Advertise Here!Call +234 (0) 8035007778
A Submission to the Public Hearing on the Bill to provide for the Establishment of the Cyber Security & Information Protection Agency at the National Assembly on Wednesday 8th July 2009 by African Information Security Association (AISA)
Nigeria's House of Representatives Committee on Drugs, Narcotics and Financial Crimes held a Public Hearing on the draft legislation for Cyber Security and Information Protection Agency on Wednesday, July 8, 2009.
Key issues and Recommendations of the African Information Security Association (AISA):
Has the draft bill been widely available to all stakeholders? Legislation that makes sense must be grounded in reality. People that are and will be affected should be involved. How inclusive was the development of the draft bill to its present state - was a truly multistakeholder approach adopted?
Is the draft bill one of detail and substance? Have all gaps been filled? How does it address critical issues in the area of cyber crime and information security? For example, are the provisions for privacy sufficient? What are the privacy implications for subscribers?
What are the specific linkages to Nigeria's ICT Policy? Nigeria's ICT policy is the roadmap Nigeria uses to deploy ICT for development. Is the draft bill consistent and in sync with strategies for Information security in Nigeria's ICT policy documents?
How reasonable are the proposed sanctions and measures? What's the focus of the sanctions? How do the measures cover deterrence, punishment and rehabilitation? Tough, realistic, or effective, what can be done better?
In developing laws of this nature have we considered the environment, most especially the causative factors? No size fits all. To truly fight crime you must address the causes of crime.
Does the bill adequately address the quality of leadership and management of the agency required to realize the national objectives of information security? For example, selective enforcement will kill the spirit of the bill. What are the accountability and transparency requirements of the agency? Capacity building for the agency is also important - terms of infrastructure as well as quality of human capital to bridge this critical information security gap.
Recommendations from the African
Information Security Association (AISA)
Having established the Bill has a critical role to play on the issues of computer security in the sustainable development of Africa;
Having further examined the need for a strategy to campaign against Cybercrime in Nigeria:
Makes the following recommendations:
- The Bill should make provisions for the development of a body of knowledge on Computer security in Nigeria by supporting research and development efforts in Nigerian Universities and Training Centres. To this end the Agency should be adequately funded to be able to meet this target.
- The Human Capital requirements to effectively monitor Nigeria's cyberspace is huge and the demands unlimited, as cybercrime is a daily challenge. We therefore urge the provision of relevant sections of the Bill to address human capital requirements. It is also important that there is standardization in Computer security and cyber-security education. A Standing Accreditation Body should therefore be endowed with the responsibility of accrediting Computer Security and Cyber-security educational institutions, to ensure that the knowledge base and resource pool are actually relevant to the needs of the country.
- Our National Cyberspace is a National Asset , it is therefore recommended that the Agency must be situated under the Presidency in the Office of the National Security Agency. However, adequate provisions such as a quarterly Consultative Forum with relevant stakeholders in the Private Sector, Educational Institutions, Civil Society Groups and Security Agencies.
- For Nigeria to be a key player in 2020 we must promote global competitiveness by addressing information security concerns. The Agency therefore must be proactive in the discharge of its duties.
- The Bill/Agency should encourage the development of local security software using open source alternatives for developing information security expertise and solutions in Nigeria;
- Promote Research and Development innovations in the area of information security;
- Facilitate information security solutions and expertise by law enforcement agencies and member of the judiciary; The Evidence law in Nigeria therefore needs to be revised to take into cognizance the developments in ICT and Computer law.
- Encourage the integration of security concepts and features in software development;
- The agency should especially focus on developing solutions that enable safe surfing of the internet by Nigerian Children.
- Provide information security training or career opportunities for the youth and women;
- Promote awareness, education and training in information security at all levels of education-primary, secondary and tertiary.
- Promote information security legislation and regulations to protect users;
- The Agency should provide an Annual Survey on Information Security with a view to developing strategies to counter information security threats; especially in view of the fact that cyber terrorism is now a possibility.
- Encourage the development of local Information security solutions and expertise;
- The Agency needs to leverage on global best practices in Information security protection. We therefore recommend that a collaborative arrangement with developed countries such as the FBI in the US is critical.
- The agency should also regulate the industry by ensuring that Law Enforcement, Intelligence agencies and Private sector operators especially Banks, Financial institutions and Service providers make adequate investments in information security including appointing competent personnel;
- The Agency should create a Special Funding vehicle to support the development of new information security technologies.
- The qualification of the Director-General (not Executive Chairman, its an agency of government - in good corporate governance you cannot have an Executive Chairman) should be extended to Computer Professionals who are experts in Cyber security and Systems audit. Such a person must also be a member of the regulatory body of ICT Professions in Nigeria, Computer Professionals Registration Council of Nigeria (CPN) and the Nigerian Computer Society (NCS) and must have demonstrated adequate leadership qualities in previous responsibility.
AISA Content is provided by Jidaw Systems on behalf of The African Information Security Association (AISA)
Jidaw Systems Limited (Jidaw) is an information technology solution provider that specializes in IT Consulting, e-business, Content provision, Web Publishing, Computer Networking and Training. Jidaw Systems Limited, developed and runs www.jidaw.com
Jidaw Systems Limited is the originator of the IT Entrepreneurship Guide series - Success in IT Business programs and a Foremost Authority on IT Career development. Jidaw Systems is a NASITEA partner.
IT Career Development.
A major focus of Jidaw (Mastercomputers) is the promotion of IT Career Development. Jidaw presents
FREE IT Career Seminars
The one and only Information Technology Entrepreneur Guide
Success in IT Business (SITB) training program is designed to help you start your New IT Business. Now You have an uncommon, hard-to-find opportunity to learn first hand from the real world ideas and experience of IT Entrepreneurs.
Prepare Yourself for the no-nonsense Information Technology Entrepreneurship Business program -Success in Information Technology Business (SITB) program. Discover the Reality and Principles required to create your own Profitable and Sustainable IT Business.
What Do you Have to Say? Post Your Comments about this Content Resource Here.
July 7, 2009
Adekoya, Adebayo Felix
July 6, 2009
Idris Sanni of Abuja, Nigeria says:
Thank you so much. I am a stakeholder. I will be there. But I must complain that there was very little publicity. Is this another attempt to turn national matters into a closed shop?
DISRUPT THE STATUS QUO!
Ideas are not enough. You must be action oriented to improve your future.
Don't just think but act. You get results not only from thinking but from acting.
You have ideas. You want to achieve. You want opportunity.
But what are you still doing in your comfort zone? The comfort zone is a dangerous place.
"I wanted to", "I was going to" cannot put on a light bulb, not to talk of moving you forward.
Aren't you tired of hoping and criticizing? Stop defending status quo that locks you down.
GO on the offensive now with IT Education and Empowerment.
What is the use of ideas without action?
Start becoming the achiever you deserve to be.
MAKE SURE THERE IS NO STANDING ROOM FOR EXCUSES.