Nigeria has drafted a cybersecurity policy framework to improve cybersecurity, but it has not yet been implemented. The framework outlines several key components including establishing accountability for cybersecurity positions, coordinating national cybersecurity efforts through a response committee, and creating a cybersecurity excellence center. It also aims to strengthen cybersecurity legislation, improve education and awareness, foster collaboration between public and private sectors, and increase cybersecurity training. However, the framework needs to be executed and gaps remain in educating the public and developing a culture of cybersecurity.

1. Table of Contents
3. Need of security in cyberspace...........................................................................................2
3.1. Link of cyber security with information security ........................................................2
3.2. Cyber security approach of Nigeria ............................................................................3
3.3. Cybersecurity framework of Nigeria ...........................................................................3
3.3.1. Accountability of top security positions ...................................................................4
3.3.2. Coordination of national cyber security ..................................................................4
3.3.3. A cybersecurity excellence center...........................................................................4
3.3.4. Legal measures of cyber security............................................................................5
3.3.5. Education and awareness ........................................................................................5
3.3.6. Cybersecurity collaboration between the public and business sectors .............5
3.3.7. Cyber security training and education. ...................................................................5
3.4. Culture of cyber security...............................................................................................6
3.5. Conclusion......................................................................................................................8

2. Chapter 3
3. Need of security in cyberspace
The data person posts on the internet may tell a lot about their online presence. That is
because a lot of the work done by internet services involves exchanging, transmitting,
and analyzing sensitive data. As a result, this data is subject to the online dangers that
are all too common as discussed in chapter two. Individuals, as well as organizations and
countries, are unlikely to be safe online in the absence of effective data security
measures. It follows that efforts to secure cyberspace are intimately linked to those aimed
at protecting personal information (Osho et al., 2015). In order to better understand the
connection between information security and cyber security, this section will provide
definitions for each term. In addition, the International Telecommunications Union's cyber
security guidance will be discussed in detail (ITU).
3.1. Link of cyber security with information security
Information security is described as the security of data from numerous dangers that
might undermine its privacy, integrity, and accessibility. CIA triad which is known as
confidentiality, integrity, and availability of information is essential which means the
information must only be available to the authorized people.
There are a number of reasons why information security is implemented, including
business continuity and risk reduction for the organization. It requires the use of proper
controls, rules, procedures, and processes to guarantee that the CIA of information is
maintained in an organization. To put it another way, information security is all about
securing data in the workplace. However, protecting data is a requirement that extends
well beyond the walls of a company. If you have ever used a web service, you will know
that sharing and releasing information is commonplace. Although information security and
cyberspace security are closely linked, there are aspects of cyberspace security that do
not fall under the purview of information security. As a result, a new field of security has
emerged that is known as cyber security.

3. To put it another way, ISO/IEC 27032 defines cyber security as ensuring that information
in cyberspace is safe (Lebogang et al., 2022). This definition is based on the information
security definition from the standards of the international standard organization. Following
ISO/IEC 27032, users and network operators are expected to take steps to ensure the
safety of their online activities. When it comes to cyber security, the ITU recommends a
few different approaches. Adoption of cyber security measures such as best practices
and standards are among the recommendations. The International Telecommunication
Union (ITU) provides an outline of cyber security in the following section.
3.2. Cyber security approach of Nigeria
Protecting Nigeria's cyberspace and online activities are still in their immaturity. The policy
cybersecurity framework, on the other hand, has been authorized, although there is just
a draught version accessible right now. In this country's cyber security strategy
framework, the government has laid forth its goal. To summarize, this vision envisions a
society where cyber security is ingrained in the psyche of the people.
The International Telecommunication Union (ITU) has issued a set of recommendations
for implementing cyber security. Among the ITU's 10 critical components of an integrated,
multi-stakeholder, and strategy-driven approach to cyber security are given below. The
ITU has proposed a methodology for creating a national cyber plan based on these
aspects. Nigeria's draught National Cyber Security Policy Approach is founded on these
aspects, and this section will compare it to ITU's definition of a strategic objective
cybersecurity program.
3.3. Cybersecurity framework of Nigeria
Nigeria is taking a positive step forward by drafting a Cybersecurity Policy Framework.
However, it is only a good start to a policy framework that has to be followed up by
execution. It is unfortunate that Nigeria's proposed policy framework has not yet been
implemented, given that it has been authorized but not yet announced. Some of the key
points of the framework are given below:

