National Information Security Framework (NISF) Launched to Public

Posted on August 15, 2014

National Information Security Framework (NISF) Launched to Public

Nita-UgandaNational Information Technology Authority of Uganda (NITA-U) has developed a National Information Security Framework (NISF) whose purpose is to serve as a conceptual structure for guiding information security activities in Uganda.

The NISF shall present a common approach for addressing information security issues both within and outside the Government of Uganda (GoU). It aims to help secure the information and other assets that enable the GoU to conduct its operations by using a multi-layered structure, which describes mandatory security activities, roles, responsibilities and their relationships.

National Information Security Framework summary

The mandatory security requirements apply to all stakeholders irrespective of their functions.

However, as a risk-management driven framework, the NISF requires the stakeholders to assure their Accounting Officers, and NITA-U that the security measures implemented appropriately address the peculiar threats, risks and vulnerabilities which their operations face.

In particular, the NISF shall assist in:

I.             Focusing on information security outcomes rather than activities;
II.            Improving understanding of information security roles and responsibilities; and
III.           Enabling human and institutional information security / cyber security capacity building.

The National Information Security Framework (NISF) contains an  Executive handbook , a National Information Security Policy, Security standards such as Technical Risk Assessment, Risk Management and Accreditation, Security Classification, Personnel Security, Physical Security and Incident Management. It also includes an Implementation guide.

This framework is one of the outputs from the National Information Security  Strategy which is the overall National strategy  for Information Security.

 National Information Security Framework summary