TO boost card payment system in Nigeria, a United Kingdom firm,
Capitoline LLP, has tasked the financial sector of the economy on data
centre security management compliance.
Capitoline LLP advocated this in Lagos, at a data centre seminar, organised by KITS Technologies limited, a data centre infrastructure service provider.
According to the Director of Business and Strategy of Kits Technologies Limited, Taofeek Okoya who made a business case for the financial sector, informed that data centre security management compliance does not end in Payment Card Industry Data Security Standard (PCI- DSS) alone.
A statement by a founding partner of Capitoline, Barry Elliot corroborated this, when he said that the PCI- DSS and a couple of other standards must be constantly demonstrated by any company that wishes to share financial information, and in particular credit card information, with other organisations.
Elliot added: “All industries and corporations now rely upon IT for the success and very survival of their business and none more so than the finance sector of the economy. Financial industries have particular requirements put upon them for the security of their data and physical assets, ability to back up their data and an audit trail of transactions.
“In some areas of the world legislation has been passed to force financial institutions to demonstrate this required level of security and backup. In Europe there is the Basel II Accord and the EU Data Retention Directive and in the USA the Sarbanes-Oxley Act, the Health Insurance Portability and accountability Act and the Gramm-Leach Billey Act.
“Other countries have a mixture of regulations and best practice recommendations, such as Threat Vulnerability and Risk Assessment (TVRA), Singapore Ministry of Home Affairs, Guidelines for Enhancing Building Security in Singapore (GEBSS): 2010 and from the UK the Centre for the Protection of the National Infrastructure (CPNI) Protection of Data Centres Guidelines.”
Meanwhile, to ensure the Nigerian financial sector is carried along in this compliance drive, certification data centre training was done for data centre managers and IT heads of banks, insurance and oil and gas companies.
According to Okoya, all standards that cover both the physical and design aspects and the operational management aspects of data centres were made apparent, which include the ISO/IEC 27002:2005 and TIA 942 amongst others.
“No one standard meets all requirements and occasionally there are composite standards in the market place such as the AMS-IX Business Continuity Management standard for data centres, hence there is strong need by the IT, Data Centre and Infrastructure managers for constant knowledge update and compliance to these standards,” he stated.
Capitoline LLP advocated this in Lagos, at a data centre seminar, organised by KITS Technologies limited, a data centre infrastructure service provider.
According to the Director of Business and Strategy of Kits Technologies Limited, Taofeek Okoya who made a business case for the financial sector, informed that data centre security management compliance does not end in Payment Card Industry Data Security Standard (PCI- DSS) alone.
A statement by a founding partner of Capitoline, Barry Elliot corroborated this, when he said that the PCI- DSS and a couple of other standards must be constantly demonstrated by any company that wishes to share financial information, and in particular credit card information, with other organisations.
Elliot added: “All industries and corporations now rely upon IT for the success and very survival of their business and none more so than the finance sector of the economy. Financial industries have particular requirements put upon them for the security of their data and physical assets, ability to back up their data and an audit trail of transactions.
“In some areas of the world legislation has been passed to force financial institutions to demonstrate this required level of security and backup. In Europe there is the Basel II Accord and the EU Data Retention Directive and in the USA the Sarbanes-Oxley Act, the Health Insurance Portability and accountability Act and the Gramm-Leach Billey Act.
“Other countries have a mixture of regulations and best practice recommendations, such as Threat Vulnerability and Risk Assessment (TVRA), Singapore Ministry of Home Affairs, Guidelines for Enhancing Building Security in Singapore (GEBSS): 2010 and from the UK the Centre for the Protection of the National Infrastructure (CPNI) Protection of Data Centres Guidelines.”
Meanwhile, to ensure the Nigerian financial sector is carried along in this compliance drive, certification data centre training was done for data centre managers and IT heads of banks, insurance and oil and gas companies.
According to Okoya, all standards that cover both the physical and design aspects and the operational management aspects of data centres were made apparent, which include the ISO/IEC 27002:2005 and TIA 942 amongst others.
“No one standard meets all requirements and occasionally there are composite standards in the market place such as the AMS-IX Business Continuity Management standard for data centres, hence there is strong need by the IT, Data Centre and Infrastructure managers for constant knowledge update and compliance to these standards,” he stated.
This is very educational content and written well for a change. It's nice to see that some people still understand how to write a quality post! Network Security Testing
ReplyDelete