GBSN and the SWIFT Institute are pleased to announce this year’s recipient of the Case Writing Small Grant is a team from the Chandaria School of Business, USIU.
Financial institutions in emerging markets can be at a particular disadvantage due to a lack of adequate resources to develop and maintain robust cybersecurity protocols. These kinds of security challenges often have a chain reactionÐÐwhen one bank experiences a security breach the impact can be global, affecting banks across borders. In 2018, losses from cyberattacks were predicted to top $1.6 trillion and could reach as high as $6 trillion by 2021.
The threat of cybersecurity raises several questions for financial institutions and how they interact with each other, in particular for those based in emerging economies. Hence we need to examine ways in which these financial institutions minimize this risk, and provide a way to share best practices that these institutions use to mitigate the aforementioned risks.
As organizations continue to grapple with cybersecurity risk challenges in today’s interconnected and rapidly changing world. Where can they find a trusted voice to articulate these challenges and an innovative platform from which solutions can be found?
The development of the three case studies will leverage relationships within the industry to address the cybersecurity risk challenges in the region. The case studies will provide deeper insights into the African cyber risk management practices, specifically in the financial services sector.
Case 1: Comparative Cyber Security Risk Minimization Best PracticesÐ African Experiences
Case 2: Cyber Security Risks and National Policy Implications Ð East African Experiences
Case 3: Options for Kenyan Banks Cyber Security Risk Management Ð Kenyan Experience
Both primary and secondary data will be collected for both quantitative and qualitative analysis including descriptive analysis, trend analysis, and correlation analysis. Key activities will include, a) review of pertinent literature inclusive of models and theories; b) development of information collection instruments/interview questions; c) collection of information from respondents and documents; d) analysis of information inclusive of conclusions and recommendations; e) writing of the draft report shared with respondents for reviews and feedback; f) request for use of copyrighted materials; and g) submission of the report. The report generated will be suitable for multi-audiences including practitioners, policymakers and academicians/researchers.
These case studies will be published by mid-September 2020. The research cases will be distributed by the SWIFT Institute, while the teaching case will be available for instructional purposes.
GBSN and the SWIFT Institute are Proud to Announce this Year’s Recipients of the Case Writing Small Grant:
William Makatiani
Mr. William Makatiani is the CEO of Serianu Limited and Chair of the Kenya Honeynet Project Chapter. He has over 15 years of experience as an ICT professional Ð focusing on cybersecurity, Forensic Investigations, Governance and Policy, Analytics, Risk and Compliance. He has led numerous engagements across the worldÐ including Kenya, Uganda, Tanzania, Nigeria, Mauritius, United States, Israel, Ireland, Singapore, China, Egypt, and India. Prior to founding Serianu, Mr. Makatiani worked for the Federal Reserve Bank of Boston, EMC Dell and Deloitte. He has spearheaded and published numerous research work in over 10 African countries including Cyber Risk Visibility and Quantification Framework for African SMEs, Africa Cybersecurity Reports and other newspaper articles.
Judy Aluoch Ouma
Judy Ouma is a full-time Economics and Finance university lecturer at the Technical University of Kenya and adjunct at United States International University – Africa (USIU-A). Her teaching areas include Financial Economics, Monetary Economics, International Economics and Health Economics to both undergraduate and graduate students. She is also a content developer for online training for the University of Nairobi in Health Economics. Prior to joining the university, she worked as a Research Scientist for the government at the Kenya Industrial Research and Development Institute under the Ministry of Trade and Industrialization for 7 years. She participated in industrial research-related matters, sourced and implemented several grants, both local and international for the industrial sector. She also participated in several inter-ministerial and intergovernmental meetings for trade and industry in bilateral negotiations and general policymaking.
Paula Mwikali Wasua Musuva
Dr. Paula Mwikali is a full-time faculty member at the United States International University – Africa (USIU-A) and has been for the last 8 years. She is a specialist in the areas of Information Security, Cybercrime, Information Systems Audit and Digital Forensics. She holds a PhD in Information Systems from the University of Nairobi, School of Computing and Informatics; an MSc in Network Systems (Distinction) from the University of Sunderland in the United Kingdom; and a BSc in Computer Science from Jomo Kenyatta University of Agriculture and Technology (JKUAT). Dr. Paula Mwikali is a Certified Information Systems Auditor (CISA), Certified Ethical Hacker (CEH), Cisco Certified Security Professional (CCSP rtd.) and an IBM Certified Specialist (Artificial Intelligence, Big Data, Blockchain, Security Intelligence, and Application Security). She is an author and contributor to the annual Serianu Cybersecurity Reports and leads the Cybersecurity research stream at the Center of Informatics Research and Innovation (CIRI) at USIU-A. She is a founding member of the Kenya Chapter of the Honeynet Project, a global network of white hat Cybersecurity professionals. She currently sits on the board of the ISACA Kenya Chapter and serves as the Academic Relations Director. Prior to joining USIU-A as a faculty member, she had 7 years of work experience in industry. She worked at Deloitte East Africa as a Senior Consultant in Technology Integration. She also worked in Seven Seas Technologies as a Network and Security Engineer and later as a Service Delivery Manager, delivering on projects in Kenya, Uganda, Rwanda, Ethiopia and working with teams in South Africa. While studying in the UK she also gained experience in ITIL Service Management while working as an intern on an implementation project.
