Securiti Named a 2022 Cool Vendor in Data Security by GartnerDownload Now
Published on July 28, 2022 AUTHOR - Privacy Research Team
On June 29, 2022, the Central Bank of Nigeria (CBN) released its Risk-based Cybersecurity Framework and Guidelines for Other Financial Institutions (OFI). The guidelines focus on monitoring and reporting procedures, risk management systems, and cybersecurity governance.
According to the guidelines:
“In recent times, threats such as ransomware, targeted phishing attacks, and Advanced Persistent Threats (APT) have become prevalent, demanding that financial institutions, including OFIs, strengthen their cyber resilience and take proactive steps to secure their critical information assets to ensure their safety and soundness.”
The CBN has had to issue cybersecurity guidelines for OFIs (Other Financial Institutions) due to the recent increase in the number of cybersecurity threats. Nkiru Aseigbu, Director of the CBN's OFIs Supervision Department, believes that it has become imperative for institutions to upgrade their cyber defenses to remain secure and sound.
The purpose of the guideline is to:
OFIs must integrate the guideline into their business goals and objectives to combat increasing cyber threats. Additionally, the guideline serves as a benchmark for overall risk management processes.
The letter states that the guidelines' provisions will take effect on January 1, 2023. All OFIs are expected to comply on or before the date. The 41-page document comprises six parts:
Sets the agenda and boundaries for cybersecurity management and controls through defining, directing, and supporting security efforts of the OFIs. It holds the Board of Directors, Senior Management, and Chief Information Security Officer accountable for implementing the cybersecurity framework, and each of them has respective obligations under the Framework.
The Senior Management is responsible for implementing processes and procedures to protect customer data, transactions, and systems and creating a post-incident analysis framework to determine corrective actions in response to security incidents. It is also responsible for evaluating and managing any risks introduced by third-party service providers.
The Chief Information Security Officer is responsible for maintaining an updated record of users, devices, applications, and their relationships, including software and hardware asset inventory, network utilization, and performance data. He/she is also responsible for ensuring regular cyber risk assessments and frequent data backups of critical IT systems to a separate storage location.
OFIs must incorporate cyber-risk management by addressing threats, mitigating exposure, and reducing vulnerability across their institution to reduce the incidence of significant adverse impacts. The Risk Management System must cover risk assessment, risk measurement, risk mitigation, and risk monitoring and reporting.
Cyber Resilience Assessment evaluates an organization’s defense posture and readiness to tackle cybersecurity risks. The Cybersecurity Resilience Assessment must do the following:
OFIs must build, enhance and maintain their cybersecurity operational resilience. This will help reduce cybercrime and strengthen the banking sector's cyber defense.
OFIs must be aware of all emerging threats, cyberattacks, and attack vectors to make timely informed decisions regarding cybersecurity. OFIs must establish a Cyber-Threat Intelligence (CTI) program, which shall proactively identify, detect and mitigate potential cyber threats and risks.
OFIs must introduce metrics and monitoring processes to ensure compliance, provide feedback on the effectiveness of controls and provide the basis for appropriate management decisions.
Additionally, compliance with statutory and regulatory requirements such as the Nigerian Cybercrimes (Prohibition, Prevention, etc.) Act 2015 is essential to avoid breaches of legal, statutory, and regulatory obligations.
Securiti allows organizations to discover, analyze and protect large datasets. It offers effective and automated Data Mapping, Incident Response and Management, and Data Intelligence that help organizations gain visibility to their datasets, identify datasets as a result of security incidents and achieve regulatory compliance.
Ask for a DEMO to understand how Securiti can help you achieve compliance.
July 27, 2022
The General Data Protection Regulation (GDPR) goes to great lengths to provide control to users concerning their personal data. It requires organizations, both data controllers and processors, to have appropriate mechanisms to guarantee that all personal data is...
July 7, 2022
China has passed its comprehensive data protection law that came into effect on November 1st, 2021. China’s PIPL imposes very stringent obligations on how organizations process and disclose personal information. PIPL is said to be “China’s GDPR” based...
July 7, 2022
The California Privacy Rights Act (CPRA) is California’s equivalent of the European Union’s General Data Protection Regulation (GDPR). Its principal purpose is to ensure that businesses dealing with California consumers’ personal information take the appropriate measures to protect the privacy...
PO Box 13039,
Coyote CA 95013