adminRutsito (TR) caught up with the executive director and information security expert on IT Governance and cyber security with the IT Governance and Cyber Security Institute of sub-Saharan Africa, Dr Richard Gwashy Young (RY) to discuss the latest developments on their initiative relating to this issue.
TR: In brief what is the IT Governance & Cyber Security Institute of sub-Saharan Africa
RY: The IT Governance & Cyber Security Institute of sub-Saharan Africa is an independent and non-profit registered “Trust” which seeks to influence legislative policy on ICT Governance, Cyber and Information Security, and Digital Forensic.
TR: Who is behind this Institute?
RY: The institute is managed by a board of Trustees, which is headed by Professor Gabriel Kabanda, Dr Gilford Hapanyengwi (vice), Dr Richard G. Young (managing), Memory Ndoro-Mandiya (corporate affairs) and Nellie Tiyago-Jinjika (general counsel).
Additionally, there is also a 15-member advisory board, which consists of international renowned practising practitioners within ICT Governance, Cyber and Information Security, Digital Forensic domains. The concept of an impartial, objective group separate from management and project sponsors giving input to the operation of the Institute’s initiatives is paramount.
TR: What is the purpose of having such an Institute?
RY: The current gap in the market has necessitated the formation of the Institute, among its objectives is to supply authoritative opinion and guidance on all aspects of ICT Governance, digital forensic, information and cyber security.
TR: When was the Institute formed? Also you mentioned influencing legislative policy, how do you seek to achieve such purpose?
RY: The institute was only formed 10 months ago — we are certainly excited by the progress that we have achieved in a very short space of time. We have been embraced by the industry including the Government — and at this juncture we are working with various regulatory bodies to assist in the formulation and adoption of ICT governance frameworks (i.e. KING III, Control Objectives for Information and Related Technology, Information Technology Infrastructure Library.
TR: How are organisations looking at the initiative especially in Zimbabwe?
RY: The industry (public and private sector) has certainly welcomed the formation of the institute
TR: So what are your main objectives?
RY: We offer professional development training — in collaboration with ITGCSI’s partners, i.e. Zimbabwe Institute Management and many more. Training is one of the most difficult tasks to implement in any organisation, yet is also one of the most valuable assets to share with employees when given in the right manner.
In any kind of business, human resources are the most powerful sources. How to attract outstanding personnel, how to make full use of employees and abilities and potentials in order to help achieve the organisational objectives are the questions that every leader should take into consideration.
TR: How are you going to implement this training?
RY: At the moment we are working with relevant Government authorities regarding obtaining registration paperwork in order to get ITGCSI licensed as a legal training institute. We are, however, looking at starting with short term and long term training.
TR: Is this part time or full time?
RY: It is both short and long term. In the short term, this will be offered to school leavers with at least two A-Levels passes including sciences at O-Level (Maths and English). The second tier specialises on training “Boot Camps”. These are short-term training courses in preparation for certification exams — e.g. Certified Information Systems Auditor (CISA). In the long term we will be offering an executive diploma geared towards practicing practitioners (with extensive experience in ICT’s).
TR: What kind of qualification will one attain by studying through the Institute and which organisations are you affiliated with?
RY: Our partners and affiliates include Information Systems Audit and Control Association, responsible for audit certifications (e.g. CISA), International Information Systems Security Certification Consortium Inc 2, responsible for the global Information Security certifications (e.g. CISSP). The International Council of Electronic Commerce Consultants, responsible for the global Ethical Hacking and Forensic certifications, will be offering long and short term courses, executive diplomas for working practitioners and certification for school leavers.
Our objective is to improve the competence and skills within these domains. Like our global partners who are leaders in educating and certifying working professionals throughout their careers, certification by a respected accreditation organisation is becoming indispensable to the professional working in these domains. Positions in many large corporations and governmental agencies worldwide now require certification, and practitioners with credentials have higher earning potential, as well as greatly expanded career opportunities.
TR: I personally believe that the new ICT policy should cover this. In your opinion how relevant is this?
RY: IT governance, security is an issue that defines the age in which we live. Cyber incursions create a significant threat to commerce and can also disrupt the Internet, which is one of the primary means for communication.
The Institute provides companies and its partners with a strategic view into the constantly morphing aspects of IT governance, cyber security and its impact across all aspects of business. The growing use of information and communication technology applications, popularity of social networks, and useful services on the Internet have also created the challenge to build trust, confidence in the security, reliability, and privacy of these technologies.
TR: I totally agree with you especially in this age where social networks growth is tremendous. Considering the impact they have do you really think companies should start teaching proper social network management to employees or rather just block it at work?
RY: Unless their systems and proper procedures are in place its wiser to block them, remember in Zimbabwe security is regarded as an expense not an investment.
TR: So how are your standards of assessment?
RY: Our quality initiatives are based on international industry best practices, customer feedback, independent review, and our corporate commitment to delivering the best possible products and services to our customers.
TR: Are you approved by any global standards firm?
RY: Not yet. Our mission was to lay the foundation first, have all programmes in place then call upon the international standardisation process to come in and measure our model and hopefully get an ISO certification — this is key on our 2013 agenda.
TR: Why should an organisation consider hiring you?
RY: The institute’s major advantage in competing with in-house security assessment teams is our independence.
This means that we can give an unbiased independent assessment on all of their security issues. This will be very helpful to managers when they have to make tough political decisions or need to hear it from an outside source.
Our risk management experts understand effectiveness of current security control implemented, as well as how to improve them.
TR: ICTs are very dynamic, what advice would you give to practitioners?
RY: These domains are ever evolving — that is one big reason why it is interesting to be part of information or systems security. Technology is always developing and we are always on the look out for the next big thing.
You can’t afford to tell yourself that you know everything or that you will have a job for life. Whether you are a freelancer or an employee, continuing professional development should be a big part of your life.
The people who do best — and stay in regular employment – are usually those who embrace change and further their skills. The way to do this is not only through training, but also by reading the trade press and networking effectively. The more people you meet, the more you will pick up on how your industry and job role may be changing.
TR: What have you been doing so far in the market?
RY: We have initiated information exchange — knowledge and information exchange between peers where they share best-practices and experiences through our innovative and cutting edge magazine — ICT Security FOCUS, a bi-monthly cyber, information security, risk management, and fraud magazine, and other 21st century related mediums.
In research and reporting we have peer review of new IT governance, digital forensic, information, and cyber security trends, new material, incorporating an unmatched degree of thought leadership in IT governance, cyber and information security, information risk management and related topic through the ICT Security FOCUS magazine.
TR: How are you reaching out to the market and have you held any seminars or conferences before?
RY: Yes, we have hosted the ICT Governance & Cyber Security conference, held here in Harare in May. In addition we host several symposiums, workshops, and public lectures across the country and in the region annually which offers attendees an opportunity to discuss key security challenges and gain practical advice from peers and leading global industry experts.
TR: Thanking you so much for your time.
RY: My pleasure
The writer is a computing specialist with TechnoMag. More on Facebook page http://facebook.com/technomagzw. Like our page for free airtime giveaways. Website http://tech.co.zw Twitter @technomagzw. Email: [email protected]/ [email protected]
Online Reporter