The study sought to analyse security risks and assess security vulnerabilities in the NSSF Core Fund System. The study employed descriptive survey design while the study population was 314 staff working at head office of NSSF. In addition to that, purposive and sampling techniques were used to select 89 who were members of sample size. In addition to that questionnaire and interview were used to solicit data from the respondents while data were analysed using descriptive and content analysis. The study found that security risks and vulnerabilities associated with the core fund system included cyber-attacks, disclosure of sensitive data and hardware failure, others said viruses, internal security threats and internal accidental threats. In the similar case, some said system administration errors. The study also indicated that existence of information security risks had been in different period of time depending on the type of such information security risks. The study concluded that enhancing information security in the Core Fund System utilized by the National Social Security Fund (NSSF) is crucial for safeguarding the data of both the staff and customers. This can be achieved by regularly updating the records of customers and staff members to ensure their information remains reliable. The increasing reliance on computers, mobile devices, and digitalization of business operations necessitates a knowledgeable manager who understands the vulnerabilities and threats to data and information assets. Such a manager can then develop strategies to mitigate risks and protect the organization's data and assets. The study recommended that it is important for organizations to continue providing training to their staff regarding security policies and guidelines for information systems. This will help raise awareness about security risks and allow for the evaluation of vulnerabilities in the NSSF Core Fund System. As a result, it is necessary to establish standards and guidelines that promote the adoption of best practices in information security, ultimately achieving a satisfactory and sufficient level of security.