This research examines the Ethiopian private banking industry's information system security maturity level. The study aims to assess the current maturity level and examine the difference in order to make potential improvements. Protecting information system security and minimizing security concerns is more critical than ever before. The banking industry has put investment into the economy in order to help it grow. Despite their critical position in the economy, banks are still vulnerable to failure. Banks, like any other IT infrastructure, could go bankrupt. Unlike any other business entities, though, their failure would have a significant effect on their clients, suppliers, and shareholders, as well as the country's economic stability.rnThis study was carried out using questionnaire survey data collection. As well as the review of documentation and information security policy and guidelines, were performed. The researcher selects four private banks as a sample and distributes a questionnaire. The measurement has conducted based on ISO/IEC 27001, an internationally accepted information security standard.rnThe data obtained from the questionnaire is analysed using descriptive data analysis, and SPSS is used to interpret and present the data. This study assesses the current maturity level of Ethiopia's private banking sector, as well as the strength and weakness of information security maturity level control objectives based on ISO 27001's fourteen security areas. The report also discusses possible improvements that should be implemented in order to achieve the maximum degree of information security maturity.rnAccording to the findings of the study, the private banking industry's current maturity level is 2 (repeatable but intuitive). The report helps for a better understanding of information security concerns and recommends for Ethiopian private banks to utilize information security management as a strategically significant component. The findings of the study could also be used by these banks to rearrange their information security management systems.