“The Accreditation of Cybersecurity Professionals (CPs) will guide the further development of the cybersecurity profession in Ghana and will create the necessary incentives to develop the profession”, Director General of the Cyber Security Authority (CSA), Dr. Albert Antwi-Boasiako said this while delivering the keynote address at the 2023 CISO Summit in Accra on March 22, 2023.
According to Dr. Antwi-Boasiako, the Cyber Security Authority will establish an accredited CP Registry and this database will be publicly accessible through the CSA website as part of the accreditation process.
This, he said, would give the accredited CPs immediate visibility and credibility.
He pointed out that accredited CPs can also be selected by the Authority as Independent Assessors to be part of the CSA team to conduct regulatory assessments and audits.
“Hopefully, with accreditation, we can provide regulatory guidance on costs and expenses by CP, similar to what the Bar Association does to guide costs by lawyers. CP accreditation will also contribute to the establishment and operation of the Industrial Forum that will be established under Section 81 Law 1038. Accredited CP”he added.
Dr. Antwi-Boasiako applauded industry bodies like ISACA and (ISC)² and urged them to continue to play an important role in promoting the development of cybersecurity skills and standardization.
But he said the cybersecurity industry, like any serious profession, needs to be regulated.
“There is a need at the national level, to regulate individuals, regardless of the existing industry body, they ask everyone, including the Chief Information Security Officer (CISO) here to go through the accreditation process.”
Licensing of Cyber Security Service Providers (CSPs) and accreditation of the Cyber Security Agency and Cyber Security Professionals are other regulatory focuses of the CSA.
The need to develop the industry, the requirement to implement best practices and standards and national security considerations, drive these regulatory activities.
It is the expectation of the Authority that only people and institutions that can be proven and are in good standing will perform critical services.
Beyond technical and professional competence, fit-for-purpose tests in cybersecurity also include professional integrity and positive background information.
The authority thus activates the process of licensing and accreditation of these entities and personnel and the starting date is March 1, 2023 and will be carried out until September 30 for existing institutions and professionals.
After September 30, it will be illegal to offer cybersecurity services in Ghana without a license, according to section 49 (1).
Unfortunately, once the accreditation period has expired and without accreditation by the Authority, cybersecurity professionals will no longer be able to provide services – services for reward or payment as the law says – to Owners of Critical Information Infrastructure (CII) and designated public sector institutions. .
This is consistent with best practice around the world.
The CSA currently implements several regulatory activities including Critical Information Infrastructure Protection, Sectoral CERTS Accreditation, Cyber Security Service Provider Licensing, Cyber Security Agency Accreditation, and Cyber Security Professional Accreditation.
The Cyber/Cyber Crime Incident Reporting Point of Contact (PoC) launched in October 2019 by the Authority to provide the public with various methods and channels to report cyber-related incidents, has so far received 37,468 contacts since October 2020 to date, with about 33,841. contact which Direct Advisories, given to the public.
In accordance with Section 44 of the Cyber Security Act 2020 (Act 1038), Sectoral Computer Emergency Response Teams (CERTs) were established to facilitate the coordination and effective response of cybersecurity incidents in all critical sectors of the Ghanaian economy.
Currently, most companies do not report these incidents. As a result, it is almost impossible to know how many cyberattacks there are, and what form they take.
It is unacceptable for a country like Ghana to allow such practices to continue.
According to the Director General of CSA, “If we can’t detect and measure what we’re facing every day, we can’t manage it. That authority, as part of the mandate to implement section 47 of Act 1038 as part of our CERT regulations.
The CISO Summit is a platform for mutually beneficial conversations to make tangible contributions to the advancement of cybersecurity development in Ghana.
It brings together Senior Managers, IT experts, and Information Security Officers assembled to discuss current industry developments and how they impact the profession.
Source: Peacefmonline.com/Ghana
| Disclaimer: The opinions expressed here are those of the authors and do not reflect Peacefmonline.com. Peacefmonline.com accepts no legal or other responsibility for the accuracy of the content. Please report inappropriate content to us, and we will evaluate it as a priority. |
Featured Videos