B u i l d i n g Re s i l i e n c e by

2 3

5

...keeping you abreast of best prac�ce

BEST PRACTICE NEWSLETTER

010100001010100001010100001

PCI DSS QUALIFIED SECURITY ASSESSORISO/IEC 27001:2013 (ISMS) CERTIFIEDISO/IEC 9001:2015 ( QMS ) CERTIFIED

A quarterly publica�on from

Abuja Lagos Accra

facebook.com/digitaljewels

@Digitaljewels +234-8152000120 | +233 302 506 246Tel:

scoopit.tv

Building Resilience

Cyber Securityby Improving

HIGHLIGHT

DJL

Quarter Two 2017 Edi�on

www.digitaljewels.net

Amajor highlight of the second quarter for Digital Jewels was the commemora�on of the business con�nuity awareness week

held in the month of May 2017 with the global theme being “-Cyber Security is everyone's responsibility- Play your part in building a resilient organiza�on. The firm being a propagator of the ISO22301 standard among other ISO standards joined the BCI- (the global Business Con�nuity body) in commemora�ng the week, by organizing an awareness sessions for some of our client (Union Bank, Access Bank, Fidelity Bank…..).

The figures are grim.*Over 300,000 computers infected by the wannacry ransomware a�ack

* Number of data breaches in the first quarter of 2017 was 39% higher compared to the same period last year.* Over $5 billion cybercrime damage costs es�mated for 2017 so far – a year in which we've only just approached its mid-mark.

In view of the escala�ng trend of cyber-a�acks domina�ng news headlines, it is most certainly safe to assume that those days are over when cyber security was relegated to the fringes of the corporate world, a concern solely of the IT officer. Cybersecurity has definitely moved from an informa�on technology issue to a CEO and board-level issue as corpora�ons have become increasingly reliant on IT to drive and enable business.

Par�cipants networking at a recent IVC Breakfast Forum

GALLERY

1Some DJL staff at an event organised by the firm recently

4[L-R] Adesina Adeigbe BDU, Digital Jewels, Innocent Muhizi CEO, Rwanda Info.Sec. Authority (RISA), Jean P. Nsengimana, Minister, Youth & ICT Rwanda,Adedoyin Odunfa, CEO Digital Jewels, Arthur Rugango, Partner, Cedar Ark Lawat the Transform Africa Summit, Kigali Rwanda

[L-R] Emeka Eboegbune, Group Head, Informa�on Technology, First City Monument Bank (FCMB) Group Plc; Dr. David Isiavwe, Chief Audit Execu�ve,Union Bank; Adedoyin Odunfa, Managing Director/Chief Execu�ve Officer, Digital Jewels Limited; Femi Odubiyi, Lagos State Honourable Commissionerfor Science and Technology and Tony Egunjobi, Head, Informa�on Technology, Risk and Quality Management, First Bank.

Adedoyin Odunfa in a tete-a-tete with Strive Masiyiwa Fmr.

CEO Econet Wireless Nigeria at the Transform Africa Summit,

Kigali Rwanda

CONSULTINGACTIVITIES

BUILDINGSPECIALISEDCAPACITY

Feedback from programsheld in the courseof Q2 2017

xcellent training essen�al for every staff of any organiza�on.The course has given me a clearer knowledge of health andsafety in the workplace. I liked every aspect of the course” “E ...“Great course!!! Excellent model to imbibe in any organiza�on”

...“Good value for money and �me. The course suffices for mycareer roadmap and most of all current challenges in ourcompany”.

…..“Good materials, excellent delivery. The facilitator connectedand engaged the class excellently as she carefully explained newconcepts and the clauses in detail.

