INTRODUCTION

Since the beginning of modern network technol­ogy, especially the Internet, financial institutions have renovated their communication and business

infrastructure in order to take benefit of advances in technology.

DOI: 10.4018/978-1-4666-6268-1.ch014

.

expansion of digital attacks has made stakeholders lose confidence on e-banking operations (Gikandi and Bloor, 2010).

The evolution of e-banking has moved banking services from back-end applications to customer­centric network ends. Particularly, the open net­worked environment provides instant global access to information products and services so now the consumer can access the bank to conduct financial services instantly. Common e-banking services include but are not limited to financial information news, ATM (Automated Teller Machine) locators, insurance, credit cards, cash management, funds transfer, investment services and others (Baten and Kamil, 2010).

With society’s dependence on technology the risks as well as the failures to assure information has increased in a high rate. Particularly, the total amount of security breach and computer viruses cost globally $1.6 trillion a year and 39,363 human years of productivity for financial institutions (Symantec, 2010). Another incident in 2007 accused three cyber thieves for stealing $450.000 from the City National Bank in North Carolina (Vijayan, 2010) when recently in New Jersey, an attempt to steal information from more than 500.000 bank accounts got a bank employee arrested (MSNBC, 2010).

Banks ability to take advantage of the pro­liferation of technology often depends on open, accessible, available, and secure network services. Financial institutions depend on human notions such as customer trust, confidence, and satisfaction that appear to be the key indicators correlated to the growth of a business.

Particularly, we stress the importance for a financial institution to have a much more sophis­ticated and structured approach to ITSG as part of a wider Risk Management approach. In this regard, we focus on strengthening the relation­ship between Risk Management methods and ISG frameworks to approach the objectives of Security Governance in e-banking. Therefore, our main research objectives are to:

1. Empirically examine congruent terminol­ogy, role and implementation of ITSG in e-banking.

2. Research on e-banking risks with emphasis on outsourcing risk because it causes and affects other e-banking risks.

3. Focus on an overview of reputed approaches to ISG to meet the specific needs of e-banking systems.

4. Propose an ITSG framework for e-banking helping small banks achieve higher business value.

Just as new trends in information security (IS) require consistent measurement of metrics, we also consider how ITSG performance in e-banking can be measured. We summarize the chapter by sup­porting the argument that “Security is a manage­ment problem, not a technical problem” (Brotby, 2009, pp.15) especially in e-banking due to the interaction nature. This chapter is organized into ten sections. This section introduces the reader with the evolution of e-banking and main research concerns. Section two portrays the literature review of ITSG and e-banking in general and emphasizes on congruent terminology.

Research Contribution: We focus on the rising demand of electronic banking to highlight how a sound Information Technology Security Gover­nance program can actually add business value and mitigate IT-related risks. In this respect, we a) analyze and compare approaches not only to standard ISG objectives but also to other related IS criteria as means to discover which one best fits the e-banking environment and b) propose an ITSG framework as a continuous process for assuring ISG objectives. Results show that each approach/method has its own benefits and short­comings. Moreover, following recent trends in measuring security we exemplify how to measure ITSG performance in e-banking in a consistent and automated manner with the aid of Security Content Automation Protocol.