The proposal outlines the development of a Cybersecurity Auditing Framework (CSAF) specifically for Ethiopian ministry offices to address growing cybersecurity threats and inadequate protections. It highlights the current state of cybersecurity in Ethiopia, including the lack of standardized legal frameworks and the increasing reliance on digital platforms, creating urgency for an effective auditing approach. The study aims to evaluate existing practices, identify challenges, and propose a structured framework to enhance cybersecurity measures within these organizations.

1. Name:- Ahmed Hassen
September , 2024
CPU College, Ethiopia
1
Proposal Title:-Cybersecurity Auditing Framework
(CSAF) for organization in Ethiopian

2. Outline
Introduction
• Background of the study
• Statement of the Problem
• Research Questions
• Objectives of the study
• Significance of the Study
• Literature Review
• Overview of Cyber Security
• Global Cyber Security
• Ethiopia’s Cybersecurity Landscape
• Methodology of the study
• Research Design
• Research Approach
• Population and Sampling Design
• Data Sources and Method of Collection
• Method of Data Analysis

3. Background of the study
The proposal will provide an in-depth overview of the
current state of cybersecurity globally and with in Ethiopia.
It will outline the importance of cybersecurity for ministry
office stability and integrity, emphasizing the need for a
structured approach to cybersecurity auditing
The introduction will also highlight the unique challenges
faced by Ethiopian due to limited resources and expertise,
setting the stage for the development of a tailored
CyberSecurity Auditing Framework

4. Background contd…
Cybersecurity is, basically, the process of ensuring the
safety of cyberspace from known and unknown threats
The International Telecommunication Union states that
cybersecurity is the collective application of strategies,
security measures, plans, threats administration tactics,
engagements, training, paramount practices, and assurance
and expertise that can be used to guard the cyber system,
organization and related assets
Cyber security is important because government, military,
corporate, financial, and health organizations collect,
process, and store unprecedented amounts of data on
computers and other devices

5. Statement of the Problem
Cybersecurity is one of the biggest concerns that Government
Organization have today.
They get more digitized, and they undergo higher risks to be hacked.
 Large databases with information about internal operations,
customer data and all the sensitive facts may be lost if they do
nothing to protect this all
The consequences of a security breach may be not only the loss of
reputation but also negative implications for private and corporate
customers according to research in wall street journal.
 Ethiopia lacks a standardized legal cybersecurity framework at the
national level. Only 11.6 % of government institutions have legal
frameworks in place, while the majority (87.4 %) operate without
recognized guidelines to prevent cyber attacks

6. Statement of the Problem ..contd
• Ministry offices is increasingly reliant on digital platforms and
internet-based operations, which exposes it to a myriad of
cybersecurity threats.
• Despite this growing reliance, many Ethiopian organizations lack
robust cybersecurity measures and face significant challenges in
implementing effective security practices
• The lack of awareness and training contributes to weak security
cultures within organizations, increasing the likelihood of
human errors that can lead to security breaches.
• These problems collectively highlight the urgent need for a
Cybersecurity Auditing Framework that is specifically designed
for Ministry offices

7. Statement of the Problem
..contd
• The proposed CSAF aims to address these issues by
providing a structured approach to cybersecurity
auditing, enhancing the ability of Ministry to
protect their information systems, mitigate cyber
threats, and comply with relevant standards and
regulations.
• This framework will be developed considering the
unique challenges and resource constraints of
Ministry offices , making it practical and
implementable in the Ethiopian context

8. Research questions
• The study intended to address the following research
questions:
• What are the existing practices and processes of cyber
security auditing and the methods, techniques, standards
and tools used in Ministry
• What are the major challenges that the Ministry are
facing on cyber security management.
• What framework can support Ethiopian organization
sector to perform effective cybersecurity auditing and
ensure that cyber resources are well protected?

9. Objective of the Study
• The general objective of this study is proposing a
cybersecurity auditing framework that enables Ministry
offices to perform cybersecurity auditing.
• Specific Objective
• The specific objectives of this research are:
• To Evaluate the current practices and processes of cyber
security auditing systems along with the methods and
techniques utilized in Ministry offices

10. Specific Objective Cont ..
• To Identify the differences in cyber security systems and
processes, as well as the primary causes of these
discrepancies.
• Pinpoint the key issues obstructing the cyber security
auditing process within the Ministry offices.
• To Review various cyber security frameworks developed
by scholars globally.
• Propose a cyber security auditing framework designed
to address existing challenges and standardize the cyber
security management process applicable to the Ministry
offices.
The House of Academic Excellence!

11. Significance of the Study
• This research contributes to existing efforts in cybersecurity by
identifying the challenging threat to Ministry offices, in addition
from this study the following will help Ministry offices
• To It allows all Ministry offices to adopt a unified cyber security
framework.
• To introduces a novel perspective to the existing body of
knowledge.
• It adds a new way of thinking in the existing body of knowledge.
• It also provides a foundation for practitioners and researchers
to carry out more in-depth research in cybersecurity
management.

