Zimbabwe officials mull over data rollover as costs rise

Data rollover
in Zim?
  
Consumers bear brunt
of economic hardship.

Tuesday, Jun 18th

NIST framework adds to Africa's cyber security armour

NIST framework adds to Africa's cyber security armour

Organisations looking to bolster their cybersecurity posture and better protect an organisation's critical infrastructure have another weapon to add to their arsenal – the NIST Cybersecurity Framework, developed by the National Institute of Standards and Technology.

The Framework is based on existing standards, guidelines, practices and includes references to ISO 2700x, CobIT and other standards. It consists of three main components – Framework Core, Implementation Tiers and Profiles.

While it is used by most organisations to identify, protect, detect, respond and recover from cyber related threats and incidents, more widespread adoption is being hampered by the significant investment required in terms of resources to improve cybersecurity capabilities, according to Raymond du Plessis, senior managing consultant, Mobius Consulting.

Speaking at the ITWeb Security Summit 2019, hosted in Sandton Johannesburg this week, Du Plessis outlined the five core functions covered by the framework including: to identify, protect, detect, respond and recover.

"It is being used by more and more organisations, not only in the US, but in South Africa and round the world. One of the cool things is that it is completely free ... there are 287 controls split into five core functions and that's the trick. They've taken the controls we're all used to and rearranged them into these pillars. You can think of them as functions to reinforce security," said du Plessis.

Organisations have to follow several steps to benefit from the framework. These steps include conducting an assessment against the framework to identify gaps, develop a roadmap and prioritise plans.

"Step four is incident response. This is a critical component of cyber security and especially this cyber security framework. You have to spend a lot of time and effort in getting this right," said du Plessis.

Incident response is based on key sub-steps including detection, response and recovery.

Du Plessis emphasised that to leverage the framework, businesses must begin by achieving a common understanding of critical assets and cyber-related threats.

"It is important to identify critical assets and think about cyber threats and threat actors," he said.

These potential threats were listed as cybercriminals, social hackers, competitors, activists/ hacktivists, cyber terrorists and nation states.

ALSO ON ITWEB AFRICA

Vodcom Lesotho confirms M-Pesa banking deal Published on 20 May 2019

Operator partners with Standard Lesotho Bank to enable real-time transfer of funds.

STC offers IPv6 to its client infrastructure and cloud services Published on 17 June 2019

Smart Technology Centre (STC) is one of the first Internet Service Providers (ISPs) in South Africa to roll out a full production Internet Protocol version 6 (IPv6) connectivity to its client infrastructure and cloud services platform.

Kenyan consortium launches mobile banking app Published on 22 May 2019

Mobile loan product Stawi introduced, backed by Central Bank of Kenya.