IGF 2020 WS #42 Secured Organization

    Subtheme

    Organizer 1: Timothy Asiedu, TIM Technology Services Ltd.
    Organizer 2: Esther Asiedu, TIM Technology Services Ltd.
    Organizer 3: Emmanuel Kumah, TIM Technology Services Ltd.
    Organizer 4: Anita Korankye, TIM Technology Services Ltd.
    Organizer 5: Mercy Amoah, TIM Technology Services Ltd.

    Speaker 1: Timothy Asiedu, Technical Community, African Group
    Speaker 2: Esther Asiedu, Technical Community, African Group
    Speaker 3: Emmanuel Kumah, Technical Community, African Group

    Moderator

    Esther Asiedu, Technical Community, African Group

    Online Moderator

    Esther Asiedu, Technical Community, African Group

    Rapporteur

    Timothy Asiedu, Technical Community, African Group

    Format

    Other - 60 Min
    Format description: Please this should be tutorial / presentation for the period.

    Policy Question(s)

    What is the role of cybersecurity audit in our digital environment, how do we ensure it is well implemented?

    Well our focus is going to be on Security of the Organization. Our digital environment is key for the growth of the organization and it is important that it is secured properly.

    SDGs

    GOAL 3: Good Health and Well-Being
    GOAL 4: Quality Education
    GOAL 5: Gender Equality
    GOAL 8: Decent Work and Economic Growth
    GOAL 9: Industry, Innovation and Infrastructure
    GOAL 11: Sustainable Cities and Communities
    GOAL 17: Partnerships for the Goals

    Description:

    The outline of the session is as follows: 1. Role of Information / Cyber Security Manager. 2. Information / Cyber Security Policy. 3. Awareness Creation / Education in Information Security. 4. Information Security Audit. 1) In today’s world of abundance of information, it is always appropriate to appoint a suitable Manager to look after the function of Information / Cyber Security in the organization. That manager should have received the appropriate education / training in Information Security and possibly be a member of the relevant professional association (e.g. CISSP, CISA, CISM,…). Such a manager should receive full support from the management of the organization and on a continuous basis, say weekly submit security report to the CEO of the organization. Some of the functions of the Information / Cyber Security Manager are as follows: i.The primary responsibility of the manager should be the implementation of an adequate level of security and compliance of the organization’s standards. ii.Some specifics will be implementing the Information Security Policy, Virus Controls, Data Protection / Audit, Business Continuity Planning process, Reporting of Security incidents, IT Contingency Planning, Security education and training. iii.Promotion of the general awareness of Information Security within the organization will be encouraged. 2) Information / Cyber Security Policy manual consisting of the function of Information Security and appropriate standards will have to be developed for each member of the organization. Such a handy manual with a photograph of the CEO at the beginning of the manual and also containing responsibilities of each member of the organization will have to be developed for all staff. 3) Awareness Creation / Education in Information Security: Relevant training / education should be organized by the manager for all staff of the organization. Since Personal Computers (i.e. PCs) and other Information Technology Equipment are used in the various organizations, it will be appropriate that general awareness / education of Information Security is promoted in the organization. 4) Information Security Audit: Since the level of performance of Information / Cyber Security will have to be improved upon, it will be appropriate that on a continuous basis say quarterly, an information security audit will have to be carried out. Normal departmental audit by Internal Audit Unit or Self-Assessment audit questionnaire can be developed for the audit of the organizational controlled environment. The following are the areas where the Audit will be focused on: i. Security Policy ii. Security Organization iii. Asset Classification and Control iv. Personnel Security v. Physical and Environmental Security vi. Computer and Network Management vii. System Access Control viii. System Development & Maintenance ix. Business Continuity Planning x. Compliance Methodology: Created slides of our proposal will be delivered to our audience through using LCD Projector.

    Expected Outcomes

    Our presentation will go a long way to improve upon the education / training of our audiences on Information / Cyber Security.

    I intend to use some of the available online tools to facilitate and encourage interaction and participation during the session.

    Relevance to Internet Governance: Yes our program on Information / Cyber Security is relevant to Internet Government. It is our fervent hope that by the close of the program, it will help shape the evolution and use of the Internet.

    Relevance to Theme: Yes, our proposed session is relevant to the Thematic Track – Trust.

    Online Participation

     

    Usage of IGF Official Tool. Additional Tools proposed: Suitable Online will be used to increase participation and interaction during the session.