12. Literature Review
• The researcher attempts to assess the ministry
office’s
• theoretical and empirical frameworks as well as the
Cyber Security Auditing Framework in this chapter.
• Review subjects include: Overview of Cybersecurity,
Auditing Activities and Implications, and
Cybersecurity

13. Overview of Cyber Security
• The way governmental organizations process and
store data has changed significantly as a result of the
deployment of information technology.
• This industry is currently prepared to handle a variety
of innovations, including automated online
government services It is also automating various
government services from traditional to automated,
• which are the most cutting-edge ways to provide
services to consumers. Customers worry a lot about
identity theft and privacy

14. Global Cyber Security
• Global Cyber Security Index / GCI/ stated that the global
community is increasingly embracing ICTs as key enabler
for social and economic development.
• It further stated that governments across the world
recognizes that digital transformation has the power to
further the prosperity and wellbeing of their citizens.
• However, these enablers came with the possible threat for
social, economic, and political wellbeing for every nation.
• Due to this GCI affirmed that governments recognize that
cyber security must be an integral and indivisible part of
technological progress.

15. Ethiopia’s Cybersecurity Landscape
• Let’s shift our focus to Ethiopia, where the Information
Network Security Administration(INSA) has been at
the forefront of the fight against cyber threats.
• During the last Ethiopian Fiscal Year, INSA reported
successfully blocking just 6,768 cyberattack attempts
targeting the country. Additionally, it was reported
that INSA’s efforts saved Ethiopia a significant 23.2
billion Birr by mitigating these attacks.
• These figures are notably lower compared to global or
even regional statistics.

16. Ethiopia’s Cybersecurity Landscape Cont …
• Part of this can be attributed to Ethiopia’s relatively
recent surge in the digital domain.
• The country has made considerable strides in
improving its telecommunications and mobile
network infrastructure.
• There is optimistic growth; as of early 2023,
Ethiopia’s internet penetration rate was 16.7%, with
an estimated 2.6% increase in internet users
between 2022 and 2023 alone.

17. Ethiopia’s Cybersecurity Landscape Cont …
• However, it’s important to note that even well-
established institutions, and government bodies still
rely on personal email services like Yahoo or Gmail for
official communication.
• This is particularly alarming, considering that human
error is responsible for 82% of global data breaches.
• Common mistakes, such as sharing passwords,
neglecting patch management, clicking on unsafe links,
and accessing organizational data on personal devices,
pose significant security risks—many of which could be
mitigated through basic digital literacy training.

18. Cybersecurity Auditing
• Cyber Security Auditing is an independent review
and examination of system records, activities, and
related documents to assess the adequacy of system
controls, ensure compliance with established security
policies and approved operational procedures, and
detect security breaches to verify data integrity,
safeguard assets, achieve organizational goals
effectively, and use resources efficiently.
• CSA involves a systematic, measurable technical
assessment of how security policies are integrated
into data systems

19. Cybersecurity Auditing Cont …
• CSA differs from traditional auditing as it requires a
solid understanding of computer systems in
addition to basic auditing concepts.
• Overall, CSA, as a new auditing discipline,
emphasizes a comprehensive examination of cyber
security.
• This approach entails checking all levels, from the
establishment of the cyber security organization
and personnel issues to system configurations

20. Cyber Security Audit Principle
• A security audit principle ensures that the audit
serves as an effective and dependable tool to support
management
• policies and controls by delivering actionable insights
for organizational performance improvement.
• Following these principles is essential for producing
audit conclusions that are both relevant and
necessary, allowing auditors to work independently
while arriving at consistent conclusions in similar
situations.

21. Methodology of the Study
• This chapter shows what kind of research design and method we
should use to answer the research questions being formulated.
• Overview of Research Methods: Qualitative, quantitative and
mixed methods research methods will be developed and the
choice of research methods and the reasons for that will be
discussed. Questions to be answered in this section:
• What research method will be used?
• How are the samples selected for the study and why?
• What data collection methods are used? How is data analyzed?
What tools are used for
• data analysis?
)
(
1 2
e
N
N
n



22. Research Design
• The research design was done informed by the findings of
the literature review.
• The study will utilize survey questionnaires, document
analysis and interviews for data collection, employing a
mixed research method as the research paradigm.
• Given that cybersecurity issues are complex and
interdependent, involving threats, attacks, and
vulnerabilities, mixed research methods will be used to
address this goal.
• Both qualitative and quantitative research help in
understanding the problem and developing ideas.

23. Research Approach
• To achieve the overall and specific objectives, this research
utilizes a mixed-methods approach, integrating both
qualitative and quantitative methods.
• The qualitative component investigates the general
expertise of professionals in managing cyber security
issues, while the quantitative component assesses current
practices, resource needs, training types, and the research
methods employed by experts

24. Data source
• The intention with this thesis was in discovering, assessing,
and understanding the challenging threats of cyber security in
Ethiopia industries and proposing appropriate cyber security
framework.
• Therefore, the samples have been selected, questionnaires
will have distributed and interviews will be conducted, which
are the characteristics of both quantitative and qualitative
research methods.
• However, the fact that questionnaire is used as a tool for data
collection dictates more of quantitative research methods
though it is used in both qualitative and quantitative (i.e.
Mixed research) methods

25. Study Population
• The overall population of the study concentrates on the
Ministry offices of selected organization located in Addis
Ababa.
• The researchers assumed that there is difference in the
characteristics of the overall selected Ministry profile in
terms of technology usage, staff Ministry, resource, service
coverage and service year.
• The selection of the Ministry is based on purposive
sampling, due to the interest of individual Ministry in
terms of willingness in conducting research in their
company.

26. Schedule Plan

27. Budget Plan

28. Thank You