How to calculate student's grade in Excel using VLOOKUP Function

The LOOKUP (i.e. Vertical lookup) function looks for a value in the leftmost column of a table, and returns a value in the same row from a column you specified.

The syntax:    =VLOOKUP(lookup_value,table_array,col_index_num)

In our example, we will use the table screenshot below to calculate for student's grades

Tip:     Click here to download the Excel file. This will rather open the Excel file in Google Spreadsheet view 

Follow these steps to download the file onto your PC

• In the Google spreadsheet view, click on File menu, point to Download and select Microsoft Excel (.xlsx) file type to download the Excel file into Download folder on your PC.

Meanwhile, our Excel file contains two (2) sheets namely Data and Grade respectively. The Data sheet contains each students Total marks whiles the Grade sheet contains the grading table

The table below shows the grading system we will use to determine a student’s Grade and Remark respectively

When creating a grading system using VLOOKUP function, you only use the values at the left of the Marks column. i.e. 80, 70, 65, 60, 55, 50, 45, 40 and 0.  By default, the grading table must be rearranged from the lowest number to the highest number (i.e. from 0 to 80) with its corresponding grades and remarks information.

• In Grade sheet the table should look like the one screenshot below:

We will now assign a dynamic name to the grade table 

• In Grade sheet, highlight from 0 to Excellent only 
• Click inside the Name Box and type a name of your choice (without space). Example: Gradelist
• Press the [Enter] key to assign a dynamic (unique name) to this area

We will now determine the Grade for the first student in Data sheet.  To do this, follow these steps:

• Activate Data sheet
• Click in cell C4 and type:       =VLOOKUP(B4,Gradelist,2)
• Press the [Enter] key to complete the formula

Formula result: C4

Formula Explanation

• AutoFill cell C4 to cell C15

Try This

• In cell D4, determine the Remark for the first student

Formula result:     Credit

This formula is the same as the previous formula. This time it returns the text in the same row from the third column of GradeList corresponding to the grade

• AutoFill cell D4 to cell D15

Final Result:

Optional: Right-click on Grade sheet tab and select Hide to hide this worksheet

• You can edit the Total marks for the students or add new records to the table

Grab a copy of my new book Excel made Easy

BB Series - MS Word & Excel Practical Textbooks now available for SHS and Tertiary Institutions

 

The use of technology in various fields is an undisputed fact and mastery in MS Word & Excel are skills highly sought after by employers even after school. Since there are greater access to computer-based technology in the schools, focus have been on training students to effectively use all the applications the computer comes with not forgetting MS Word & Excel.

Therefore, BB’s monolithic works Easy Guide on Word and Excel made Easy for Senior High Schools and Tertiary Institutions, which are the second editions of his first edition titled Excel for All provides the necessary content for those who want to master MS Word & Excel. The current editions has materials that have further been updated where called for. These editions are replete with illustrations that are friendly to students in the SHS and Tertiary Institutions. The idea is to give enough skills to students/teachers/workers to navigate around any Word & Excel related works.

These books contains Step-by-step instructions, Demos, Self-Challenged practical works with their results and 100 MCQs each.

In Excel made Easy textbook, Flash Fill, Relative and Absolute Referencing, Dynamic Names, Data Validation, Advanced Data Analysis functions (Like SUMIF, COUNTIF, VLOOKUP, HLOOKUP, RANK, PMT, DATEDIF), Charts & Graphs, Pivot Tables among others

It is gratifying to learn that these practical oriented works have come at a time when the Government of Ghana is integrating Information Communication Technology into the working environment and in schools as well.

In addition, Easy Guide on Word and Excel made Easy for Senior High Schools and Tertiary Institutions will be very good practical guide to students at the tertiary who undertake compulsory and  ICT courses. These books are also a good reference materials to assist teachers in their teaching. For example, current research (Benning & Agyei, 2016) is championing the integration of Spreadsheet in teaching aspects of Mathematics. 

What makes Easy Guide on Word and Excel made Easy for Secondary Schools and Tertiary Institutions outstanding is that they guide the user to easily perform a task in Word & Excel and learn something as well.  It is therefore hoped that the book will be found useful in numerous ways in diverse places/organizations/schools where Word & Excel are paramount to their success.

