Minister of Information, Mr Labaran Maku
Digital Jewels, an Information Value Chain Consulting Firm, is passionate about organisations attaining international certification in information systems security. The firm recently secured the Information Security Management System Certification (ISO/IEC 27001:2005) for Galaxy Backbone and Fidelity Bank, which were awarded by the British Standard Institute (BSI), the accredited certification agency from the United Kingdom. Emma Okonji looks at the benefits of ISO certifications in building a technology savvy nation. Excerpts
Passion for Information Security Standards
Digital Jewels has been championing the course of International Standards Organisation (ISO) certifications on information security management for organisations in Nigeria, the recent, being the award of the Information Security Management System Certification (ISO/IEC 27001:2005) for Galaxy Backbone, presented to the Minister of Communications Technology, Mrs. Omobola Johnson in Abuja, on behalf of Galaxy Backbone. The certificate was presented by the British Standard Institute (BSI), the accredited certification agency from the United Kingdom.
The ISO/IEC 27001certification is the world’s highest accreditation for information system security given by the International Standards Organisation (ISO).
Delivering a paper at the certificate presentation in Abuja recently, Chief Executive Officer of Digital Jewels, Mrs. Adedoyin Odunfa thanked God for the landmark achievement by Galaxy Backbone being the very first public sector organisation in Nigeria, and the very first Information and Communications Technology (ICT) company in the entire West African region to have attained accreditation to the globally reputed ISO standard for Information Security.
“I salute the Managing Director of Galaxy Backbone Plc, Mr. Gerald Ilukwe, a purpose driven professional, for taking the path that is less travelled and staying the course. I salute management and members of the entire teams of Galaxy Backbone and Digital Jewels, led by the respective dynamic and focused Project Managers, I salute you, for your hard work, doggedness, focus and staying power.
“I consider it a special privilege for Digital Jewels to have been selected amidst stiff competition to provide consulting support and subject-matter expertise for the end-to-end process to accredit Galaxy Backbone to international standard. Over a 2-year process, commencing with the conduct of the gap analysis and risk assessment, we progressed to devise an actionable roadmap and blue print to close identified gaps and attain compliance with the standard, provide project assurance and management of the remediation process, conduct a detailed mock audit and finally facilitate and shadow the final audit,” Odunfa said in her speech.
According to her, the end result was a successful audit. “At the time we at Digital Jewels started the project, Galaxy Backbone had a fresh mandate and needed to earn its credibility with its stakeholders: it needed to shake off the unfortunate toga of “inefficiency” often associated with public sector organisations. It needed to demonstrate its seriousness and ability to be trusted to provide a high speed secure communications platform to transmit sensitive and highly confidential data and information of the Federal Government of Nigeria and her Ministries, Departments and Agencies (MDA’s). This was no mean fit: a formidable challenge indeed.
“We understood the challenging dilemma and proposed an equally challenging solution. At that time, Galaxy Backbone was our first International Security Management Systems (ISMS) certification client. Today, we have two certified clients and others in the process of certification, emerging as the leading player in the implementation of global best practice standards in Nigeria and beyond,” she said.
Benefits of ISO Certification
Giving reasons for the benefits of ISO certifications, Odunfa tried asking questions like-Why would a public sector organisation choose to subject itself to the rigor of attaining an International standard especially when it is not a regulatory requirement?
Why would an organisation choose to go through the painstaking process of conforming with a standard that is no respecter of the 'Nigerian Factor', spend months reviewing, strengthening and documenting processes, enhancing capacity and capability, raising the stakes on the application of technology whilst continuously evaluating its risk profile? Why would an organisation willingly subject itself to the scrutiny of an international certification authority? Why would Galaxy Backbone choose to take the road less travelled?
Providing answers to the questions, Odunfa said the reasons would have to be because of an uncommon awareness of its operating environment: an understanding of the rising threat profile and the proliferation of vulnerabilities be they technical, operational or managerial. According to her, already 2011 is being heralded as the worst year yet for security breaches by leading Information Security experts worldwide.
ISO Certification and Cyber Attacks
According to Odunfa, cyberspace attacks by hackers are on the increase globally, a reason why organisations must raise their standards on information security management by getting the ISO certification. In 2011, the world witnessed the highest rate of cyber attacks on global corporations of which government institutions seem to be a prized target, Odunfa said.
This year alone, the European Space Agency, the FBI, the British and French treasuries amongst others have suffered large scale, high exposure attacks.
Closer to home, we have the notorious Niger Cyber Hactivist group who have successfully hacked and defaced the websites of public and private organisations in Nigeria, he added.
Giving reasons for several attacks, Odunfa said it would have to be because of exceptional far-sightedness and inherent pro-active nature enabling companies to boldly break ranks. It would have to be because of an unusual sense of responsibility to its mandate and its customers to exercise due care in the handling of information assets, given a deep understanding of the sensitive nature. It would have to be because of a rare commitment to realising a new Nigeria in which public enterprises are willing to compete openly, fairly and on a level playing field. She commended Galaxy Backbone for taking the initiative on ISO certification on information security management.
