CYBER SCAPE AFRICA | Q2
2019
ISM Plan
Information Security Management (ISM) emphasis controls that organisations should implement to
ensure risk management that relate to the protection and security of information and information
infrastructure. Organisations in African countries must set the right information security culture and
resilience in introducing and maintaining a comprehensive information security management plan.
This can be achieved through the followings:
1. Information security is a corporate governance responsibility and not just the IT department
responsibility.
2. Information security is not just a technical issue. It is more of a business issue that requires
comprehensive solution.
3. Information security must be based on certain type of risk analysis through high level oriented
approach in accordance with international good practices.
4. Information security policy containing comprehensive of supporting sub-policies, procedures
and standards is extremely important.
5. Corporate information security policy must be adhered to strictly. Technical and non-technical
measurement tools should be deployed in enforcing and maintaining compliance.
6. Information security awareness to all levels of the organisation should be implemented.
How prepared are organisations in African countries for any form of information security incidents?
This is a vital question towards the protection and security of their information assets. Organisations
on the continent must continually strengthen their risk management protection systems in order to
sustain their activities in an ever increasing connected world in accordance to international good
practices.
John Olayemi Odumesi
Cybersecurity Analyst, Office of The National Security Adviser
Nigeria
20