Some Relevant Digital Transformation Checkpoints For A Digital Economy

Africa should think big on digital development. At the current, incremental pace of economic and social advancement, according to the world bank, too many of Africa’s expanding youth population will be denied the opportunity to live up to their potential. Digital technologies offer a chance to disrupt this path–unlocking new pathways for rapid economic growth, innovation, job creation, and access to services that would have been unimaginable only a decade ago. Yet there is also a growing ‘digital divide’, and increased cyber risks, which need urgent and coordinated action to mitigate.

An effective digital transformation strategy is a catalyst for business growth and allows organizations to make most of the cutting-edge technological innovations. With technology disrupting most traditional business models, organizations need to invest more than ever to stay relevant in a fiercely competitive market. Also, there is the need to put people at the center of the digital future by equipping them with foundational skills in literacy and numeracy, digital and “soft” skills such as communication, management, analytical thinking, and problem-solving skills. Lack of such relevant skills in the digital age can limit opportunities for many African countries to make the most of digital technologies and catch up. Individuals have the chance to tap into the many areas in the digital space and must position themselves in order not to be denied the opportunity to live to expectation.

The inability of the formal sector employment to keep pace with population growth is forcing most of the youth into the growing informal economy-safeguarding employment and income, thus allowing young people to enter the labour market. Digital technologies, however, have diverse effects on the work of those in the informal economy. Technology-based innovation processes in the informal economy can enhance productivity and the working conditions of those who work in the informal economy. However, it can also mean new dependencies and discrimination. Digitalization requires those who work in the informal economy to have new skills–digital skills but also basic literacy.

For instance, capturing data makes it easy for End Users to digitize content. Data capture, or electronic data capture, is the process of extracting information from a document and converting it into data readable by a computer. Data capturing can also refer to collecting relevant information, whether sourced from paper or electronic documents. It is important for businesses in the informal sector to learn to digitally capture and route information, in simple and effective ways, integrating with desktop scanners, multi-function devices, mobile devices, email, and existing business applications. Learning to trade online, creating digital signatures, emails, and accounts, accessing digital and payment platforms, etc., should not be the preserve for the formal sector only. The informal economy needs much introduction and training in relevant skills to elevate and catch up to the time. For example, only a few citizens have digital IDs or transaction accounts–locking them out of access to critical digital services and e-commerce. 

For many youths, marginalized sections of society, and adult learners, access to digital and soft skills training can be expanded through non-formal technical and vocational education and training provided by government institutions outside the formal education system, non-governmental organizations, and civil society, international organizations, and the private sector. This requires adequate funding to relevant and flexible courses that are aligned with employers’ or industry needs, as well as continuous professional development for trainers and resources.

As Ghana progresses with its digitization agenda, policy interventions are needed and should be prioritized to increase female access to and enrolment in formal and informal technical and vocational education and training, as well as developing gender-sensitive, employer-led training models. Policies should also be directed at prerequisites that are required to prevent the digital divide from becoming wider and to ensure that disadvantaged groups also benefit from the digital transformation. These policies must strengthen innovation and knowledge systems through domestic markets. This can help businesses develop marketing strategies, move into more sophisticated products, boost technology uptake, and increase implementation and innovation. This also promotes strategies to nurture and support skills upgrading, employment initiatives, and developing the infrastructure for training programs in digital skills. Certainly, this can also boost Ghana’s readiness to leverage cross-border trade opportunities.

Educational and research institutions, training providers, and businesses need to promote digital skills development and upgrading. Industry associations, research and development organizations, makerspaces, hubs, and technology parks must collaborate to scale up digital skills development and training in Africa, centered on the future of the workforce, and in areas such as robotics, Internet of things, artificial intelligence, digital design and fabrication, 3D printing, cybersecurity, cryptography.

Public-private collaborations can support hubs and makerspaces that are integrated and linked with the rest of the domestic economy, driving innovation and skills development in all fields, including construction, health, agriculture, transportation, waste management, education, etc.

