A WEB-BASED MODEL TO DETERMINE SECURITY RISK EXPOSURE INDEX AMONG SAVINGS AND CREDIT COOPERATIVE SOCIETIES

Abstract

Savings and Credit Cooperative Societies (SACCOs), like other financial institutions, own critical assets that must be protected against attackers even as the threat landscape continue to persist. This study provides a solution to SACCOs by determining security risk exposure index (SREI) based on ISO/ 27001 standards. The objectives of the study were to determine the critical security risks factors affecting Selected SACCOs based on ISO 27001 standards, to design a model for computing their security risk exposure index, to implement a prototype as a web based application for computing security risk exposure index, and to verify and validate the model. The study targeted 55 respondents from 11 deposit-taking SACCOs licensed by Sacco Societies Regulatory Authority (SASRA) to operate within Nakuru County. The response rate of 90.9% was registered and was considered sufficient for the study. The design model was based on six of ISO 27001’s eleven cardinal security control factors that were considered most critical to the security of the SACCOs using reduction analysis of the responses. Relevant Weights for computing SREI were derived and a mathematical model was designed. The model was implemented as a web-based prototype through design science paradigm using PHP as server-side language, CSS3 and JQuery for frontend styling and response, and MYSQL as a database engine. The designed model is significant in the sense that it provides the SACCO management and regulating authorities with useful information about security levels of their organizations when compared with best practices. The model provided appropriate actions necessary to maintain risk exposure to minimum levels.