The Director-General of the Cyber Security Authority (CSA), Dr. Albert Antwi-Boasiako, stated this in his keynote address at the 2023 CISO Summit in Accra on March 22, 2023: “The accreditation of Cybersecurity Professionals (CPs) will guide further development of the cybersecurity profession in Ghana and will make it possible to create the necessary incentives to develop the profession.”
Dr. Antwi-Boasiako claims that as part of the accreditation procedure, the Cyber Security Authority would establish a Registry of accredited CPs, which will be accessible to the public via the CSA website.
This, he claimed, will provide accredited CPs prominence and immediate legitimacy.
He said that the Authority could choose accredited CPs to serve as Independent Assessors on the CSA team that conducts regulatory evaluations and audits.
“We do hope that, along with certification, we can offer regulatory standards on fees and charges by CPs, much like the Bar Association does for fees and charges made by lawyers. The Industry Forum, which will be established in accordance with Section 81 of Act 1038, will benefit from the accreditation of CPs both in terms of its creation and operation. To identify and encourage pertinent practices that will benefit accredited CPs, the Authority will continue to work with the industry, he said.
Dr. Antwi-Boasiako praised industry organizations like ISACA and (ISC)2 and urged them to keep playing a vital role in fostering the development of cybersecurity skills and standardization.
But he added that, like any legitimate profession, the cybersecurity sector needs to be regulated.
No matter to which industry body a person belongs, there is a need for national regulation. We implore everyone, even the Chief Information Security Officers (CISOs) here, to go through the accreditation procedure.
Another regulatory focus of the CSA is the licensing of cybersecurity service providers (CSPs) and the accreditation of cybersecurity establishments and professionals.
Such regulatory operations are motivated by the desire to develop the industry, the necessity to embrace best practices and standards, and national security considerations.
The Authority anticipates that only individuals and organizations who can provide proof of their qualifications and who are in good standing will perform important services.
The fit for purpose exams in cybersecurity also look at professional integrity and favorable background information in addition to technical and professional competency.
The Authority has thus started the licensing and accreditation procedure for these organizations and individuals. It began on March 1, 2023, and it will last through September 30, 2023, for institutions and professionals that are already in place.
According to Section 49, it will be unlawful to provide cybersecurity services in Ghana after September 30th (1).
Sadly, cybersecurity experts won’t be able to provide their services again to designated Critical Information Infrastructure (CII) Owners and public sector organizations after the accreditation deadline expires and without certification by the Authority, as required by law.
This is in line with international best practices.
Protection of Critical Information Infrastructures, Sectoral CERTS Accreditation, Licensing of Cybersecurity Service Providers, Accreditation of Cybersecurity Establishments, and Accreditation of Cybersecurity Professionals are just a few of the regulatory initiatives that the CSA is currently putting into action.
In order to provide the public with a variety of avenues and channels for reporting cyber-related incidents, the Authority launched the Cybercrime/Cybersecurity Incident Reporting Points of Contact (PoC) in October 2019. As of today, the Authority has received 37,468 contacts since October 2020, with approximately 33,841 of those contacts being Direct Advisories distributed to the general public.
Sectoral Computer Emergency Response Teams (CERTs) are being developed in compliance with Section 44 of the Cybersecurity Act 2020 (Act 1038), in order to promote efficient cybersecurity incident coordination and response in all of Ghana’s important economic sectors.
The majority of businesses now don’t report these instances. Because of this, it is incredibly difficult to estimate the number and kind of cyberattacks.
For a nation like Ghana to permit such actions, it is unacceptable.
The Director-General of the CSA asserts that “we cannot handle what we encounter on a daily basis if we cannot recognize and measure it. Hence, as part of our CERT regulations, the Authority will enforce Section 47 of Act 1038 as part of its mandate.
The CISO conference served as a forum for discussions that benefited both parties and made a substantial contribution to Ghana’s advancement in cybersecurity.
Senior Management, IT professionals, and information security officers were brought together to discuss the most recent advancements in the field and how they affect the profession.