Francis Wambalaba
Francis Wambalaba is a Professor of Economics and previously the Associate Deputy Vice-Chancellor of Research at the United States International University Ð Africa (USIU-A). He has a multidisciplinary background in Economics, Urban Planning and Business Administration. Prof. Wambalaba is a certified planner with the American Institute of Certified Planners and has 35 years of teaching both in Kenya and the USA. He was a Senior Research Associate with the Center for Urban Transportation Research at the University of South Florida, an assistant professor at Portland State University in Oregon, and a Senior Transportation Planner with the Tri-County Metropolitan District of Oregon in the United States. He teaches Business Research Methods, Managerial Economics, International Economics, Economic Development and Transportation Economics. Prof. Wambalaba has written and published multiple case studies, one of which won the Emerald Case study completion. He was trained by Ivey University in case writing and teaching. He is an active researcher with over 30 grant funded projects in Kenya and the USA, mostly in Action Research, including the development of an Agribusiness Living Lab program at USIU-A.
Brencil Kaimba
Brencil is a senior cybersecurity consultant at Serianu Ltd. She has 5 years of work experience in the Security Operations Centre Governance, Research and Development, Cybersecurity Training and ICT Strategy. She works to assess various companies in the Banking, Insurance and Manufacturing sectors, identifying, quantifying and monitoring the risks (Cyber, operational, financial, regulatory) impacting their firm’s operations. She is the Editor-in-chief of the Africa Cybersecurity Report, a publication that spans over 10 African countries. Her research work also includes contribution to the Cyber Visibility and Exposure Quantification (CVEQTM) Framework. She holds numerous security certifications including CEH, ISO 27001 Lead Auditor, ISO 27032, LPT, CISA and Six Sigma. Brencil is the 2017 winner of ISC2 ISLA Upcoming Cybersecurity Professional (Europe, Middle East and Africa).
Nicos Koussis
Dr. Nicos Koussis is an Assistant Professor of Finance at Frederick University and currently the Head of the Business Department. He holds a PhD in Finance from the University of Cyprus. Dr. Koussis has been awarded a first prize grant from the Cyprus Research Promotion Foundation for his PhD research, presented in numerous international conferences and has publications in high ranked refereed journals such as the Journal of Banking and Finance, European Journal of Finance, Journal of Financial and Quantitative Analysis, Journal of Empirical Finance and Annals of Operations Research. He also frequently acts as a referee to a number of high ranked journals. Dr. Koussis has been a visiting research fellow at the Massachusetts Institute of Technology and has been a visiting instructor (reader) at the University of California, Berkeley at the Masters in Business Administration (MBA) and Masters in Financial Engineering programs. He has also previously lectured at the University of Cyprus and is currently teaching Finance courses at the undergraduate and graduate levels at Frederick University. Dr. Koussis’ area of expertise is real options with applications in Corporate Finance, Banking and Risk Management.
Case 1: Comparative Cyber Security Risk Minimization Best PracticesÐ African Experiences
This research case would use gap analysis to determine the best cybersecurity risk minimization practices in the African context, especially in the banking industry. First, the study will identify key cybersecurity risks in general, and in the banking industry in particular from around the world and compare against the African experience to identify and describe the gaps. The research will then fill the gaps with both preventive and mitigating measures as necessary. Similarly, the study will also identify key cybersecurity risk minimization practices in general, but mainly in the banking industry from around the world and compare against the African experience to identify and describe the gaps. The research will fill the gaps with either adaptive or enhancement measures accordingly. Finally, a combination of SWOT analysis and a security metrics based cybersecurity model for cybersecurity risk analysis will be used to assess and identify strategies for risk minimization. Based on the analysis, a case will be made on emerging areas of concern for African financial institutions with respect to cybersecurity measures.
Case 2: Cyber Security Risks and National Policy Implications Ð East African Experiences
This research case will use the cultural lag theory to assess the respective lags between policy development and technological advances in the East African context, especially in the banking industry. While it is well expected that the material culture (technology) tends to gallop way ahead of the nonmaterial culture (policies), it is important for policymakers to appreciate this phenomenon for purposes of pre-emptive prevention, mitigation, or adaptation. Other pertinent concepts to be applied in the analysis would include the concept of Òdisruptive innovationÓ and that of Òprogress trapÓ. The research will first review past trends, current practices and, informed by both advanced practices and anticipated future practices elsewhere, project future regional developments. Based on these findings, the research will investigate potential pre-emptive strategies, mitigation strategies and adaptive strategies for policy purposes and local regional banks’ practices.
Case 3: Options for Kenyan Banks Cyber Security Risk Management Ð Kenyan Experience
This teaching case study will be designed around the decision options of technology-driven solutions, legislative driven solutions or public and industry awareness driven solutions. Borrowing from Wambalaba (2012) MPESA case study, in which Kenya took the technologically driven process compared to Nigeria and South Africa that took a legislative process, the case study will assess both SWOT, P-PESTEL and other related analysis approaches to help the reader determine alternative outcomes and appropriate respective responses. The study will use the Kenya Bankers Association’s CEO as the protagonist, along with other pertinent stakeholders (practitioners and policymakers). The case will be useful for training and teaching.