An exploratory analysis of insider attacks on financial information systems in Sri Lanka: a case study based on a database

Abstract

Abstract Despite the fact that security implementations are already placed in financial systems, there are numerous occasions around the world where financial systems were compromised by inside attackers all over the world. So there is a growing need to find ways and means to discover the potential threats to information security within banks. The research approach will be based on the discovery of potential information security issues and vulnerabilities existing in the system by analyzing patterns in data present in the back end system, procedures and relationships between data entities that may lead to insider threats and vulnerabilities with respect to a database. The aim of the research is to identify information security issues prevailing in information systems of a Sri Lankan bank as a case study, then identify the root causes behind their existence and to provide proper guidelines and solutions which will assist in making information systems in banks more secure in a similar context.