On Monday, 16/8/2021, ABJ held a remote workshop via Zoom video technology on cybersecurity management, in which the banking expert specializing in governance, risk management, information security, control and auditing, Mr. Nader Qahoush, attended along with a number of the banking sector and the Central Bank of Jordan employees.
The workshop addresses the important issue of cybersecurity at the local and international levels through the protection requirements and controls that must be provided at the individual level through the protection of personal data, photos, files, personal accounts, passwords and bank accounts for individuals. At the companies’ level and institutions through the protection of electronic assets, data, information, employee data, websites, software and electronic infrastructure. At the state level by protecting its electronic security and protecting the financial, economic and military systems from electronic attacks, piracy and disruption.
The workshop discussed the nature and axes of cybersecurity in addition to tackling its risk management, monitoring and evaluation mechanisms, building cybersecurity risk records, assessing the level of maturity, auditing and oversight on cybersecurity issues, as well as discussing global and local regulatory, legislative and supervisory frameworks for cybersecurity. The workshop also addressed the Central Bank’s cybersecurity instructions which are not new but were emphasized. The workshop also touched upon the importance of information security, with the aim of developing the electronic and digital environment and maintaining and enhancing information security in general and cybersecurity in particular.
The workshop indicated that cybersecurity is a major issue due to the technological revolution of the banking system, mobile phone, computer networks and the Internet, which entered into banking applications and banking services. The importance of information and cyber security is also an operational requirement in order to develop the electronic and digital environment in the Kingdom.
The general framework for protection from cyber-attacks was also explained, taking into account the axes of technology, the mechanisms and individuals in institutions emphasizing the need to enhance the level of maturity of all three axes mentioned in parallel. The importance of business continuity plans for organizations was also discussed, as they should include and be built on the basis of hacking and cyber-attack scenarios and recovery from them, and they include incident response procedures against cyber-attacks ensuring an effective response to hacking attempts if they occur.
The workshop emphasized that cooperation in the field of exchanging and sharing information of cyber-attacks is required to enable banks and financial institutions to enhance their procedures in assessing and responding to information technology and cyber security risks emphasizing the importance of spreading awareness and specialized training in cybersecurity among all employees of these institutions.