Africa can harness the digital economy as a driver of growth and innovation, but if it fails to bridge the digital divide, its economies risk isolation and stagnation. If industries in emerging economies and developing countries grow because of new technologies, this may increase the number of formal jobs and cause a corresponding reduction in informality. It is therefore important for developing economies to take deliberate steps to invest in digital skills development and transformation.

Author: Richard Kafui Amanfu – (Director of Operations, Institute of ICT Professionals, Ghana)

For comments, contact richard.amanfu@iipgh.org or Mobile: +233244357006

Source: www.iipgh.org

The importance of quality in software – 3

In this 3rd article in a series about software quality, we are focusing on the need for software testing and how to go about it. While we see a steady improvement in the state of software quality and continuity in Ghana, the need for various types of software testing is still unknown territory for a lot of businesses. But it is a risk to “go live” with any ICT system that has no guaranteed quality. The question is if all functionalities are working properly with no errors. But security in the sense of business continuity and unwanted penetrations are equally important.

Quality in Software: the case for software testing

Sometimes, an organization acquires a standard software that must be set up for its business processes, sometimes a tailor-made application is being developed for you by a software company. Whether this is a complex web application, an app, or a simple website, it is always key to have the software thoroughly and systematically tested.

In West Africa, more and more organizations rely on IT systems for their operations, and therefore software errors can cause accidents or serious losses. Often there is a big pressure to release an application and testing can be tedious and therefore expensive. Management will be tempted to skip this phase and go live with a new application quickly. Quality engineers inside your organization should therefore be actively involved and assess the inherent risks as compared to the time and money involved in more testing.

Two examples to illustrate this “value for money” approach.

A simple gaming app can go live on Google Playstore as a “Beta version” after limited testing. After that, customers will give feedback about eventual problems and the developer's team can make improvements. This will harm no one. However, when Boeing launched a new airplane with very complex pilot software, a lot of pressure was carried out to go live and a fatal software error remained unfound, leading to various fatal accidents.

As a business owner or director, you do not need to know all the technicalities of software testing. However, some basic notions are important to safeguard the go-live of a new application. After all, your business continuity may be at stake!

Very clear requirements as a point of reference: it is not possible to properly test software without any terms of reference to what the application is supposed to do. Normally, requirements are defined: if concrete user stories and features can be described, including designs of the user interface screens, it will be straightforward to verify if the new software is meeting these requirements. These can be functional requirements (“as a user, I can order a ticket for a soccer match online”) as well as so-called non-functional requirements (“if 250.000 fans of AC Milan try to order a ticket, as the system is still functioning”).

While developers are building an application, the first round of quality checks must be made. With a Code review: the first step in quality assurance in software development is a simple code review process. When a programmer has built a piece of code, one of his colleagues or seniors will review that work to check if it works, and if the conventions and documentation have been observed. After that, automated testing with the help of testing software can take place to see if the features work.

In addition, professional software testers are invited to thoroughly test the application in various ways. This can include tests on the performance of the app, penetration testing to check the vulnerability of the software for hostile attacks. It can also include integration testing. A new feature may unknowingly affect other applications or mess up a certain database. You want to be sure that the new software does not bring down your system on the Monday morning after its weekend go-live! Professional software testing can test such a large change in a test environment, a separate duplicate of your IT systems. Until that works well, the software is not allowed to be moved to a “production environment” as IT professionals call it.

User acceptance testing deserves special attention. The employees in your organization are usually experts in their own jobs and should be able to work with a new software after proper instruction. They are the best people to judge if the new product does what it is supposed to do. A certified test manager can organize and lead a project where such end-users are invited into sessions to systematically test the new software with the help of scripts set up by the test manager.

Each test round will yield long lists of bugs and wishes for improvement that should be addressed before the software can finally be released. Here too, common sense is key. There are always “nice to have” and small bugs left. With clear acceptance criteria being defined at the start of the project, these issues should not prevent the software to go live.

Indeed, software testing can look complex, but it is very necessary to assure quality while you implement new IT systems in your organization. If you do it well, introducing a new application can be safe and smooth.

