Regulatory Alerts2024-06-21 | BSD/DIR/PUB/LAB/017/008Central Bank of Nigeria Risk-Based Cybersecurity Framework and Guidelines for Deposit Money Banks and Payment Service Banks
The provided list is an extensive glossary of terms related to cybersecurity in Nigeria's banking and financial industry. Here is a concise summary of the most important terms and their meanings, as per the context of the Nigerian financial sector: - **Cybersecurity Framework**: A set of guidelines and best practices to help organizations protect against cyber threats. - **Information Security Management System (ISMS)**: An ISMS is a systematic approach to managing sensitive company information so that it remains secure. - **Security Incident**: Unauthorized access or disclosure of sensitive information. - **Malicious Code/Attack**: A code designed to cause damage to a system, typically by exploiting vulnerabilities. - **Multifactor Authentication**: A security measure requiring more than one form of authentication to confirm identity. - **Nigeria Electronic Fraud Forum (NeFF)**: An industry-focused platform that combats electronic fraud and cybercrime in Nigeria's financial sector. - **Open Web Application Security Project (OWASP)**: A nonprofit organization providing methodologies, documentation, and development of best practices for web application security at no cost. - **Payment Card Industry Data Security Standard (PCI DSS)**: An information security standard that applies to organizations that collect, process, store or transmit cardholder data. - **Privileged User**: A user with elevated system rights and privileges. - **Service Level Agreement (SLA)**: A contract between a service provider and its customers defining the level of service expected. - **Vendors**: Providers of goods or services to financial institutions. - **Vulnerability**: Weaknesses in a system, application, process, etc., that can be exploited by an attacker. - **Zero-Trust**: A security model requiring all users and devices to be continuously authenticated, authorized, and verified before accessing resources or data.