Computer Science Students Enlightened on Cyber Security
Cyber Security expert, Favour Femi-Oyewole, delivered "Information Security in Business: Issues and Solutions" as part of the Town and Gown interactive seminar series in the Department of Computer and Information Sciences. Her presentation marked the second edition in the series of the seminar organized by the department.
In her presentation to students and faculty of the department, Mrs. Favour Femi-Oyewole stated emphatically that information security is a shared responsibility and everyone has a critical role to play in making it work.
She opened her presentation by giving an insight into what Information Security is all about. “Information security is the process of protecting the availability, confidentiality, and integrity of data— and because no security system is foolproof, it is very critical to take basic and practical steps to protect data for good information security. However, Information Security is not complete without addressing the key components of strategy, people, process, technology and compliance,” she said.
Mrs. Femi-Oyewole also defined Cyber security as the body of technologies, processes and practices [information technology security] designed to protect networks, computers, programs and data from unintended or unauthorized access, change or destruction
Speaking on the need for Chief Information Security Officers (CISO), she argued “No matter how large or small your company is, you need to have a plan to ensure the security of your information assets. Such a plan is called a Security Program by Information Security professionals.
“Chief Information Security Officers are responsible for establishing strategies, executing the strategies, risk management, communicating effectively with senior executives and business leaders, complying with regulators, and leading the charge against escalating cyber threats, using various security technologies,” she said.
According to her, issues surrounding Chief Information Security Officers involve the ability to speak the Boardroom Language because executive leaders are asking CISOs to be strategic thinkers as well as IT administrators.
“Another issue is that CISOs always have the technical awareness but may not have procurement authority. Nevertheless, CISOs are always influencers; they impact everyone in a company because the security organisation is pervasive in all departments and business functions.” Mrs Femi-Oyewole said.
“CISOs are concerned about the intensity, volume and complexity of cyber threats that run the gamut from malicious code to zero-day attacks,” she said. “CISOs face various internal challenges when procuring security solutions. They need to justify the purchase and deal effectively with internal stakeholders.”
The Guest Speaker, however, took time to highlight some possible solutions to cyber threat:
First, Security must be considered a growth engine for the business. Security should never be a roadblock or hassle that undermines user productivity and stands in the way of business innovation
Second, Security must work with existing architecture, and be usable. Security teams should not have to create or re-build architecture to accommodate new technology solutions that are meant to improve security.
Also, Security must be transparent and informative. Users should be presented with information that helps them understand why security is stopping them from taking a particular action.
Lastly, Security must enable visibility and appropriate action. Security solutions with open security architecture enable security teams to determine whether those solutions are truly effective.
She also observed that most organizations have approached cyber security by trying to put increasingly sophisticated defences around their perimeter. The reality is that a motivated attacker will likely find vulnerability or an employee may inadvertently create an opening, therefore, Security must be viewed as a people problem. “A technology-centric approach to security does not improve security; in fact, it exacerbates it,” she said.
Concluding her remarks, Mrs. Femi-Oyewole reiterated what she had earlier maintained at the outset. “There is no 100% security. It is a continuous process and journey without a destination and there will always be new ways of doing things, new threats, new vulnerabilities, new methodologies, new technologies and countermeasures”.
Mrs. Favour Femi-Oyewole holds B.Sc. in Computer Science and M.Sc. in Computer Science and Information Security. She is a Certified COBIT 5 Assessor /Certified ISO 27001. She is also the first Female COBIT 5 Assessor Certified in Africa
Present at the Seminar were Dean, College of Science and Technology, Professor Shalom Chinedu, Head of Department, Computer Science and Information Sciences, Dr Adebiyi Ayodele, other staff and students of the department