A Scoring System for Information Security Governance Framework Using Deep Learning Algorithms: A Case Study on the Banking Sector
Cybercrime reports showed an increase in the number of attacks targeting financial institutions. Indeed, banks were the target of 30% of the total number of cyber-attacks. One of the recommended methods for driving the security challenges is to implement an Information Security Governance Framework (ISGF), a comprehensive practice that starts from the top management and ends with the smallest function in a bank. Although such initiatives are effective, they typically take years to achieve and require loads of resources, especially for larger banks or if there are multiple ISGFs available for the bank to choose. These implementation challenges showed the necessity of having a method for evaluating the adequacy of an ISGF for a bank. The research performed during the preparation of this article did not reveal any available structured evaluation method for an ISGF before its implementation. This chapter introduces a novel method for scoring an ISGF to assess its adequacy for a bank without implementing it. The suggested approach is based on ISGF decomposition and transformation into a survey that will be answered by security experts. The survey results were loaded into a Deep Learning Algorithm that produced a scoring model that could predict the adequacy of an ISGF for a bank with an accuracy of 75%.