Designing A Framework For Evaluating Information Security Policies For Banking Institutions

Abstract

This paper aims to design and apply a framework for evaluating the confidentiality and privacy policy in information security policies. It is a descriptive analytical study applied to a sample of banking institutions (Bank of Sudan, Omdurman National Bank, Bank of Khartoum). The research problem is represented by the lack of continuous evaluation and development of confidentiality and privacy requirements in the country's financial institutions. The researchers also wanted to test and evaluate policies related to confidentiality and privacy in information security and analyze some of the policies used in some banking institutions in order to identify their strengths and weaknesses with the aim of arriving at results and recommendations by the researchers that contribute to protecting and securing the information network and data for those dealing with the institutions at various levels. This proposed framework was designed in accordance with ISO standards, as it has the ability to address the basic confidentiality and privacy requirements for ensuring information security. The proposed framework was tested by designing a program to evaluate the confidentiality and privacy policies followed in these banking institutions. By analyzing the results of testing the proposed framework, it was found that the highest percentage of confidentiality and privacy requirements was at the Bank of Sudan, which was 71.2%.