4.  An integrated strategy to cyber security that is guided by the government is being
developed.
 Encouraging employees to take the bare minimum of security precautions.
 Cybercrime, cyber warfare, and cyberterrorism may be prevented and dealt with
through strengthening legal systems.
 Critical information infrastructure security is a top priority.
 Establishing cooperation with public and private organizations to organize action
plans that are consistent with the policy's intentions.
 Creating a formal framework for online governance.
Some of the ITU's national cyber security program's components have already been
incorporated into the policy framework's proposed solutions. Each of these subsections
provides a clear mapping of the various ITU national cyber security program aspects into
Nigeria’s draught policy framework and supporting literature.
3.3.1. Accountability of top security positions
It is Nigeria's obligation to protect its citizens against cyberattacks. Since then, they have
drafted a cyber security legislative framework. Some of the ITU's recommendations for a
national cyber security program are discussed in detail in this draught policy document.
3.3.2. Coordination of national cyber security
The policy framework acknowledges the need for having a specialized coordinator for
cyber security initiatives. Cyber Security Response Committees are outlined in the policy,
which states that they will be formed to handle the coordination of cybersecurity efforts.
3.3.3. A cybersecurity excellence center
A center of cyber security is going to be built that will work on all the standards of cyber
security in the country. According to the policy framework already in place, the focus of
the center is to keep check and balance of the national cyber events.

5. 3.3.4. Legal measures of cyber security
Some cybercrimes and malicious activities are already covered by legislation in force in
Nigeria. Some of the used laws in Nigeria include the electronic transactions act of 2002
and the interception of the regulation act. The lack of a functioning incident response team
in Nigeria has been cited as an issue. As a result of this, the strategy seeks to create
national and government-level computer incident response committees. In Nigeria, one
of the incident response teams has already been set up that is working jointly with the
communication department and this effort is being led by a number of other parties
(Okorodudu et al., 2017).
3.3.5. Education and awareness
The proposed policy framework does not adequately address the need for cyber security
education and awareness program. An educational and awareness campaign should be
undertaken across the country. However, this cyber security program's execution and
promotion are impossible without its creation.
3.3.6. Cybersecurity collaboration between the public and business sectors
In addition, the proposed policy framework highlights the need of fostering local
collaborations. Researchers found that the National CSIRT encourages collaboration and
cooperation between the public, private, and civil sectors. This is why it is included in the
draught policy.
3.3.7. Cyber security training and education.
Nigeria lacks the necessary professional expertise. Computer forensics, incident
response, and secure software coding are among them. As a result, Nigeria stands to
gain from the creation of a training and education program. As a result of the draught
policy framework's framework standard, the essential skills program may be more
effectively developed.
There are several similarities between the ITU's approach to cyber security and the
draught policy framework proposed by South Africa. There is still a lot of space for

6. improvement, particularly with regard to executing the policy framework's proposed
changes. The goal of this policy framework is to instill a sense of cyber security in the
inhabitants of South Africa. It's not clear how this "culture of security" would be fostered,
though, under the policy. As a result, the next section will focus on the characteristics of
such a cyber security culture.
3.4. Culture of cyber security
Developing a cyberculture and appropriate user conduct in the new normal of cyberspace
is essential, but so is the ability to pursue wrongdoers and prosecute, even in the internet
world. New security concerns have arisen as a result of increasing dependence on
cyberspace and other internet materials. As a result of this reliance, cyber security has
now been added to the list of national security issues.
Creating a culture of cyber security is the greatest way to ensure cyber security, according
to ITU. A culture based on awareness and education, according to the study, is one of its
foundations. It is possible to see this pillar in the general assembly's rules on the
development of cyber security culture and in the recommendations for the protection of
computer networks (Rufai et al., 2021). Cyber security culture must be depicted by these
standards, which include a variety of objectives. The following are the goals of the
cybersecurity culture in Nigeria:
 cyberspace users in order to provide a safe and secure environment for everyone
 educating the public about the dangers that lurk in plain sight on the internet and
providing solutions to these dangers
 enhancing the trust that all users have in the systems and networks that supply
and use information
 helping to create and execute cyber security measures by providing a general
framework of reference
 All parties in the development and execution of security measures should be
encouraged to cooperate and share information with each other.
 stressing the importance of security to all parties engaged in the creation or
implementation of the policies

