No fewer than 30,000 websites are targeted by hackers according a disclosure by Sophos Lab to Forbes daily.
This mind boggling statistics has become a motivation for serious companies and institutions to upgrade their information security systems. One of such institutions that has made a bold step in Nigeria is the Nigerian Stock Exchange, a bourse that prides itself as the gateway to African markets.
Recently the exchange was awarded the ISO 27001:2013 certification by the British Standards institute, a United Kingdom based global standards institution with over a decade history of helping companies achieve best practice standards in their operations across 150 economies.
The ISO 27001:2013 is the only auditable international standard which defines the requirements for Information Security Management System (ISMS). Also, the International Organization for Standardization (ISO) is the world's largest developer and publisher of international standards required to install and sustain qualitative practices in organizations worldwide.
The certification achievement gives both the NSE and its stakeholders the confidence to trust the organisation with the safe-keeping and processing of their information as well as ensure that appropriate controls are in place to prevent wherever possible and manage risks in the unlikely event of a breach.
Commenting on the achievement, Mr. Oscar N. Onyema, CEO of NSE said “ISO Certification is an important reference for many international investors and I am extremely proud of our organization to have achieved this feat, a further testament to our commitment to deploy robust information management systems and processes across our service value chain in line with global standards. We have made significant investment in deploying cutting edge technology to facilitate trading of securities using our X-Gen platform and other enterprise applications and international standards such as this helps us to minimize risk. As ISO 27001 is the most stringent certification for information security controls, I congratulate our employees who worked diligently during this process.”
THE TOUGH PROCESS TO CERTIFICATION
There is no gainsaying that to be certified with the ISO 27001:2013 Information Security Management Systems, demonstrates to existing and potential customers that an organisation has defined and put in place information security practises that meet globally accepted standards.
The magnitude of such an achievement can only be fully comprehended judging by how many companies in our environment are prepared not only to open-up themselves for such rigorous and stringent assessment process but to even meet the required standards for certification.
According to Mrs Favour Femi-Oyewole, who heads the Information Security department of the Nigerian Stock Exchange, “the achievement of the ISO 27001:2013 Certification required the application of more than 100 different controls across 14 categories with the goal of providing a model for establishing, implementing, operating, monitoring, and maintaining a robust Information Security Management System and has re-affirmed our ability to undertake the seamless integration of people, processes and technology to drive our market.”
The process leading to the award also includes several layers of audit conducted that spanned the entire exchange and its peoples been tested on the knowledge of information security processes and procedures to avert any breach.
The Exchange partnered a local firm, Digital Encode, a leading consulting and integration firm founded in 2003 that specializes in the design, management, and security of business-critical networks, telecommunications environments and other Information Technology (IT) infrastructures. Recognized in the industry for its vendor independent perspective, the firm's expertise lies in solving multifaceted, complex enterprise network security and audit problems.
INFORMATION SECURITY TO INVESTORS
There is no doubt that as the business community shifts its operations to the cyber space one of the pertinent question that continues to take the centre stage is the security of the entity as well as its website. This is more important for the NSE that has nearly half of its players and investors from overseas.
Consequently, making a company and its website secure has become an issue of serious concern for every discerning management who wants to get the attention of global player. The best way to achieve this is by ensuring that the appropriate information security risks have been properly identified and managed.
This is where the ISO 27001, information security standard come handy. The standard provides companies with a structured and proven way to implement and manage an information security management system as well as provide management and the business with confidence in the security measures that are in place.
According to Mr. Ade Bajomo, Executive Director, Market Operations and Technology of NSE said “We are particularly pleased to be the first Exchange in Africa with this certification, showing our ongoing commitment to information management leadership and attainment of best-in-class operations. As the investing public continue to use data and information to drive insights and investment in the capital markets, security of information will remain on the front burner and the Exchange will continue to adopt market leading approaches and controls in this area. This certification ensures that the services offered by the Exchange and its wider eco-system, which will increasingly become digitised and based on smarter trading technologies, will continue to evolve and pro-actively adopt best in class security and information management standards.”
The NSE unveiled a bold technology transformation with the launch of its X-GEN platform automate its operations. This platform has also serviced some local securities exchange. With this huge investment in technology it is therefore imperative that the exchange will embrace additional measures that can give extra comfort that its operations will resist the most vicious attempt from external sources.
Since the Oscar Onyema management took over the reins of the exchange, the bourse has been involved in game changing polices coded name X-ERA where technology has been leveraged immensely to drive value for various stakeholders. The X-issuer allows issuers to file reports and compliance requirements from the comfort of their officers. The brokerTrax enables the dealing members to file their statutory returns as well. Launching a new robust and multifunctional website, X-web, the exchange is now able to provide market data services in a seamless and real time manner to local and global audiences. As if that was not enough, it launches an x-whistle platform where infractions or suspected abuse can be anonymously reported and will be followed up by the bourse’s surveillance team.
As more companies prepare to list on the exchange, with MTN, Arik Air and Sahara group already signifying their intentions, it appears the NSE is prepared to leverage technology to continue to serves its growing clientele. With the ISO certification, existing and new players can rest assured that a strong information security wall has been built to protect the activities on the exchange.