2024: The FAR, Federal Acquisition Regulations - Part 28
Â
The Nigerian Cybersecurity Space-How Regulated Are We?
1. The Nigerian Cybersecurity
Space â How Regulated? Who
Regulates?
Starring:
Chinatu Uzuegbu
CCISO, CISSP, CISM, CISA, CEH, âŚâŚ
CyberSecurity Consultant RoseTech
THE SENATE, FEDERAL REPUBLIC OF NIGERIA, Committee on ICT and Cybercrime event
Theme:
The Digital Theatre and the Future of Nigeria
2. Chinatu Uzuegbu
â Managing Cyber Security Consultant, RoseTech.
â Founding Past President, (ISC)2 Nigeria Chapter.
â Member, Global (ISC)2 Chapter Advisory Committee(CAC).
â Member, VigiTrust Advisory Board, Ireland.
â Mentor, Open Cyber Security Mentorship Program(OCMP), AfrHackton and
Cyber in Africa Initiative.
â Global Ambassador, WomenTech Network
â Finalist, Top 50 Women in Cybersecurity, Africa, 2020
â Alumni, London Graduate School in Collaboration with CommonWealth
University- Dubai Leadership Summit. 2020
â Alumni, University of Liverpool- MSc. Information Systems Management
â Alumni, University of Port Harcourt-BSc. Computer science & Maths.
â Over 15 years Wealth of experience in IT and 10 years in Information
Security with FIs, Manufacturing and Computer Firms.
â Professionally:CCISO, CISSP, CISM, CISA, CEH and other related IT
Certifications.
â Professional Membership: (ISC)2, ISACA, EC-COUNCIL, CSEAN.
â Participated and Attended both International and Local Conferences.
â Aside Profession, inclined to Learning New Things, Reading, Cooking and
Adventures.
â Open to Cyber Security Related Services.
3. Preamble
Cyber
Cyber Security
CyberSpace The Communication and Interoperable Handshakes of
The Cybernetics with Pictorial illustration.
Concept of the CIA Triad, the approach to securing The
CyberSpace.
Concept of The Cybernetics
The CyberSpace of a Nation The Global National Security Alliance Perspective
The Conceptual and Contextual Approach
You canât go wrong with GAP Analysis/Checklist
Laws, Regulations, Frameworks and
Governance
International Regulations and
Frameworks
How Regulated is Nigeria across All
Sectors and Industries?
Seamless alignment with The Standards/Best Practices
is the way to go!
The SMART principle approach would help.
Importance of Regulations and
Frameworks
Who Regulates in Nigeria? Key Players of the various Industries overseen by ONSA.
Conclusion
4. Cyber
The Concept of The Cybernetics
â Coined out from the word Cybernetics.
â Cybernetics is the study of Medical Science, Biological Science, Applied
Science, Natural Science, Engineering, Electronic devices, Data,
Information, Artificial Intelligence, Machine Learning , Infrastructures,
Computers, Laptops, Technology, Communications, and other related
systems with the aim of promoting good governance and Control
around the inter-connectivity and interoperability of these elements-
The Cybernetic Elements.
â Cybernetics is derived from the Greek word Kybernetes meaning a
Person in Control, more like a Man on the Steering for a long drive.
6. The CyberSpace of a Nation
ONSA
Parliament Commissioning Bodies
Regulatory
Bodies
Contratual and
standards
â˘The Forces
â˘Law
Enforcement
â˘All Public Sectors:
â˘Education
â˘Transportation
â˘Health
â˘Trades and Commerce
â˘Immigration
â˘National Population
â˘National Communications
â˘National Identity
â˘Revenues
â˘Postal Services
â˘NITDA
â˘ICT
⢠Others
EFCC
NFIU
CBN
Others
Governance of any firm
outside the government
Private Sector
7. Cyber Security
The Concept of The CIA Triad
â The Process or act of protecting your Cybernetic
Elements from Undue Disclosure, Modification and
Destruction.
â The Process or act of protecting our Cybernetic Elements
based on the acceptable level of Confidentiality, Integrity
and Availability-The CIA Triad.
â The CIA Triad is generally seen as the philosophy of Cyber
Security:
⢠Confidentiality- The act of protecting the
Cybernetic elements from unauthorised Disclosure
⢠Integrity- The act of protecting the Cybernetic
elements from unauthorised Modification.
⢠Availability- The act of protecting the Cybernetic
Elements from unauthorised Destruction.
The other
side of the
coin
Modification
8. The Philosophy of Cyber Security
The philosophy of Cyber Security can be categorised
into three Layers:
1. The Focused or Objective Layer- Achieving an
Acceptable level of: Confidentiality, Integrity and
Availability(CIA Triad).
