CSA’s Licensing, Accreditation Rejected by Cybersecurity Professionals in Ghana

The Cyber Security Authority’s “ protrusive ” conditions for securing licence and delegation could lead to the incipient assiduity’s death in the country, some displeased cybersecurity professionals have advised.

According to them, the long list of conditions to be met – including a background check and three recommendation letters before one can secure a licence and delegation – could stifle the assiduity’s growth and expose the country tocyber-attacks.

“ It should n’t always be about profit mobilisation, licencing and all that. It should be about how to increase the cybersecurity knowledge then. A lot of us belong to ISACA and other organisations, and the volume of knowledge that we get from our original chapter and transnational mama organisations is what we’re using to cover our cyberspace, ” said Bambakia Christian, who’s a elderly Information Technology| Information Services Auditor at the Ghana Anchorages and Habours Authority.

He said the authority’s attempt to certify cybersecurity professionals without completely engaging them on how to consolidate their knowledge and grow the sector is a disastrous move.

“ All we’re driving at is if you want to engage us, engage us from that position – which is heightening the knowledge of cybersecurity professionals. Do n’t start engaging us from licencing and regulation. The regulation and the figure- paying should n’t be the first starting point. It’s a no- no, ” he asserted during the 3rd IT inspection, Cyber Security and Risk conference organised by ISACA Accra Chapter last week.

Francis Kyereh is a cybersecurity and sequestration professional who concurred – saying the intrusively strict conditions are harmful and slacken growth of the assiduity.

“ This is veritably protrusive, and I suppose you should go back and check the conditions again. This not what we’re awaiting a controller( CSA) to come and do for us. What we want you( CSA) to do for us is help make the assiduity whereby we will each profit. But what you have done is to single- out one group of professionals and give them veritably protrusive conditions; by the time they fulfil these conditions, the other group of technology professionals will be given their jobs, ” he stated.

He added “ In fact, if I’m an HR director and I see this long list of demand, I ’d rather give someone a job and call him a network director and ask him to do the job of a security person. CSA should just go back and look at these conditions again. I do n’t suppose the engagement with stakeholders was expansive enough ”.

The Cyber Security Authority( CSA) before this time blazoned its inception of the process to licence Cybersecurity Service Providers( CSPs), and give delegation to Cybersecurity Establishments( CEs) and Cybersecurity Professionals( CPs). The licencing and delegation governance – which was to take effect from March 1, 2023 – will apply to being and new CSPs, CEs and CPs.

This is pursuant to the Cybersecurity Act, 2020( Act 1038), sections 4( k), 49, 50, 51, 57 and 59, which dictate the Authority to regulate the below conditioning.

icing nonsupervisory crucial

Replying to the professionals ’ enterprises, the acting Director, Capacity Building and Awareness Creation at the CSA, Alex Oppong, said the governance’s intention is to insure robust nonsupervisory compliance with the Cybersecurity Act, as well as to certify that CSPs, CEs and CPs offer their services in agreement with approved norms and procedures in line with domestic conditions and assiduity stylish practices.

“ I feel your pain but we need to regulate the cyber space of Ghana to insure a secured and flexible digital ecosystem, ” he said.

The CSA licencing and delegation governance was to start with licencing CSPs in five crucial areas, videlicet vulnerability assessment and penetration testing( VAPT); digital forensics services; managed cybersecurity services; cybersecurity governance, threat and compliance( GRC); and cybersecurity training.

Cybersecurity professionals who have the applicable qualifications, provable capability and assiduity experience shall also be accredited in the below areas as part of the regulations, the authority stated in a statement to the B&FT before this time. The delegation of cybersecurity establishments will also apply to digital forensics installations and managed cybersecurity service installations operating in the country.

3rd IT inspection, Cyber Security and Risk conference

The conference organised by ISACA Accra Chapter brought together assiduity players, experts and professionals to bandy challenges to growth of the sector and proffer results to them.

There were donations on assessing cryptographic technologies and executions in fiscal services, artificial intelligence( AI) governance in practice; tools and fabrics for managing AI pitfalls and openings; data breaches and how to minimise them; and a practical session oncyber-attacks against organisations – how they’re conducted and how to help them.

Source: BFT News