).The survey also indicated that attack via Email (74.4%), attacks via mobile
computing (68.3%), and attacks via social media (63.5%) are on growing trend of cyber security.
Moreover this
research indicated that the selected critical infrastructures are inadequately prepared to detect, prevent, and respond
to cyber threats and breaches. It is not only the technical issues that show a grim picture but the executives or the top
branch management are not adequately prepared to prevent and respond to cyber threats and breaches.
Based on
the findings, attempts were made to propose a tailored cyber security framework based on INSA’s Critical Mass
Cyber Security Requirement Standard Version 1.0 and NIST’s Framework for improving critical infrastructures cyber
security version 1.1.
Furthermore, in order to tailor the cyber security framework, this research conducted extensive
literature review on cyber security framework development. Additionally attempts were made to follow design science
guidelines in the process of tailoring the cyber security framework. The tailored cyber security framework is further
evaluated for its coverage, suitability, comprehensiveness, clarity, completeness and applicability by using
questionnaire and interview.
Finally conclusions and recommendations were made based on the findings and
analysis.

Show full item record

Files in this item

Name: Tewodros Getaneh ... View/Open

Size: 1.698Mb
Format: PDF

This item appears in the following Collection(s)

Information Sciences

Related items
Showing items related by title, author, creator and subject.

Securing the Transmission of Group Addressed Data Frames by Enhancing the IEEE 802.11i
Security Protocol

Abreha, Meareg
(Addis Ababa University, 2016-11)
Security in Wireless LAN technology is evolving from time to time. This progress can be easily visualized by
recounting the success stories achieved through the years since the modification of its first security protocol, ...

Regional Peace and Security Architecture: Challenges of Compatibility between Africa Union
Peace and Security Council & Regional Economic Communities

Melese, Selam
(Addis Ababa University, 2016-06)
One of the fundamental changes that have come about with the transformation of the
Organization of African Unity
into the African Union is the establishment of a comprehensive
peace and security regime. The African Peace ...

Food Security and Poverty Monitoring: The Case of World Vision's Food Security Program and
Rural Poverty Monitoring in Badawacho Woreda

Zerfu, Sisay
(Addis Ababa University, 1998-06)
The government Jood security strategy was launched in 1996 in Eth iopia. However, poverty
reduction and Jood self-
sufficiency have been dealt with through the country's development
program since 1989. NGO's have been ...

Addis Ababa Uiversity Libraries copyright © 2018   

 
Contact Us | Send Feedback