9. Governance Framework
The governance framework describes the roles, responsibilities for the protection of CI/CII owners, and operators at a national level. The governance framework is guided by cybersecurity strategy, policy, legislation, directive, regulations, good practices, and/or guidelines.
As the CI/CII is not often owned or controlled by the government and the CIIP generally exceeds the capabilities and mandate of a single entity, the establishment of an interagency governance structure such as a committee or agency is of importance.
The governance model should include:
- Identification of public and private entities in charge of specific verticals
- Responsibilities and accountability of CI and CII operators
- Cross-sector and sector-specific cybersecurity baselines
- Information-sharing processes and protocols
- Communication channels and cooperation mechanisms
- Coordination structures and alignment across government entities with overlapping mandates
CI and CII Governance
Ghana’s Cyber Security Authority (CSA) provides support and guidance to a designated CII in accordance with the provisions of the Cybersecurity Act, 2020 (Act 1038).
National Computer and Cybercrimes Coordination Committee (NC4) is the central point-of-contact for cybersecurity matters in Kenya and coordinates cyber activities reference to the provisions of the Computer Misuse and Cybercrimes Act 2018.