Presentation is loading. Please wait.

Presentation is loading. Please wait.

BY IKANI YUNUSA, ACA, CISA, ACTI, Associate of (ISC) 2 1.

Published byAnnabella Benny Modified over 9 years ago

Similar presentations

Presentation on theme: "BY IKANI YUNUSA, ACA, CISA, ACTI, Associate of (ISC) 2 1."— Presentation transcript:

1 BY IKANI YUNUSA, ACA, CISA, ACTI, Associate of (ISC) 2 1

2  Paper 1: The Place of PCI DSS Compliant Banking Industry in a Cashless Economy; Experiences of other Countries.  Paper 2: An Effective Institutional Information Systems Security Framework; the Starting Point for a Secure National Cyberspace. 2

3  Introduction  Definition of key concepts  PCI DSS and Cyberspace Security-The Links  PCI DSS and Cyberspace Security; The Nigeria Situation.  Suggestions for Positive Radical Change in Nigeria  Conclusion. 3

4  To say the least IT is everything about Nigeria and Nigerians currently as it is the case world over. This statement is evident by massive IT driven projects/initiatives going on in both private and public sectors of Nigeria economy as summarized ministry by ministry and/or sector by sector below.  Aviation-online air ticket reservation. E.g. Aero Contractors Company of Nigeria Ltd Phenomenon.  Petroleum-NNPC Ultra modern data center just lunched and massive IT-enable process re-engineering expected. 4

5  Information and National Orientation –upsurge of social media utilization, National Broadcasting Commission (NBC) radio and television transmission digitalization.  Telecommunications-Nigerian Communications Commission (NCC) number portability, NITDA Regional Information Technology Centres (RITCs).  Finance-GIFMIS, CBN e-banking initiatives, FIRS ITAS, NCS ASYCUDA,NSE Automated Trading Platform.  Power-PHCN digital prepaid metre project  Police Affair-Abuja and other city CCTV project 5

6  Education-Awka Ibom State e-library project, Lagos State e-library project, Google searching, JAMB computer based test administration initiative, computerized post UTME script marking and grading etc.  Defence-cyber Warfare, Nigeria Air Force bomb demobilization robot initiative etc.  Presidency-NIMC national identity card project, Pension reform. From the above, it is obvious that IT affects all our fundamental human rights as persons and as Nigerians. Then, it is safe to say that whatever affects the interconnected/interdependent IT network and telecommunication network as well as IT infrastructures that run on it affects us. 6

7  The big questions are:  Does whatever affects the interconnected IT network and telecommunication network as well as IT infrastructures that run on it affects you in any way?  Do our governments at all level owe us duty of protection of life and properties as well as maximization of our welfare?  Do we own ourselves duty of life protection and maximization of our welfare?  Have we failed in our duties in this regards in Nigeria?  Do you agree that actual and potential cyber threats world over and Nigeria is high and increasing?  Do you believe PCI DSS and Cyberspace security implementation is the way to go? If yes, seminar continues but if no, we can as well conclude the seminar now ladies and gentlemen. 7

8  PCI DSS- stands for Payment Card Industry Data Security Standard. The standard is an initiative of Payment Card Industry Security Standard Council. The Council was formed by major global payment card scheme brand operators such as VISA Card, MasterCard, American Express, Discover Financial Services, and JCB International and it became operation on 15 December, 2004. It is an industrial standard aimed at protecting sensitive personal data linked to payment card such as Personal Identification Number(PIN), Primary Account Number(PAN), Card Verification Value (CVV) etc with eyes on payment card related fraud reduction. The standard is aimed at industry players such as payment card acquirers, issuers, processors, switching companies, merchants, card scheme brand operators etc 8

9  Another Payment Card Industry Security Standard Council’s standard is PA-DSS,  The Council operates the following certifications for individuals/organizations that carry out annual revalidation of compliance with its standards.  Qualified Security Assessor(QSA)  Qualified Scanning Vendor (QSV)  Internal Security Assessor(ISA) for big payment card industry player/companies. 9

10  Cyberspace- global network of interdependent information technology infrastructures, telecommunication networks and computer processing systems.  Below is a pictorial illustration of cyberspace concept. 10

11 11 cyberspace Applicatio n Servers/o thers Telephon e NETWORK S/TELCOS IETF/ICA NN/RIR/I SP/PKI LANS/MANS/ WANS/Interne t/protocols

12 12 Information security management system (ISMS) PCI DSS Other Industrial Infosec. Stds.

13 13 PCI DSS: Firewall and server hardening Cardholder data protection and encryption Antivirus solution and secure system/application Restrict access to cardholder data logically & physically Monitor access to network resources/cardholder data & Maintain infosec policy Maintain policy ISMS Network security blueprint Information classification blueprint Virus management blueprint Identity and user management blueprint Physical security blueprint Security policies, standards, guidelines, and baseline.