Strengthening Information Security Systems
The stakeholders’ forum on Information Security Management System (ISMS), where Galaxy was awarded ISO certification on information security management in Nigeria, maintained that hackers successfully hacked and defaced websites of government agencies this year, and called on government to strengthen Information Security Systems in the country.
Addressing a breakout technical session at the forum, which comprised of selected panelists with background in Information Technology, Odunfa, attributed the rise in cybercrime to the sudden increase among internet users in the country.
According to her, in March 2011, Nigeria surpassed other African nations in the growth of internet usage, thus hitting 44 million users.
The increase in the number of internet users also increased cybercrime rate in the country, and Nigeria must rise up to the challenge, if the country must attain vision 20:2020.
She listed some factors giving rise to cybercrime to include religious fundamentals, flood, malware, culture, fraud, weak infrastructure, but insisted that government and Nigerians must collectively build a culture of security among its citizenry.
She decried a situation where people handle vital information with laxity because Nigeria has no cybercrime law and there are no information policies to guide people on the proper handling of sensitive information.
To build a real culture of security among Nigerians, Odunfa suggested that government must develop its technology, processes and people. The three factors are crucial strategies to address information security issues in the country, she said.
Odunfa also called for increased training of people on information security, expansion of educational contents, increased awareness and the adoption of best practice standards in improving information security in the country.
Also speaking at the technical session, Managing Director of Internet Xchange Point of Nigeria (IXPN), Mr. Mohammed Rudman called on Nigerians and government agencies to keep online information confidential and of high secret by registering their domain name with local webmasters, through Galaxy Backbone that is accredited registrar of dot ng dot org domain name registration. He commended Galaxy Backbone for attaining the ISO/IEC 27001: 2005 certification, which he said, would further strengthen its provision of internet services and connectivity to all government agencies and ministries.
Special Assistant to the Oyo State Government on ICT, Mr. Tayo Colesho who was part of the panel, said the level of cyber attacks have shifted to the public sector, and called on government to come up with practicable strategies that would address the new trend.
ISO/IEC 27001Certification
The ISO/IEC 27001Certification is the world’s highest accreditation for information system security given by the International Standards Organisation (ISO).
Galaxy Backbone, the government agency responsible for Information Technology (IT) services connectivity in Ministries, Departments and Agencies (MDAs) was awarded the ISO/IEC 27001:2005 certification on Information Security Management Systems (ISMS) recently.
Popularly known as International Standards Organisation and the International Electrotechnical Commission (ISO/IEC), the body is family of standards, responsible for the award of international standards governing information management systems globally.
The award, which was presented in Abuja by the British Standards Institute (BSI), the accredited certification agency from the United Kingdom, at the 5th Public Sector ICT Infrastructure Forum in Abuja, was received by the Minister of Communications Technology, Mrs. Omobola Johnson and the Managing Director of Galaxy Backbone, Mr. Gerald Ilukwe.
Before any organisation is certified with ISO/IEC, such organisation will first be subjected to rigorous testing and verification exercises on standards in information security management.
Galaxy Backbone, which commenced the test and verification exercise in 2009, focused on the key objective of putting in place a globally accepted standard of information security management process that would guarantee the trustworthiness of its data centre services and network operation centre.
Commending Galaxy Backbone for coming out successful in the exercise and for attaining global best practices in information technology, the Minister of Communications, Mrs Omobola Johnson said it would give Galaxy Backbone further opportunity to secure and connect government networks.
Minister’s View on ISO Certification
Minister of Communications Technology, Mrs. Omobola Johnson who received the certification presented by the Managing Director, British Standards institute, BSI Europe, Middle East & Africa, Mr, Theuns Kotze on behalf of Galaxy Backbone noted that the achievement represents a significant milestone in the journey to attain global best practices in Information Technology by the Federal Government.
Galaxy Backbone’s Commitment
Galaxy Backbone Managing Director, Mr. Gerald Ilukwe said it embarked on the journey to ISO 27001:2005 Certification as part of an overarching imperative of implementing processes that will guide the company’s service provision. According to him, “the ISO/IEC 20071 certification specifies requirements for Information Security Management Systems (ISMS). And certification is a recognition of compliance with the stringent requirement of the ISMS standards and regulations for handling all organisational information, be it for the organisation or for its clients, in such a manner as to ensure that it is secure, available when needed and reliable.”
Other ISO Certification
At a similar presentation for certification to Fidelity Bank Plc recently in Lagos, the Bank’s Managing Director/CEO, Mr. Reginald Ihejiahi, (OFR), stressed the importance of the certification to the Bank’s business. The bank’s Executive Director(Shared Services)Mr. IK Mbagwu explained that the bank was able to attain its certification because it had invested extensively on the training of its workforce, improved on its processes and enjoyed management commitment. He commended the efforts of Digital Jewels in ensuring that it attained the feat despite all odds. “When you choose a partner for this kind of project, you will pray and hope that they are everything you expected them to be. You expect them to be committed, knowledgeable, and to have integrity; to stay the pace and to stay the distance. And I must say that Digital Jewels did meet all our expectations. Truly speaking they are a wonderful partner,” he said.