A data and information governance practitioner,Michael Irene has applauded the Central Bank of Nigeria’s risk-based cybersecurity framework and guidelines for other financial institutions.
In an article published by ‘businessamlive’, Irene examined the foundation that must be laid by financial organizations in implementing the framework.
“The Central Bank of Nigeria’s risk-based cybersecurity framework and guidelines for other financial institutions is a welcomed strategy especially if one considers this epochal period of data exchange and the surrounding implications of getting governance of these sets of information assets wrong.
“The guidelines look at cybersecurity oversight, risk management systems, as well as monitoring and reporting.
“There are good reasons why there must be board involvement in the implementation of this risk-based cybersecurity framework, and they are: enterprise-wide risk and the decision to mitigate such threats must be decided at the highest levels of the organization, the board will know the maturity posture of the organization and understand how to best guide risk management decisions and prevent brand busting headlines.
“The next step would be to create a steering committee that would map out the scope of what the board intends to achieve. This committee is created with the sole intention of understanding the framework, teasing out the expectations, and figuring out the various departments and individuals that can drive the project to successful completion. These would involve the likes of a project manager, chief information security officer, data protection officer, and any other personnel that the steering committee chairman feels can handle the various work streams the project requires.
“The guideline is clear in its expectation and the CBN must be applauded for making the documentation clear for digestion and assimilation. The onus is now on stakeholders to ensure that they play their part in creating a safe Nigerian Digital economy and help foster that trust in Nigerians and globally. Companies don’t need the CBN chasing them to implement this, they should already be thinking and acting in these terms.” Irene’s article read.
Last month, the CBN in a circular said that it has observed increased threats in FinTech Subsector, identifying the need to strengthen cyber resilience and take proactive steps to secure the privacy and information of customers.