Abstract:
This study assesses the cybersecurity efficacy of Internet banking applications in Tanzania.
This novel purpose was attained through assessing existing security controls, identifying the
existing security risks i, and proposing a security control model for Internet banking applications
in Tanzania’s domestic banks. The study adopted a cross sectional research design whereby
primary data to complement security assessment was collected via survey questionnaires from
25 staff selected from 5 domestic commercial banks which have internet banking application.
The collected data will be analysed by using STATA statistical package to establish variation
and the Nessus Pentest tool for security assessment while the Kali Linux tool will be used to
exploit the apps. On the other hand, the model will be developed using a smart PLS tool.
The study found that at the management level, the existing controls fall in governance and
management controls, human resources security controls and application system continuity
management while, at ICT routine operation, the security controls fall in operations of the
internet banking application, information asset, identity and access security management,
incidence management, application service for internet banking and physical and environmental
security controls. Also, it was found that internet banking application have low risk as the score
ranges between very good (90%-100%) and good (85% - 89%). Lastly, the developed mode
was found significant and appropriate regarding the scope of the study
The sudy recommends ICT security officer to perform vulnerability assessement as a routine
work becaue cybersecurity is changing everuday so the threats. Also, the banking management
should allow penetration testing from the externals to asses whether the identified vulnerability
have a significant effect to the internet banking application system. Lastly, it is advised for the
bank management to perform security awareness to all staff and the cutomers because most
of the vulnerability originates from the internal and external users