14  Summarized in above slide is the PCI DSS summary requirements on the left hand side arrow and on the right hand side arrow is the broader corresponding ISMS frameworks/blueprints.  The above slides shows that PCI DSS and Information Security Management Systems are related and that PCI DSS is a subset of cyberspace/information security. 14

15  Zero or poor protection of government information and information assets.  Lack of enabling cybercrime law except some vertical enactments-courtesy of CBN.  Shortage of information security management specialities  Placement of square peg in a round hole in the deployment of available information security management experts.  Poor government appreciation of the next generation war front-cyberspace  Slow pace of PCI DSS implementation in Nigeria banking industry. E.g. of the 19 operational banks in Nigeria as at today only 2 i.e. Zenith Bank Plc and Access Bank Plc are PCI DSS compliant.  Lack of nationally co-ordinated cybercrime incident data collation and management. E.g. No known national/industrial CERT. 15

16  Massive public awareness on cyberspace security.  Enactment of cybercrime laws. E.g. Data protection law, passage of cybersecurity bill 2011 with amendment imposing duty of information security due care and diligence on major employers of ICT in Nigeria etc  Deliberate training of Nigerians on cybersecurity related programmes.  Efficient non-political deployment of available information security experts. 16

17  Public-Private-Partnership on information security as illustrated below. 17 National Cybersecurity/Infosec compliant Nigeria Infosec compliant Private concerns Infosec Compliant Citizens Infosec compliant MDAs

18 Thank you and have a successful seminar. 18

Download ppt "BY IKANI YUNUSA, ACA, CISA, ACTI, Associate of (ISC) 2 1."

Similar presentations

President of the National Statistics Council 1 Ridha FERCHIOU National Statistics Council 2007 CNS OECD World Forum on Statistics, Knowledge and Policy.

President of the National Statistics Council 1 Ridha FERCHIOU National Statistics Council 2007 CNS OECD World Forum on Statistics, Knowledge and Policy.
Photo by Karl Steinbrenner Purchase & Travel Card Programs Current Status and Future Trends Presented By Valerie J Smith, CPCP.

Photo by Karl Steinbrenner Purchase & Travel Card Programs Current Status and Future Trends Presented By Valerie J Smith, CPCP.
© Copyright 1998-2001 International Telecommunication Union (ITU). All Rights Reserved page - 1 Alexander NTOKO Project Manager, ITU Electronic Commerce.

© Copyright International Telecommunication Union (ITU). All Rights Reserved page - 1 Alexander NTOKO Project Manager, ITU Electronic Commerce.
Philippine Cybercrime Efforts

Philippine Cybercrime Efforts
1 FPEG Identity theft & payment fraud point 2.2 19 December 2007.

1 FPEG Identity theft & payment fraud point December 2007.
International Telecommunication Union Accra, Ghana, 16-17 June 2009 Emergency Communications Systems: Nigeria Bashir Gwandu, PhD, MBA, CEng MIEE, MIEEE.

International Telecommunication Union Accra, Ghana, June 2009 Emergency Communications Systems: Nigeria Bashir Gwandu, PhD, MBA, CEng MIEE, MIEEE.
1 Measuring ICT4D: ITUs Focus on Household and Individual Market, Economics & Finance Unit Telecommunication Development Bureau.

1 Measuring ICT4D: ITUs Focus on Household and Individual Market, Economics & Finance Unit Telecommunication Development Bureau.
CURRENT SITUATION OF E-HEALTH IN MYANMAR Nang Kham Oo Leik Central Womens Hospital

CURRENT SITUATION OF E-HEALTH IN MYANMAR Nang Kham Oo Leik Central Womens Hospital
Steps towards E-Government in Syria

Steps towards E-Government in Syria
ITU Regional Seminar on E-commerce Bucharest, Romania 14-17 May 2002 National E-commerce Strategies for Development Dr. Susanne Teltscher United Nations.

ITU Regional Seminar on E-commerce Bucharest, Romania May 2002 National E-commerce Strategies for Development Dr. Susanne Teltscher United Nations.
International Telecommunication Union An Insight into BDT Programme 3 Marco Obiso ICT Applications and Cybersecurity Division Telecommunication Development.

International Telecommunication Union An Insight into BDT Programme 3 Marco Obiso ICT Applications and Cybersecurity Division Telecommunication Development.
Surviving the PCI Self -Assessment James Placer, CISSP West Michigan Cisco Users Group Leadership Board.

Surviving the PCI Self -Assessment James Placer, CISSP West Michigan Cisco Users Group Leadership Board.
ISACA January 8, 2013. IT Auditor at Cintas Corporation Internal Audit Department Internal Security Assessor (ISA) Certification September 2010 Annual.

ISACA January 8, IT Auditor at Cintas Corporation Internal Audit Department Internal Security Assessor (ISA) Certification September 2010 Annual.
Evolving Challenges of PCI Compliance Charlie Wood, PCI QSA, CRISC, CISA Principal, The Bonadio Group January 10, 2014.

Evolving Challenges of PCI Compliance Charlie Wood, PCI QSA, CRISC, CISA Principal, The Bonadio Group January 10, 2014.
.. PCI Payment Card Industry Compliance October 2012 Presented By: Jason P. Rusch.

.. PCI Payment Card Industry Compliance October 2012 Presented By: Jason P. Rusch.
Mobile Payment Security The Good, the Bad and the Ugly

Mobile Payment Security The Good, the Bad and the Ugly
PCI DSS for Retail Industry

PCI DSS for Retail Industry
Payment Card Industry Data Security Standard Tom Davis and Chad Marcum Indiana University.

Payment Card Industry Data Security Standard Tom Davis and Chad Marcum Indiana University.
PCI Compliance and the Restaurant of the Future October 8, 2013 Presented by WEBINAR Jim Lippard Senior Product Manager Security Products EarthLink Business.

PCI Compliance and the Restaurant of the Future October 8, 2013 Presented by WEBINAR Jim Lippard Senior Product Manager Security Products EarthLink Business.
Troy Leach April 2012 The PCI Security Standards Council.

Troy Leach April 2012 The PCI Security Standards Council.

Similar presentations

Ads by Google