ISO22301 Lead Implementer [June. 12th – 16th]

COBIT 5 Lead Implementer [June. 12th – 14th]

COBIT 5 Founda�on [June. 6th – 8th]

ISO 22301 Lead Auditor [May. 2nd – 6th]

OHSAS Founda�on [June. 15th – 16th]

Project Management Professional [May. 5th, 6th, 12th & 13th]

OHSAS Lead Implementer [June. 19th – 23rd]

SECURE : ASSURE : ENABLE : EMPOWER : MANAGE

Thus, current reali�es dictate the con�nued security of an organisa�on's business opera�ons and her brand protec�on are largely dependent on the defini�on and understanding of cybersecurity roles and responsibili�es required of all personnel. This then leads to the ques�on of what exactly cons�tutes the cybersecurity role and responsibili�es of a personnel?

Far from cybersecurity being a buzz word that employees are expected to mu�er every now and then to showcase an understanding of their roles and responsibili�es, everyone has a part to play in the overall cybersecurity posture of the organisa�on. Accordingly, personnel are expected to be aware of cyber security threats and ways by which the occurrence of such threats may be reduced or eliminated. Consequently, the importance of cybersecurity awareness and training sessions for all personnel cannot be overes�mated. It is of cri�cal importance that the administra�on of such sessions be tailored to the job descrip�on or profile of the personnel. A�er all, it really doesn't make any sense to deliver a highly technical awareness session to personnel in the human resources department. The effec�ve administra�on of awareness and training sessions to the en�re workforce would certainly involve considerable planning alongside human and material resources with the sessions planned on a regular basis to ensure the desired changes in organiza�onal culture manifest.

With a cyber-security conscious work-force in place, another item to chalk off would be the implementa�on of required technical and non-technical cyber security controls. Here again, the ac�ve par�cipa�on of all staff is required to ensure success – from Management that ensures the required human and material resources are procured, to technical staff armed with requisite knowledge and skills in control implementa�on, and all other employees and stakeholders required to abide by implemented controls. Cyber Security is indeed everyone's responsibility- Are you playing your part in building a resilient organiza�on?

he consultants got pre�y busy in Q2 suppor�ng some major ins�tu�ons to implement global best prac�ce Tthrough accomplished interna�onal standards. Some of the completed projects include the ISO22301 standard for Access Bank Plc, ISO27001 surveillance for the Africa Finance Corpora�on, ISO27001 Surveillance audit

support for Diamond Bank, PCIDSS for GTBank, ISO27001 re-cer�fica�on for MainOne and PCIDSS re-cer�fica�on for Unity Bank. Other projects s�ll in progress include include ISO 27001 implementa�on and PCIDSS re-cer�fica�on for a leading bank in Ghana, ISO 22301 for two financial ins�tu�ons and a major switching & payment processing company, ISO20000 for NIBSS, COBIT 5 and OHSAS for a leading financial ins�tu�on, Integrated Management Systems for Fidelity Bank and ISO27001 for a government parastatal.

As we move on to the second half of the year, the firm an�cipates success stories from the afore-men�oned projects in progress whilst we also look forward to more prospects; and as with every other project carried out over the years, our commitment to deliver dis�nc�ve service and greater value remains unrivalled and unshaken.

TRAINING ENQUIRIES? please contact:

Adesina:08172435150|adesinaa@digitaljewels.net Abimbola:08172435139|abimbolao@digitaljewels.net

Derek:+233546269170|derekn@digitaljewels.net James:+233507777744|jamesh@digitaljewels.net

The 67th session of our renowned eclec�c Informa�on Value Chain breakfast forum focused on “Technology in Government: Lagos State as a Case Study”, and was led by Femi Odubiyi, Lagos State Commissioner for Science and Technology, while Adedoyin Odunfa, MD/CEO Digital Jewels Limited, delivered a presenta�on on “Technology as a Game Changer in Government”The Commissioner shared insights on the Smart-City Project and how the government intends to achieve the transforma�on through technology. The session took place at La Cour Hotels Ikoyi with senior execu�ves from the Banking, Technology, Telecoms and IT sectors in a�endance.

Q2 2017 IVC SESSION

…“The facilitator was able to relate the course to real business andwas always ready to answer ques�ons. The course has equipped meto be ready to respond to any disrup�on that may arise”.

...“I enjoyed the risk assessment/control contents. The class wasinterac�ve with real life scenarios that helped my understanding”

…..“Simply Insigh�ul.