ZIMBABWE Information Communication and Technologies (ZICT) has urged the Reserve Bank of Zimbabwe (RBZ) to adopt international standard ISO/IEC 27001, which manages risks on the security of information held by an organisation.
BY TATIRA ZWINOIRA
This comes following the leak of an invoice dated September 20 for the RBZ from the South African Mint for importing $3 024 000 worth of 50 cent bond coins.
In a statement on Saturday, ZICT said they had been pushing for organisations to adopt and get certified for the Standard ZWE ISO/IEC 270001, which covers information security.
“If RBZ had this certification, this kind of incident would have been prevented. The ISO/IEC 27000 family covers information security management systems.
“The ISO/IEC 27000 family of standards helps organisations keep information and assets secure,” ZICT said.
“Any organisation that adopts the ISO/IEC 27000 will assist in managing the security of assets such as financial information, intellectual property, employee details or information entrusted to the organisation by third parties.
“ISO/IEC 27001 is the best-known standard in the family providing requirements for an information security management system (ISMS) and that is standard that the RBZ should immediately start working on.”
The technology-security techniques-information security management systems-requirements ISO/IEC 27001 is an international standard, which is recognised globally for managing risks to the security of information.
Certification to ISO 27001 allows an organisation to prove to clients and other stakeholders that they are managing the security of information and provides a set of standardised requirements for an information security management system (ISMS).
“The standard adopts a process-based approach for establishing, implementing, operating, monitoring, maintaining, and improving an organisation’s
ISMS. Let us protect our national confidence and obtain the ISO/IEC 270001 certification,” ZICT said.
ISO 27001 was introduced in 2013 with the intention of helping organisations control information they had.
Zimbabwe, has, in general, very weak structures when it comes to cybersecurity, which led to it being dubbed “the most hackable country” by American software company, Rapid7 LLC.