Risk Management of Financial Information Systems Using Bayesian Networks

Abstract

Managing financial information system threats is achieved through a process of risk management that enables an organization to have relatively safe and stable operating conditions. There however, exists a gap in the risk management programs of financial information system in regards to the use of all available information sources including from professionals, prior knowledge, and the use of multiple disparate frameworks. This research seeks to bridge that gap by managing financial information systems risk throughout the entire systems development life cycle, and incorporating Bayesian Networks in Financial Information System Risk Management. To achieve this the following specific objectives were formulated: (1) To assess the current state of financial information system risk management by financial institutions, (2) to analyse financial information system risks and management programs used by financial institutions (3) to analyse the application of Bayesian networks in risk management in financial information systems and (4) to propose and evaluate a generic approach that can be deployed to manage risks using Bayesian networks throughout the system development life cycle. The researcher presents detailed analysis in the domain of system development, risk management and their relationships. Purposive sampling is used to select 40 respondents from the population of major approved financial institutions in Nairobi County. The findings show that the current financial information risk management programs are not mature and are facing some challenges posed by the dynamic technological environment. Here the limitations and desired improvements to the current approach are brought out. The proposed framework which presents immense potential to address the current challenges faced by financial information system risk management programs is discussed in detail. Its success is however subject to elaborate planning and careful implementation Summary and conclusions are used to recoup the main areas of the research after which the researcher presents the recommendations.