Risk-Based Cybersecurity Framework and Guidelines for Deposit Money Banks and Payment Service Providers

Draft cybersecurity framework provided by the Central Bank of Nigeria: A six part, risk-based approach to managing cybersecurity risk.

This framework is designed to ensure that the platforms upon which Deposit Money Banks (DMBs) and Payment Service Providers (PSPs) operate ensure the 'confidentiality, integrity and availability of information as well as the avoidance of financial loss and reputation risk, amongst others.' An excerpt of the introduction appears below and describes the essence of this draft cybersecurity framework:

'In this regard, threats such as ransomware, targeted phishing attacks and Advanced Persistent Threats (APT), have become prevalent; demanding that DMBs and PSPs remain resilient and take proactive steps to secure their critical information assets including customer information that are accessible from the cyberspace. It is in this regard that this framework, which outlines the minimum cybersecurity baseline to be put  in place by DMBs and PSPs, is being issued. The framework is designed to provide guidance for DMBs and PSPs in the implementation of their cybersecurity programmes towards enhancing their resilience.

 Cybersecurity resilience is considered as an organisation‟s ability to maintain normal operations  despite all cyber threats and potential risks in its environment. Resilience provides an assurance of 
sustainability for the organisation using its governance, interconnected networks and culture. DMBs/PSPs should note that for a cybersecurity programme to be successful, it must be fully 
integrated into their business goals and objectives, and must be an integral part of the overall risk management processes.'

Contents

  • Cybersecurity Governance and Oversight
  • Cybersecurity Risk Management Programme
  • Cyber Resilience Assessment
  • Cybersecurity Operational Resilience
  • Metrics, Monitoring & Reporting.
  • Compliance with Statutory and Regulatory Requirements

Appendixes

  • Cybersecurity Self-Assessment Tools
  • Know Your Environment
  • Enhancing Cybersecurity Resilience
  • Informative References
  • Cyber-Threat Intelligent Sources
  • Reporting Templates

Document Details

Document Type: 
Document Topic: 
Doument Author (Entity): 
Authoring Country: 
Originating Country or Trade Block: 
Issue Status: 
Year of Document: 
2018
Date of Document: 
Wednesday, June 27, 2018
Document Authors: 
Central Bank of Nigeria

Legal Disclaimer: The content appearing on this site is for general information purposes only and made available on an "AS-IS" basis. The law is subject to change and no representation or warranty is made with regard to accuracy or fitness for a particular purpose.