With new CIMA rules, more computer security certifications

The Certified Information Systems Security Professional class wraps up its five-day boot camp with Jay Ranade, seated, on Friday.

Last week a dozen people gathered for a weeklong computer security boot camp, sitting at desks in a conference room at eShore, overlooking Heroes Square in central George Town. The intensive course reviewed how to assess, test and manage network security to get certified as information systems security professionals.

The people sitting through the course, from the Cayman Islands Monetary Authority, the Public Service Pension Board, PwC, Fidelity Bank and others, will still have a couple of months to study before they go to the testing center in the United States for the certification exam.

Government and financial services companies are investing more and more each year as computer security threats grow.

Earlier this year, CIMA issued new guidance to banks and other sectors of the financial services industry, saying that the regulator will begin assessing the approaches its licensees use to manage data security.

In a circular published earlier this year, CIMA notes, “As entities in an International Financial Centre, Cayman Islands-based firms are exceptionally vulnerable to data breaches. Thus, the Authority sees this issue as important and one that requires ongoing attention.”

Polly Pickering, managing director for eShore Ltd., said after the training, “Cyberattacks on business email and data breaches continue to rise at an unprecedented rate. This is our way of giving something back to the community to ensure that regional businesses not only recognize the increasing threats, but have access to the gold standard in security certification.”

Jay Ranade, a computer security expert who has written and published more than 35 books on the topic, came to Cayman to give the class. Speaking to the dozen people in the conference room Friday, along with a couple of others attending the class virtually, Mr. Ranade took the students through the ins and outs of network security, risk assessment and security penetration testing.

“It was good to see so many IT security professionals taking advantage of the opportunity,” said Ms. Pickering.

The class included three people from CIMA. Writing to licensees in May, CIMA explained, “The Authority sees cyberattacks as one of the key risks that the financial sector faces in today’s digital environment, where much reliance is placed on mobile computing technologies and the Cloud, presenting increased opportunities for cybercriminals. Cyberattacks are much more frequent, they have become extremely sophisticated and as institutions around the globe are finding, they are very costly.

“Given the heightened risk, the Authority is reviewing and strengthening its own security strategy,” CIMA writes. “The Authority is working to establish a set of internal policies and procedures to implement the Framework, which is a reiterative process designed to keep abreast of new threats, processes and technologies.”

In its most recent guidance, CIMA notes that cyberattacks are increasing against the Cayman Islands government and the private sector. “While the Authority recognizes that many of our licensees have robust data security systems, we also recognize that there may be others that may have systems that are improper or inadequate. The Authority is therefore strongly encouraging licensees to assess their cybersecurity risks, reassess their strategies to ensure they are comprehensive and up-to-date for the current environment and to test their security programs to identify vulnerabilities to their systems.”

eShore plans to host another boot camp with Mr. Ranade in early December.