An empirical assessment of information security best practices and information technology disaster recovery readiness in Ghanaian micro-finance sector

Fundamental to the smooth operation of any organisation in the financial sector is the need to have its information secured. This research sets out to critically assess information security best practices and information technology (IT) disaster recovery readiness in the Ghanaian micro-finance sector. The criteria used as the basis for assessment are the existence of documented policies, the existence of designated personnel, and the usage of internationally recognised benchmarks for information security best practices. The criteria used for IT disaster recovery readiness were the existence of documented IT disaster recovery plans, evidence of IT disaster recovery plan's implementation, and the existence and evidence of best practices of IT disaster recovery readiness. The research approach was a mixed-method where the data collection, data analysis, and interpretation of the evidence were purposefully done with triangulation. A summarised analysis of the data gathered indicates that a generally poor information security practice exists within the micro-finance industry in Ghana. IT disaster recovery readiness is however relatively better with regular backups being a prominent feature. In view of the foundational theory of protection motivation theory, it is suggested that future research delves into the reason for the observed phenomena.