Presentation is loading. Please wait.

Presentation is loading. Please wait.

BY IKANI YUNUSA, ACA, CISA, ACTI, Associate of (ISC) 2 1.

Similar presentations

Presentation on theme: "BY IKANI YUNUSA, ACA, CISA, ACTI, Associate of (ISC) 2 1."— Presentation transcript:

1 BY IKANI YUNUSA, ACA, CISA, ACTI, Associate of (ISC) 2 1

2  Paper 1: The Place of PCI DSS Compliant Banking Industry in a Cashless Economy; Experiences of other Countries.  Paper 2: An Effective Institutional Information Systems Security Framework; the Starting Point for a Secure National Cyberspace. 2

3  Introduction  Definition of key concepts  PCI DSS and Cyberspace Security-The Links  PCI DSS and Cyberspace Security; The Nigeria Situation.  Suggestions for Positive Radical Change in Nigeria  Conclusion. 3

4  To say the least IT is everything about Nigeria and Nigerians currently as it is the case world over. This statement is evident by massive IT driven projects/initiatives going on in both private and public sectors of Nigeria economy as summarized ministry by ministry and/or sector by sector below.  Aviation-online air ticket reservation. E.g. Aero Contractors Company of Nigeria Ltd Phenomenon.  Petroleum-NNPC Ultra modern data center just lunched and massive IT-enable process re-engineering expected. 4

5  Information and National Orientation –upsurge of social media utilization, National Broadcasting Commission (NBC) radio and television transmission digitalization.  Telecommunications-Nigerian Communications Commission (NCC) number portability, NITDA Regional Information Technology Centres (RITCs).  Finance-GIFMIS, CBN e-banking initiatives, FIRS ITAS, NCS ASYCUDA,NSE Automated Trading Platform.  Power-PHCN digital prepaid metre project  Police Affair-Abuja and other city CCTV project 5

6  Education-Awka Ibom State e-library project, Lagos State e-library project, Google searching, JAMB computer based test administration initiative, computerized post UTME script marking and grading etc.  Defence-cyber Warfare, Nigeria Air Force bomb demobilization robot initiative etc.  Presidency-NIMC national identity card project, Pension reform. From the above, it is obvious that IT affects all our fundamental human rights as persons and as Nigerians. Then, it is safe to say that whatever affects the interconnected/interdependent IT network and telecommunication network as well as IT infrastructures that run on it affects us. 6

7  The big questions are:  Does whatever affects the interconnected IT network and telecommunication network as well as IT infrastructures that run on it affects you in any way?  Do our governments at all level owe us duty of protection of life and properties as well as maximization of our welfare?  Do we own ourselves duty of life protection and maximization of our welfare?  Have we failed in our duties in this regards in Nigeria?  Do you agree that actual and potential cyber threats world over and Nigeria is high and increasing?  Do you believe PCI DSS and Cyberspace security implementation is the way to go? If yes, seminar continues but if no, we can as well conclude the seminar now ladies and gentlemen. 7

8  PCI DSS- stands for Payment Card Industry Data Security Standard. The standard is an initiative of Payment Card Industry Security Standard Council. The Council was formed by major global payment card scheme brand operators such as VISA Card, MasterCard, American Express, Discover Financial Services, and JCB International and it became operation on 15 December, 2004. It is an industrial standard aimed at protecting sensitive personal data linked to payment card such as Personal Identification Number(PIN), Primary Account Number(PAN), Card Verification Value (CVV) etc with eyes on payment card related fraud reduction. The standard is aimed at industry players such as payment card acquirers, issuers, processors, switching companies, merchants, card scheme brand operators etc 8

9  Another Payment Card Industry Security Standard Council’s standard is PA-DSS,  The Council operates the following certifications for individuals/organizations that carry out annual revalidation of compliance with its standards.  Qualified Security Assessor(QSA)  Qualified Scanning Vendor (QSV)  Internal Security Assessor(ISA) for big payment card industry player/companies. 9

10  Cyberspace- global network of interdependent information technology infrastructures, telecommunication networks and computer processing systems.  Below is a pictorial illustration of cyberspace concept. 10

11 11 cyberspace Applicatio n Servers/o thers Telephon e NETWORK S/TELCOS IETF/ICA NN/RIR/I SP/PKI LANS/MANS/ WANS/Interne t/protocols

12 12 Information security management system (ISMS) PCI DSS Other Industrial Infosec. Stds.

13 13 PCI DSS: Firewall and server hardening Cardholder data protection and encryption Antivirus solution and secure system/application Restrict access to cardholder data logically & physically Monitor access to network resources/cardholder data & Maintain infosec policy Maintain policy ISMS Network security blueprint Information classification blueprint Virus management blueprint Identity and user management blueprint Physical security blueprint Security policies, standards, guidelines, and baseline.

14  Summarized in above slide is the PCI DSS summary requirements on the left hand side arrow and on the right hand side arrow is the broader corresponding ISMS frameworks/blueprints.  The above slides shows that PCI DSS and Information Security Management Systems are related and that PCI DSS is a subset of cyberspace/information security. 14

15  Zero or poor protection of government information and information assets.  Lack of enabling cybercrime law except some vertical enactments-courtesy of CBN.  Shortage of information security management specialities  Placement of square peg in a round hole in the deployment of available information security management experts.  Poor government appreciation of the next generation war front-cyberspace  Slow pace of PCI DSS implementation in Nigeria banking industry. E.g. of the 19 operational banks in Nigeria as at today only 2 i.e. Zenith Bank Plc and Access Bank Plc are PCI DSS compliant.  Lack of nationally co-ordinated cybercrime incident data collation and management. E.g. No known national/industrial CERT. 15

16  Massive public awareness on cyberspace security.  Enactment of cybercrime laws. E.g. Data protection law, passage of cybersecurity bill 2011 with amendment imposing duty of information security due care and diligence on major employers of ICT in Nigeria etc  Deliberate training of Nigerians on cybersecurity related programmes.  Efficient non-political deployment of available information security experts. 16

17  Public-Private-Partnership on information security as illustrated below. 17 National Cybersecurity/Infosec compliant Nigeria Infosec compliant Private concerns Infosec Compliant Citizens Infosec compliant MDAs

18 Thank you and have a successful seminar. 18

Download ppt "BY IKANI YUNUSA, ACA, CISA, ACTI, Associate of (ISC) 2 1."

Similar presentations

Ads by Google