Factors Hindering Full-Fledged Information Security Twenty-fifth Americas Conference on Information Systems, Cancun, 2019 1 Factors Hindering Full-Fledged Information Security in Banking Sector in Ethiopia: Emphasis on Information Security Culture Completed Research Paper Abiy Woretaw Information Network Security Agency, Ethiopia abiyworetaw@yahoo.com Lemma Lessa Addis Ababa university, Ethiopia lemma.lessa@gmail.com Solomon Negash Kennesaw State University, USA snegash@kennesaw.edu Abstract Information security is one of the most vital and demanding issues facing today's financial institutions such as banks. With widespread use of information technology and ever increasing connectedness to the global environment, financial institutions are increasingly exposed to wide-ranging threats. This research is aimed at assessing the existing information security culture in banks in Ethiopia with the intention to identify possible gaps that need management intervention. To that end, survey research method is employed that mainly uses quantitative data based on primary data collected from the headquarters of eleven banks in the capital Addis Ababa, Ethiopia. The study revealed that the level of information security culture in the banking sector in Ethiopia is unsatisfactory. Keywords Information security, information security culture, assessment, security risks, security threats Introduction The banking sector in Ethiopia is one of rapidly growing sectors of the country’s economy. Many private banks are established in the past few years. The distribution and diversity of services is widening. Banking business competition has stirred the advancement of services enabled by information technology. More banks in Ethiopia are implementing Core banking solutions in order to provide banking services from any of their branch offices. Though this technological advancement has facilitated business processes, much attention should be drawn to thwart illegal financial gain efforts of cyber criminals. The security of the banking information systems and critical financial data should be ensured. The banking sector is more sensitive to the issue of security as money is at stake and is lucrative target for malicious attackers. The technical aspect of information security has been given more attention so far, but a more serious yet under-rated aspect of information security is the human aspect. In line with this, Mitnick et al (2002) pointed that technical methods of protecting information may be effective in their respective ways; however, many losses are not caused by faulty technology but rather by users of technology and faulty human behavior. Hence, people not only can be part of the problem, but also they can and should be part of the solution. People must be integral part of any organization's information security defense system (Mitnick et al, 2002; Tanrıverdi & Metin, 2017). In support of this argument, Martins and Eloff (2006) underline that the behavior of employees and their interaction with computer systems have significant impact on the security of information.