In light of Ghana’s digitization agenda and establishment of the Cybersecurity Authority comes a firm commitment and assurance of the Government to promote Information Communication and Technology (ICT) and secure the ICT infrastructure of the country.
Highlighting the proceedings since the establishment is the willingness of the government to push from its current 3rd position in the Africa cybersecurity ranking to the 1st position by 2023.
Enforcing the Cybersecurity law, formulating the Cybersecurity Licensure framework, forcibly implementing the licensure of cybersecurity solutions and products and issuing accreditation for Cybersecurity professionals and practitioners are the major bridges the government will have to cross if it wants to achieve this feat.
The steaming anticipation for most people in the industry since the inception of the Act has been pivoting around areas concerning accreditation for Cybersecurity professionals and practitioners and the licensure of cybersecurity solutions and products.
Even though the specifics and particulars of the accreditation and licensure are not yet spelt out, it is worth stating the advantage it gives to professionals, practitioners, the industry and what it means going forward.
Act 1038 establishes the Cyber Security Authority; to regulate cyber security activities in the country, to promote the development of cybersecurity in the country and to provide for related matters.
A major inclusion in the Act is the Critical Information Infrastructure (CII) directive. The CII directive aligns with the strategic imperatives of our National Cybersecurity Policy and Strategy, which seeks to build a resilient digital ecosystem, secure digital infrastructure, develop national capacity, deter cybercrime, and strengthen cooperation.
The underlying objective of this directive is to establish baseline cybersecurity requirements for all designated CII owners, establish the requirements and procedures for incident response, including reporting mechanisms of cybersecurity incidents by designated CII owners, and establish the procedures for audit and compliance pursuant to section 38 of the cybersecurity act, 2020 (Act 1038).
Critical infrastructure and sensitive data should be handled by qualified and competent practitioners or authorized companies. Qualified and competent means persons who are truly certified and are equipped with the required technicalities and knowledge in the field. Authorized companies must have met all the requirements needed to provide the solution or sell the product.
A profound approach to validating and verifying this qualification and authorization is through the issuance of a license and accreditation. Therefore, in that order, the Government seeks to build a framework or scheme that will see to this course.
This means that practitioners and organizations, by virtue of the accreditation and license, are bound to a code of conduct and ethics of practice which will ensure some sanity in the industry and protect the interest of practitioners, organizations, and their clients.
Business owners or managers are therefore assured of some level of confidence in persons securing or handling their infrastructure.
Furthermore, this will promote cybersecurity awareness in the country, lead to the establishment of more cybersecurity training institutions or certification bodies, challenge institutions to improve upon their solutions, training, and curriculums to fit the needs of the industry, and ultimately promote research and development programs aiming at streamlining and improving Information security governance, risk, and compliance.
Computer/Cybersecurity, Digital/Memory/Malware forensics, Forensic Investigation and Audit, Networking, and an excellent researcher in the field of Information communication and technology.
0279489127
source https://www.jbklutse.com/highlighting-the-importance-of-accreditation-and-licensure-for-cybersecurity-in-ghana/
No comments:
Post a Comment