2. The Three Control Types: Administrative, Technical
and Physical.
3. The Seven Security Measures, Safeguards or
Countermeasures: Preventive, Detective, Deterrent,
Corrective, Recovery, Compensative and Directive.
CIA Triad
Admin Tech Physical
Prevent, Detect, Deter, Correct,
Recover, Compensate, Direct
9. Regulations, Governance and
Frameworks
â Regulation is the overarching concept that drives Governance
and Frameworks for necessary compliance and enforcements.
â Governance is the framework of authority and accountability
that defines and controls the outputs, outcomes and benefits
from projects, programmes and portfolios. The mechanism
whereby the investing organisation exerts financial and
technical control over the deployment of the work and the
realisation of value.
â A framework is a conceptual structure defined by the
governance of an organisation to set out policies within the
company.
10. Importance of Regulations and
Frameworks
â Promotes good Security Posture and Culture.
â Promotes Clean Hygiene in your Processes.
â Assurance that you are aligned with Best
Practices.
â Accurate posture when combined with GAP
Analysis.
â You cannot go wrong with RegulationsâŚâŚ..
11. International Regulations and Frameworks
â˘ECPA-Electronics Communications Privacy Act.
â˘GLBA-Graham Leach Bliley Act
â˘SOX-Sarbanes-Oxley Act.
â˘HIPAA-Health Insurance Portability and Accountability Act.
â˘FERPA-Family Educational Rights and Privacy Act.
â˘DMCA-The Digital Millennium Copyright Act.
â˘European Union Data Directive(Privacy Regulatory) on Personally Identifiable
Information-PII.
â˘The Privacy Shield(replacement of US Safe Harbor) for countries outside EU in
need of EU Citizens data consent: Canada(PIPEDA), Australia, Argentina,
EFTA(Switzerland, Iceland and Others), Asia Pacific Economic Corporations) and
other Companies through Contractual bindings.
12. Links to Some International
Frameworks
â https://www.iso.org/isoiec-27001-information-security.html
â https://csrc.nist.gov/Projects/risk-management/sp800-53-
controls/
â https://www.pcisecuritystandards.org/pci_security/
â https://www2.ed.gov/policy/gen/guid/fpco/ferpa/index.html
â https://www.cisa.gov/federal-information-security-
modernization-act
â https://www.ftc.gov/tips-advice/business-center/privacy-and-
security/gramm-leach-bliley-act
â https://www.hhs.gov/hipaa/index.html
13. Nigerian Cyber Security
Frameworks and Initiatives
1. National CyberSecurity Policy and Strategy-
NCPS.
https://education.gov.ng/national-
cybersecurity-policy-and-strategy-2021/#1
2. Nigeria Data Protection Regulation-NDPR.
https://nitda.gov.ng/wp-
content/uploads/2021/01/NDPR-
Implementation-Framework.pdf
3. Other Frameworks and Regulatory ACTs from
NCC, CBN and others.
14. How Regulated is Nigeria across All Sectors and Industries?
â Could only be ascertained and measured with Synergy and Collaborations with All
Governing Bodies and Key Players of the various Industries but it has to be driven
from ONSA.
â The involvement of All Key Players of the various Bodies would ensure all areas and
Critical Paths are well outlined.
â Customization of the Standard and International Regulations around each Sector
highly depends on the jurisdiction of the Nation. The Location and what should
apply.
â Already existing Regulations should be enforced and tested globally to ensure
alignment with other developed Countries especially that of NDPR.
â The publicity with fines that go with violations should be catchy and lets those in
Diaspora understand the regulations that apply here too when it has to do with
relative transfer and exchange of Information.
â ONSA should map out a sub-section tagged Cyber Security Alliance to drive the
Regulations and enforcements
15. The Regulation Structure
ONSA
Parliament Commissioning Bodies
Regulatory
Bodies
Contratual and
standards
â˘The Forces
â˘Law
Enforcement
â˘All Public Sectors:
â˘Education
â˘Transportation
â˘Health
â˘Trades and Commerce
â˘Immigration
â˘National Population
â˘National Communications
â˘National Identity
â˘Revenues
â˘Postal Services
â˘NITDA
â˘ICT
⢠Others
EFCC
NFIU
CBN
Others
Governance of any firm
outside the government
Private Sector
16. Conclusion
â Running with Regulations is achievable if we could
apply the concept of The National Security
Alliance.
â Most Key Industries are already aligning their
processes with Standard Regulations, identify
them and inculcate them into the Cyber Security
Alliance group to represent each industry under
the various Sectors.