The Governor of the Bank of Ghana (BoG) Dr Ernest Addison has said that the central bank is collaborates with the Cyber Security Authority to improve the cybersecurity posture in the banking sector.
In particular, Dr Addison said, the two institutions are discussing various ways to approach the implementation of the Cybersecurity Act, 2020 (Act 1038) for the sector.
Speaking at the official commissioning of the Financial Industry Command Security Operations Center (FICSOC) on Wednesday, May 24, Dr Addison stated that in October 2018, the Bank of Ghana issued the Cyber and Information Security Directive (CISD) for banks and other Bank of Ghana-regulated financial institutions with expectation that all regulated financial institutions would implement the required Information Security Management Systems (ISMS) controls to ensure the delivery of a safer digital financial Industry.
The implementation of the directive, he said, was phased over 36 months, and through effective monitoring and supervision among regulated banks.
As these institutions worked towards full implementation of the Directive, it became evident that the Bank of Ghana had to establish an industry Security Information andEvent Management (SIEM) system to enable those institutions implementing SIEMs to send logs/alerts, aggregate information and reports, he added.
To achieve this, he said, the BoG initiated the SIEM project which we call the Financial Industry Command Security Operations Centre (FICSOC) Project.
“The FICSOC Project is now completed and operational with reports/alerts in the form of threat intelligence provided to the banks to improve their incident response mechanisms.
This FICSOC project, he added, is a key component of the systems and we have to deal with the challenges of cyber security.
Your Excellency, this project will help provide real-time visibility into cyber threats and
attacks targeting the banking sector. The Bank of Ghana and the Cyber Security
Authority are collaborating to improve the cybersecurity posture in the banking sector.
In particular, the two institutions are discussing various ways to approach the implementation of the Cybersecurity Act, 2020 (Act 1038) for the sector.
“The detailed areas of collaboration are contained in the joint statement issued by BoG and CSA on 24th June 2022, nearly a year ago. On this note, I would like to thank His Excellency and our guests for honouring the invitation to commission the FICSOC Project. My appreciation also goes to the implementation partner, Virtual InfoSec Africa, the FICSOC Consultant, Mr Samuel Amoah, and BoG FICSOC Project Team members for their commitment and diligence in achieving success in this project,” Dr Addison stressed.