Loading in 2 Seconds...
Loading in 2 Seconds...
KEYNOTE ADDRESS DELIVERED ON THE OCCASION OF ISACA ABUJA 2012 1-DAY LUNCHEON SEMINAR ON 31 ST JULY,2012 AT VALENCIA HOTELS, WUSE II, ABUJA. BY IKANI YUNUSA, ACA, CISA, ACTI, Associate of (ISC) 2. Seminar Theme: ‘‘PCI DSS and Cyberspace Security- Complementary Concepts’.
Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.
KEYNOTE ADDRESS DELIVERED ON THE OCCASION OF ISACA ABUJA 2012 1-DAY LUNCHEON SEMINAR ON 31ST JULY,2012 AT VALENCIA HOTELS, WUSE II, ABUJA. BY IKANI YUNUSA, ACA, CISA, ACTI, Associate of (ISC)2
Seminar Theme: ‘‘PCI DSS and Cyberspace Security- Complementary Concepts’ Paper 1:ThePlace of PCI DSS Compliant Banking Industry in a Cashless Economy; Experiences of other Countries. Paper 2: An Effective Institutional Information Systems Security Framework; the Starting Point for a Secure National Cyberspace .
SUMMARY OF PRESENTATION • Introduction • Definition of key concepts • PCI DSS and Cyberspace Security-The Links • PCI DSS and Cyberspace Security; The Nigeria Situation. • Suggestions for Positive Radical Change in Nigeria • Conclusion.
Introduction • To say the least IT is everything about Nigeria and Nigerians currently as it is the case world over. This statement is evident by massive IT driven projects/initiatives going on in both private and public sectors of Nigeria economy as summarized ministry by ministry and/or sector by sector below. • Aviation-online air ticket reservation. E.g. Aero Contractors Company of Nigeria Ltd Phenomenon. • Petroleum-NNPC Ultra modern data center just lunched and massive IT-enable process re-engineering expected.
Introduction cont’d....... • Information and National Orientation –upsurge of social media utilization, National Broadcasting Commission (NBC) radio and television transmission digitalization. • Telecommunications-Nigerian Communications Commission (NCC) number portability, NITDA Regional Information Technology Centres (RITCs). • Finance-GIFMIS, CBN e-banking initiatives, FIRS ITAS, NCS ASYCUDA,NSE Automated Trading Platform. • Power-PHCN digital prepaid metre project • Police Affair-Abuja and other city CCTV project
Introduction cont’d....... • Education-Awka Ibom State e-library project, Lagos State e-library project, Google searching, JAMB computer based test administration initiative, computerized post UTME script marking and grading etc. • Defence-cyber Warfare, Nigeria Air Force bomb demobilization robot initiative etc. • Presidency-NIMC national identity card project, Pension reform. From the above, it is obviousthat IT affects all our fundamental human rights as persons and as Nigerians. Then, it is safe to say that whatever affects the interconnected/interdependent IT network and telecommunication network as well as IT infrastructures that run on it affects us.
Introduction cont’d....... • The big questions are: • Does whatever affects the interconnected IT network and telecommunication network as well as IT infrastructures that run on it affects you in any way? • Do our governments at all level owe us duty of protection of life and properties as well as maximization of our welfare? • Do we own ourselves duty of life protection and maximization of our welfare? • Have we failed in our duties in this regards in Nigeria? • Do you agree that actual and potential cyber threats world over and Nigeria is high and increasing? • Do you believe PCI DSS and Cyberspace security implementation is the way to go? If yes, seminar continues but if no, we can as well conclude the seminar now ladies and gentlemen.
Definition of key concepts • PCI DSS- stands for Payment Card Industry Data Security Standard. The standard is an initiative of Payment Card Industry Security Standard Council. The Council was formed by major global payment card scheme brand operators such as VISA Card, MasterCard, American Express, Discover Financial Services, and JCB International and it became operation on 15 December, 2004. It is an industrial standard aimed at protecting sensitive personal data linked to payment card such as Personal Identification Number(PIN), Primary Account Number(PAN), Card Verification Value (CVV) etc with eyes on payment card related fraud reduction. The standard is aimed at industry players such as payment card acquirers, issuers, processors, switching companies, merchants, card scheme brand operators etc
Definition of key concepts Cont’d..... • Another Payment Card Industry Security Standard Council’s standard is PA-DSS, • The Council operates the following certifications for individuals/organizations that carry out annual revalidation of compliance with its standards. • Qualified Security Assessor(QSA) • Qualified Scanning Vendor (QSV) • Internal Security Assessor(ISA) for big payment card industry player/companies.
Definition of key concepts Cont’d........ • Cyberspace- global network of interdependent information technology infrastructures,telecommunication networks and computer processing systems. • Below is a pictorial illustration of cyberspace concept.
PCI DSS and Cyberspace Security-The Links cont’d..............
PCI DSS and Cyberspace Security-The Links Cont’d..... • Summarized in above slide is the PCI DSS summary requirements on the left hand side arrow and on the right hand side arrow is the broader corresponding ISMS frameworks/blueprints. • The above slides shows that PCI DSS and Information Security Management Systems are related and that PCI DSS is a subset of cyberspace/information security.
PCI DSS and Cyberspace Security; The Nigeria Situation. • Zero or poor protection of government information and information assets. • Lack of enabling cybercrime law except some vertical enactments-courtesy of CBN. • Shortage of information security management specialities • Placement of square peg in a round hole in the deployment of available information security management experts. • Poor government appreciation of the next generation war front-cyberspace • Slow pace of PCI DSS implementation in Nigeria banking industry. E.g. of the 19 operational banks in Nigeria as at today only 2 i.e. Zenith Bank Plc and Access Bank Plc are PCI DSS compliant . • Lack of nationally co-ordinated cybercrime incident data collation and management. E.g. No known national/industrial CERT.
Suggestions for Positive Radical Change in Nigeria • Massive public awareness on cyberspace security. • Enactment of cybercrime laws. E.g. Data protection law, passage of cybersecurity bill 2011 with amendment imposing duty of information security due care and diligence on major employers of ICT in Nigeria etc • Deliberate training of Nigerians on cybersecurity related programmes. • Efficient non-political deployment of available information security experts.
Suggestions for Positive Radical Change in Nigeria Cont’d.... • Public-Private-Partnership on information security as illustrated below.