Becoming a CISO: The role of Certified Information Security Management (CISM) in meeting Central Bank of Nigeria (CBN) New Risk-Based Cybersecurity Framework for Banks and Payment Service Banks.

  • Home
  • Resources
  • Blog
  • Becoming a CISO: The role of Certified Information Security Management (CISM) in meeting Central Bank of Nigeria (CBN) New Risk-Based Cybersecurity Framework for Banks and Payment Service Banks.

Becoming a CISO: The Role of Certified Information Security Management (CISM) in meeting Central Bank of Nigeria (CBN) New Risk-Based Cybersecurity Framework for Banks and Payment Service Banks.

The CBN has introduced a pivotal change by releasing a new Risk-Based Cybersecurity Framework and Guidelines for Deposit Money Banks (DMBs) and PSBs.

Effective July 1, 2024, this comprehensive framework provides a risk-based approach to managing cybersecurity risk. It comprises seven parts, each meticulously designed to ensure thorough coverage: Cybersecurity Governance and Oversight; Cybersecurity Risk Management System; Enhancing Cybersecurity Resilience; Emerging Technologies; Metrics, Monitoring and Reporting; Compliance with Statutory and Regulatory Requirements; and Enforcement.

Key Highlights of the Framework
Cybersecurity Governance and Oversight: The Board of Directors, Senior Management, and Chief Information Security Officers (CISOs) have clear responsibilities to ensure robust cybersecurity practices. The framework specifies stringent requirements for appointing Chief Information Security Officers (CISOs), highlighting the importance of relevant certifications and experience. Notably, CISOs must possess industry-recognized certifications, such as Certified Information Security Manager (CISM, an ISACA certification). These credentials ensure that CISOs have the expertise to oversee and implement robust cybersecurity programs effectively.

Why CISM Certification is Essential for CISOs
The CBN framework underscores the importance of having qualified and certified professionals in Key cybersecurity roles. Specifically, it highlights the need for CISOs to possess industry-recognized certifications like the Certified Information Security Manager (CISM).

Here is why CISM is crucial.
1. Comprehensive Knowledge: CISM certification equips professionals with in-depth knowledge of information security governance, risk management, program development, and incident management. These areas are vital for meeting the CBN Cybersecurity requirements.
2. Risk Management Expertise: The framework emphasizes a proactive approach to identifying, assessing, and mitigating risk. CISM-trained professionals are adept at implementing robust risk management systems and ensuring compliance with the guidelines.
3. CISM Certification ensures that CISOs can align cybersecurity strategies with business objectives, an essential requirement in the framework. This alignment is not just a requirement but a strategic move that is critical for integrating cybersecurity with business functions and achieving organizational goals.
4. Incident Response: CISM professionals are trained to develop and manage effective incident response plans. This capability is essential for the resilience measures mandated by the CBN, ensuring that institutions can swiftly recover from cyber incidents.

Becoming a CISO in Compliance with CBN Guidelines
To comply with the CBN’s new framework, aspiring CISOs must meet several requirements, including:
Relevant Experience: At least ten years of in-depth experience in cybersecurity, IT, IT risk management, or IT Audit.

Professional Independence: The CISO must report directly to the Managing Director/CEO, not the Head of IT Operations or Chief Risk Officer, ensuring unbiased cybersecurity oversight.

Advanced Certifications: Possessing certifications like Certified Information System Management (CISM) or other relevant qualifications is mandatory.

Cybersecurity Risk Management System: This system is designed to proactively identify, assess, measure, mitigate, and monitor cybersecurity risks, giving you a sense of control and preparedness in the face of potential threats.

Enhancing Cybersecurity Resilience: Measures to strengthen the ability to prevent, withstand, and recover from cyber incidents.

Emerging Technologies: This section of the framework provides detailed guidelines for adopting and managing risks associated with emerging technologies such as Artificial Intelligence (AI), Machine Learning (ML), Internet of Things (IoT), and Cloud Computing. By following these guidelines, you can ensure that your institution is prepared to handle the unique cybersecurity challenges posed by these technologies.

Metrics, Monitoring, and Reporting: This framework section outlines the performance metrics that institutions must use to assess the effectiveness of their cybersecurity programs. It also mandates reporting all cyber incidents, ensuring transparency and accountability in cybersecurity management.

Implications for Financial Institutions Compliance: Institutions must comply with the framework to avoid penalties and protect their information assets.

Enhanced Security Posture: Adopting these guidelines will significantly improve the security posture of banks and PSBs.

Increased Trust: By adhering to these standards, institutions can enhance public trust and confidence in their operations.

Call to Action for DMBs and PSBs.
Implement Required Controls: Ensure all cybersecurity measures outlined in the framework are in place by the effective date.

Engage in Continuous Improvement: Regularly review and update cybersecurity practices to address new and emerging threats.
Collaborate and Share Information: Participate in industry-wide cybersecurity initiatives and share threat intelligence to strengthen collective defences.

The CBN’s proactive approach in issuing this framework underscores the critical importance of cybersecurity in safeguarding Nigeria’s financial system. Financial institutions are encouraged to prioritize these guidelines to mitigate risks and secure their operations in the digital age.

The ISACA Abuja chapter will present a workshop on a risk-based cybersecurity framework for banks and payment service banks (PSBs) at the forthcoming 16th Annual Conference. This workshop is a unique opportunity to understand the CBN’s new framework comprehensively and learn how to implement it effectively in your institution.

Theme: Harnessing Digital Trust for Financial and Technology Access
Date: August 27-29, 2024
Location: CBN International Training Institute. 2, LaSalle Street, Off Shehu Shagari Way, Amac, Maitama Abuja

This workshop will delve into the CBN’s newly issued Risk-Based Cybersecurity Framework, which sets out the minimum cybersecurity requirements for Deposit Money Banks and Payment Service Banks. Learn how to implement these guidelines to enhance your institution’s resilience against evolving cyber threats.

Click below to take advantage of the Early Bird registration!

Leave A Comment