Security
Meets Business
Objectives
CYBER SCAPE AFRICA | Q2
With the advent of globalisation and ever
changing technologies, both public and private
organisations are facing unprecedented
information threats. Protecting their information
assets has become a key function within the
information systems management regime. It is
absolutely necessary to develop and deploy a
functional information security culture in order to
achieve an effective information systems
management.
2019
Control Objectives for Information and related
Technology (COBIT) main focus is on development
of clear policies and good practices for security
and control in information technology.
Information Technology Infrastructure library
(ITIL) focuses on critical business processes and
disciplines needed for delivering high quality
services. ISO/IEC is a standard for information
security industry that includes a comprehensive
set of controls and best practices.
The protection and security of information to all
individuals, institutions and governments requires
three forefronts which are confidentiality,
integrity and availability. Security of information
goes beyond antivirus software, firewall, etc. The
general approach to the protection and security
should be strategic as well as operational.
Information Security Incidents
Most organisations in African countries are
experiencing serious problems in applying a
successful comprehensive information security
management system. Security incidents cost
organisations in Ghana, Uganda, Tanzania, Kenya
and Nigeria, more than $50 million, $60 million,
$90 million, $210 million and $500 respectively
each year. These figures are likely to place
insufficient emphasis on the problem, as most
organisations in Africa do not report any potential
or accurate losses to authorities.
The objective of information security is to
safeguard business continuity and reduce the
impact of security incidents. The organisational
information, IT systems/infrastructures that
support it, are vital business assets. The
confidentiality, integrity and availability of
business assets are critical to maintain
competitive edge, legal compliance and
profitability.
The WannaCry ransomware attack of May 2017
demonstrated that security breaches happened in
over 100 countries including more than ten (10)
African countries. The attack hit over 200,000
users and more than 400,000 computer systems.
The involvement of Cambridge Analytica in Kenya
and Nigeria electioneering processes, the
Collection #1 data breach of email addresses and
passwords totaling more than 700 million and
more than 1.1 billion unique login passwords, the
Equifax data breach in September 2017 that hit
over 145 million consumers, amongst others;
revealed the need for a comprehensive approach
to protect their information assets.
Information Security Management (ISM)
encapsulates the confidentiality, integrity and
availability of information as well as the delivering
of business benefits by protecting and controlling
information sharing and managing the associated.
The growing adoption of information security
management practices has been driven by the
requirement for the information technology
industry to better manage the quality and
reliability of information technology in business
and respond to a growing number of regulatory
and contractual regulatory and contractual
requirements. ISM practices include COBIT, ITIL,
and ISO/IEC 27000.
19