TITLE:
Third-Party Information Security: Generic Qualitative Inquiry in Banking and Financial Services
AUTHORS:
Genemar Arthur Lazo
KEYWORDS:
Banking, Financial Services, Information Security, Access Controls, Data Protection, APIs, Application Program Interfaces, Web Application Security, Third-Party, Supplier, Vendor, Security Assessments
JOURNAL NAME:
Journal of Financial Risk Management,
Vol.13 No.3,
September
27,
2024
ABSTRACT: Problem: Although IT security frameworks and solutions are available, banking and financial organizations encounter challenges in accepting security technology to secure the organization and its third-parties. Purpose: The purpose of the study is to explore implementation strategies for banking and financial IT third-party security solutions to determine impediments to full acceptance of available security tools related to access control and data protection. Method: The technique selected for this project is qualitative inquiry. Population: The project question was explored via interviews. The researcher used purposeful and convenience sampling methods to identify participants who work within the banking and financial services industry in the United States. Results: The researcher conducted a thematic analysis using the UTAUT framework applied to access controls, and data protection was completed during the review. The themes identified included the key factors for increasing the acceptance of security solutions for banking and financial services organizations and related third-parties for access controls and data protection: assessments, executive sponsorship, oversight of the implementation, requirements management, sufficient planning, and testing of technical solutions. Implications/Practical Uses: This project’s recommendations include assessments for third-parties, training, and scoping requirements. The researcher may propose increased communication, assessment methodologies, and tools for protecting data, services, and third-parties.