Authors: Diana van der Stelt (Member, Institute of ICT Professionals Ghana) and Anthony Yeboah Asare, Trinity Software Center in Kumasi, sales director, and quality engineer

www.trinitysoftwarecenter.com | info@trinitysoftwarecenter.com

Source: www.iipgh.org

 

The importance of quality in Software

We all have the experience of having great expectations when buying something and then being disappointed. A new car of a renowned brand. A beautiful suit or handbag.  A dinner in a restaurant with a great chef. While we are ready to pay well for the quality we are anticipating, the deception comes with the poor customer service. Long waiting times, a bad response if something irregular happens, or poor performance if we want something to be changed compared to the standard delivery. When we acquire a software application (either a SAAS (Software-As-A-Service) or have a tailor-made solution for our business processes, customer service is just key. Here are the main things to look out for and to expect from a good software provider when it comes to customer service and support.

Quality in software–customer service and support  

If you have found a software application that fits your business needs well, it is important to realize that the software comes with a whole environment to assist you as a customer to use it well and with no issues. In fact, very good software may come with terrible customer support, leaving you in trouble for a long time when there is something you do not understand. I remember acquiring a top-notch product in the USA, to only find out that its support organization in Europe was not working at all: 10 different phone numbers in different countries, and none of them were working or could answer our pressing questions!

The need for good customer service starts right already with your acquisition process.

Clarity: while you are still in the middle of the procurement process, it should be easy to get clarity on the precise features, legal arrangement (contract conditions), and the “total cost of ownership” that the application is going to give you. It should be easy to find out what additional costs may be incurred and what the exact scope of the contract is, to avoid any unpleasant surprises.

Implementation: how easy is it for your organization to use the software? Is your new vendor going to assist you with your data migration (or digitalization in case you did not use IT for this process before)? Is there training of personnel? Is their help in the adaptation of your business processes to use the software smoothly? Do their consultants come on-site to help you do all the changes and is that expensive?

Professional help desk: a software vendor who takes customer service seriously will have a professional helpdesk that professionally processes all incoming calls and uses this information to improve its services. It has a smooth escalation model for more complex questions and problems. As a customer, you will have the confidence that your problem is being always dealt with by the right person. Professional service personnel are always polite and take you seriously. 

Frequently asked questions: for the most common and returning questions about the use of the software, simple and clear web pages and instruction videos should be available to help you out, in the early stage of using a new application.

Easy contact: it should be easy to get in contact with the right person to discuss questions or problems. Currently, a lot of applications have in-built chat functionality in the software or on their website. These “Chatbots” may or not be able to communicate with you properly and should quickly lead you to an actual human to deal with your matter. It should be easy to find support for all your users.

Response time: when an issue occurs, and you are stuck using the software, your vendor should be able to solve the issue quickly regardless of the cause of the problem. “Downtime” can be defined as the number of minutes or hours per month that the software is not working, which obviously should be as limited as possible. If caused by maintenance, this should be announced and planned carefully by the vendor in such a way that business continuity is guaranteed.

Some software companies even have a feature where you grant the service employee to “take over your screen” to see what is wrong and help you fix the issue quickly.

Continuous improvement: while you do not want the software, you acquired to change constantly; it is important that feedback from customers is regularly used to improve the software. This may include new features that are very useful, fixing small bugs, or improvement of features that are causing confusion for the users. Good customer service implies that your vendor listens to you and is constantly willing to improve its product.

Authors: Diana van der Stelt (Member, Institute of ICT Professionals Ghana) and Anthony Yeboah Asare, Trinity Software Center in Kumasi, sales director, and quality engineer

www.trinitysoftwarecenter.com | info@trinitysoftwarecenter.com

Source: www.iipgh.org

GES Dumps Free SHS ICT Coordinators in the Senior High Schools, Sets to Recruit new IT Officers

ICT teachers in charge of Free Senior High School enrolment in the various Senior High schools clashed with the Ghana Education Service for the recruitment of new Information Technology Coordinators to manage the school's database. Ministry of Education trained ICT these teachers in the various Senior High Schools in 2017 to manage the information system in the schools. Series of training workshops have been organised for the ICT teachers for the past four years.

