Technology

November 9, 2010

Cybercrime:‘Govt must invest in Information Security’

By Prince Osuagwu
As the issue of cyber crime takes centre stage in every ICT discourse,  Managing Consultant of EDP Audit and Security Associates, Mr. Christian Ekigwe has prescribed a panacea.

For him, there is no alternative to heavy investment in information Security by the government, if it wants the cybercrime embarrassment nipped in the bud.

Ekigwe made the assertion last week, at a monthly forum of the Information Security Society of Africa, ISS, Nigeria Chapter at the Access Bank Head office, Victoria Island .

In his lecture, Mr. Ekeigwe described information security as a critical resource in every enterprise. According to him, information runs through everything in business and must therefore be well secured to ensure its efficient and healthy performance.

According to him, “Information and IT are the least understood of the key assets in the enterprise and that incapacitation or destruction of information and IT could have a debilitating impact on operational stability of general economic security of an organization”.

He also, warned on conditions that could allow breakdown of information security. Saying it could adversely affect customer loyalty, employees’ morale, vendor’s confidence and regulatory response.

He urged the government and corporate bodies to invest in information security in the company saying this would ensure business success, increase public confidence and trust while also improving performance and effective financial management.

“Business goals and objectives can be realized, leading to an improved ability to deliver products and services electronically. Also, security is integrated within your business processes to protect your information and the assets that support your business,” He added.
According to him, investment in information security would decrease risk to operation and business while risk management practices would mature thus becoming an integral part of doing business in the country.

For an establishment to achieve information security, Mr, Ekeigwe further told the participants, such establishment would have to invest in access control technologies which help protect sensitive data and systems. This, he said, is necessary to restrict the ability of unknown or unauthorized users to view or use information, hosts, or networks.

Other Control functionalities that must be invested in, according to Mr. Ekeigwe would  include: System integrity controls, to ensure that a system and its data are not illicitly modified or corrupted by malicious code, Cryptography controls _ the process of transforming ordinary data into code form so that the information is accessible only to those who are authorized to have access and Audit and monitoring controls which help administrators to perform investigations during and after an attack.

In his own address by the Group Managing Director, Access Bank PLC, Mr. Aigboje Aig_Imoukhuede called for the enactment of a legislation on cybercrime in Nigeria to tackle the menace of online and ATM fraud  in the country.

According to him, while bank customers now utilise the proliferation of information technology to advance their business endeavours  and are now able to carry out their business transactions everywhere with great ease, fraudsters have also seen this as a lucrative haven to carry out their clandestine activities.He suggested the adoption of a robust information security governance to tackle the problem posed by the fraudsters.