HomeAnalysisICT governance, cyber security training

ICT governance, cyber security training

Jacob Mutisi
Most Zimbabwean organisations are battling with constant cyber attacks and do not have the ability to protect themselves from these attacks.

A critical component of any organisation is to have a cybersecurity programme that protects its institution from these kinds of attacks.

Cybersecurity is having security controls and policies in place that are customised for any business. Institute of Directors (IOD) and Zimbabwe Institution for Zimbabwe (ZIE), identified the need to help these organisations to protect themselves and  has embarked on cybersecurity awareness trainings and workshops for boards, executives, senior and mid-level managers so that they are brought up to speed on an organisation’s information communication and technology (ICT) security procedures, policies and best practices.

Most Zimbabwean organisations, in order to gain competitive advantage,  are crafting and executing strategies for improving customer experience (CX) and user experience (UX) through digital transformation (DX) endeavours encompassing digitisation, digitalisation, data analytics, artificial intelligence (AI) and so on.

This drive for DX as an opportunity, brings with it a plethora of cybersecurity risks embodied in the political, environmental, social, technological, legal, ethical (PESTLE) ecosphere, which is made even more complex when eruptions such as the Covid-19 pandemic and hostile global environment (Ukraine war) are added.

There is therefore a call for private and public sector collaboration for nation-wide, enterprise-wide, and community-wide implementation of cybersecurity measures.

It is key for organisations to approach the concept of cybersecurity in an enterprise-wide structured approach within the organisation and also a nation-wide collaborative approach as national cybersecurity is as strong as its weakest link.

All digital information interactions such as B2B, B2G, G2B, B2C, G2G, C2C (B-business, G-government, C-consumer, Customer or Citizen) have to be analysed for potential threats. Doing so will help the enterprise not only protect itself better, but do so in a manner that is proactive, cost-effective and beneficial to the community at large.

The goal for these training programmes and workshops is to spread awareness on the security threats that exist for corporates in Zimbabwe in the extant and future digital cyberspace. No two organisations are exactly the same in all ways and the role of these trainings and workshops is to help give an understanding of how the total costing for security resources can be calculated for the unique enterprise.

Using the vast experiences of the two organisations training coordinators, the trainings and workshop will also delve into how roadmaps can be crafted, implemented and managed in a structured manner towards the goal of certifiable security for the enterprise in the various domains and strategic business units.

The main goals of these training awareness and workshops are to:

Provide an understanding on what ICT governance is. The ICT governance discussion will centre on exposing the governance intricacies given the PESTLE issues pertaining to cybersecurity risks in DX implementation. This will enable decision makers to get an understanding of how an organisation’s ICT supports and enables the achievement of its strategies and objectives. It is emphasised here that this is not just the ambit of the Chief Information Security Officer (CISO) but the whole decision making structure from board to mid-level strategy implementers.

The board and IT governance: The what, who and how. Special emphasis is put on understanding current best practice using such resources as the King IV Report on Corporate Governance.

Provide awareness on the evolving cyber-threats to corporates and individuals, post-Covid-19. This will cover the rise in cyber-attacks and the evolution from just hobbyists performing malicious activities online to the now highly organised approach being taken by cyber-criminals, post-Covid-19. Fully-fledged criminal enterprises now exist online and we will touch on how they’re organised and how they operate.

Provide knowledge on developing a roadmap to effective and certifiable organisational cyber-security. This goes beyond just recommending the implementation of a penetration test or purchasing a next generation firewall. It will cover how you can assess where you stand as a company in terms of cybersecurity, where you can go in terms of “cybersecurity maturity” and how exactly to get there with the help of an experienced guiding hand.

Gain an understanding on how to realise proper Return on Security Investment (ROSI) for your organisation. It is difficult for many corporations to put a figure on what they need to invest in terms of cybersecurity and then commit to doing so. In many cases, this investment is only done reactively, after a breach has occurred. We will cover how you can calculate how much you need to invest in cybersecurity given your own unique context as an organisation and ultimately figure out how to calculate

Gain foresight into the Strengths and Weaknesses of the Data Protection Act and its predecessor the Cybersecurity and Data Protection bill. The Zimbabwe Data Protection Act has now been passed, but with it comes a whole lot of responsibilities and duties to be performed by corporations locally. This is mostly to do with the aspects of Data Protection and how corporations are supposed to interact with their clients and employees when it comes to handling and “processing” their data. The Act has its critics and we will delve into these to expose the weaknesses and pitfalls that a corporation can get into.

eGovernment drive and its implication to G2B, B2G etc. The Zimbabwean government is on a drive to digitalise, albeit slowly, its services to corporates and citizens. This has a great impact on cybersecurity and therefore must be exploited in order to expose the potential risks.

The damages that follow a cyber attack incident can be expensive and detrimental for any organisation.

There is a need for all organisations to invest in security awareness training and workshops with the benefits outweighing the cost of a leak or breach. Should a business fall victim to a cyber-attack, the potential repercussions include:

  • Loss of revenue
  • Reputation damage
  • Loss of clients
  • Operational disruptions
  • Lawsuits
  • Intellectual property (IP) cyber theft
  • Theft of personally identifiable information (PII)
  • Compromised client data, sensitive business information and equipment

Organisations are always looking for ways to improve their security practices, and one of the most effective ways to achieve this is by providing employees with ICT governance and cybersecurity training and workshop participation.

  • For more details please call/Whatsapp +263772278161
  • Mutisi is the CEO of Hansole Investments (Pvt) Ltd and the current chairperson of Zimbabwe Information & Communication Technology, a division of Zimbabwe Institution of Engineers.

Recent Posts

Stories you will enjoy

Recommended reading

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

NewsDay Zimbabwe will use the information you provide on this form to be in touch with you and to provide updates and marketing.