7. In order to cultivate a culture of cyber security, the following objectives might be utilized
as a starting point. One must first recognize the need for security and then be educated
on how to implement it in order to create an effective cyber security culture, according to
the aforementioned recommendations. Promoting a cyber security culture in Nigeria
begins with educating the general public about the importance of cyber security. There
are further eight measures the ITU recommends be followed to develop a cyber security
culture in addition to these principles. Below is a step-by-step guide defined by the ITU:
1 Plan for administration systems to be safe against cyberattacks.
2 Educate system and network users on the need for security awareness.
3 Develop a security-conscious corporate culture.
4 Encourage outreach to the general public.
5 An extensive national awareness campaign should be developed and
implemented.
6 Intensify efforts in the fields of science and technology, as well as in research and
development.
7 Re-evaluate and modernize the current internet privacy regime.
8 Make sure you're aware of cyber risks and the remedies that are out there.
In light of the principles and the measures outlined above, it's evident that promoting cyber
security literacy is a critical component of the field's overall health. In step 5, it is stated
that a nationwide awareness campaign should be launched. As a result, boosting public
awareness and making resources readily available are interrelated challenges that must
be addressed independently. This necessitates a concentrated effort to raise awareness
and educate the public.
Both education and support play a critical part in cyber security, as demonstrated by the
ITU's standards and actions above. As a result, they are even more crucial to the
development of a cyber security mindset. Because of this, the state of South Africa needs
a consistent and well-defined strategy for cyber security awareness and education in
order to achieve its goals. However, it is critical that the government take the reins and
set the example. Every online user also has a responsibility in this respect, but this

8. obligation can only be acknowledged if the users are well-informed through successful
campaigns of awareness and education.
3.5. Conclusion
Many people have become acclimated to the benefits of cyberspace, but it also has a
sinister side. This means that everyone should be aware of both the advantages and
dangers of using the internet. Individuals, organizations, and countries alike are affected
by online threats. It is necessary to take sufficient precautions against the evil side of
cyberspace.
Cyber security is a shared responsibility for everyone who uses the internet. According to
the ITU, the government should be in charge of cyber security. In addition, it is the
government's duty to promote a cyberspace security culture. One of the many foundations
that support this culture is public awareness and education. As far as cyber security is
concerned, education and awareness are essential. Consequently, if Nigeria is to achieve
its goal of cyber security culture, it will have to concentrate on national cyber education
and awareness efforts. As a result, in the next chapter, we'll look at the efforts of
industrialized countries to raise cyber security designed to educate their citizens.

9. References
Osho, O. and Onoja, A.D., 2015. National Cyber Security Policy and Strategy of Nigeria:
A Qualitative Analysis. International Journal of Cyber Criminology, 9(1).
Lebogang, V., Tabona, O. and Maupong, T., 2022. Evaluating Cybersecurity Strategies
in Africa. In Cybersecurity Capabilities in Developing Nations and Its Impact on Global
Security (pp. 1-19). IGI Global.
Okorodudu, F.O. and Okorodudu, P.O., 2017. Cyber security and digital privacy: an
imperative for information and communication technology and sustainable development
in Nigeria. International Journal of Research, 4(03), pp.412-421.
Rufai, A., Modi, S. and Wadata, B., 2021. A survey of cyber-security practices in
Nigeria. International Research Journal of Advanced Engineering and Science, pp.222-
226.