These teachers are responsible for managing the school database, entering students data on students information systems, preparation of school academic timetable, entering students record in the West African Examination Council (WAEC) database.

The teachers have been performing the above roles in the Senior High Schools since the introduction of the Free Senior High School policy. The ICT teachers requested an allowance from the Ghana Education Service as compensation for the additional responsibilities assigned to them. Since 2017 the teachers have been calling on the management of the Ghana Education Service to pay them some allowances for the additional roles they play in the schools. No holidays for the ICT teachers who have taken the role of ICT coordinators in the various schools, they belong to both tracks in the double-track schools, they work throughout the academic calendar.

Management of Ghana Education Service has given them assurances of an incentive package. Anytime the teachers complain about allowance they are told by the GES that, their incentive package is in the pipeline, they should be patient. The small allowance to be paid for these teachers has been a challenge for Ghana Education Service, but they have been able to secure a financial clearance to recruit new ICT coordinators to take up their roles in the school.

The ICT teachers are demanding compensation from the Ghana Education Service for the four years they have worked as ICT coordinators without any remuneration or incentives. These teachers have worked as ICT coordinators for the past four years and they have gained a lot of experience in the field, at least Ghana Education Service should have maintained them by paying a little allowance for them, they have done voluntary work as ICT coordinators and this treatment is unfair to them.

Ghana Education Service planned to implement the new GES ICT policy in the next academic year, students will be allowed to use smartphones in the school to be connected to the free WiFi installed in all the seven hundred Senior High Schools, the ICT coordinators are to manage the school network, a software has been developed by Ghana Education Service to restrict the use of the WiFi by students, the ICT coordinators will be responsible for monitoring the school network.

Source: https://www.operanewsapp.com/gh

Building Sufficient Digital Value and Ttrust

Value is the regard that something deserves importance, worth, or usefulness. It is also the principles or standards of behaviour - individual or collective. In ethics, value denotes the degree of importance of something or action, to determine what actions are best to do or what way is best to live or to describe the significance of different actions. It is also the monetary or non-monetary worth given to virtual assets or contents. 

Trust is the firm belief in the reliability, truth, or ability of someone or something. Trust is the most important business and brand asset you manage, especially in relationships with customers, clients, employees, and stakeholders. An economy works because people trust each other and the businesses they support.

Companies everywhere are pursuing digitalization projects - putting emerging technology into action while aiming to solve problems, create unique experiences, and accelerate business performance. By doing this, value and trust must be created.

Digital value is the business value or economic value generated through digitization. All economic systems and business interactions result in costs for information exchange, coordination, safeguarding, enforcing, etc. Digitalization lowers these costs and therefore gives a free rein to value and is expected to bring greater tangible and intangible value. In a traditional sense, digitalization refers to the use of computer and internet technology for a more efficient and effective economic value creation process. In a broader sense, it refers to the changes that new technology has overall; on how we operate, interact, and configure, and how wealth is created within this system. It has become clear by now that digitalization has an obvious, lasting, and even revolutionary impact, not only on the economic systems and commercial players but increasingly on the lives of individuals and on society at large. However, it is important to understand the opportunities and potential challenges surrounding value creation in digital environments.

Digital value constitutes worthiness desired based on the use of digital information and communication technology, resulting in goods and services that possess some inherent quality.

Digital trust then is the confidence users have in the ability of people, technology, and processes to create a secure digital world. Digital trust is given to companies who have shown their users they can provide safety, privacy, security, reliability, and data ethics with their online programs or devices.

For example, Amazon has created value over the years and built trust. Since its beginnings in 1994 as an e-commerce pioneer selling books and CDs online, Amazon has had to continually transform itself to grow. It is the world’s largest online retailer of books, clothing, electronics, music, and other goods, developing in new business areas, and, in 2020, earned net sales revenue of over 380 billion U.S. dollars. Despite selling physical books, Amazon also introduced the Kindle and eBooks. In addition, it is threatening other businesses like Netflix and TV networks with its own content. Also, it became a leader in cloud services and hugely profitable in this field. Amazon Web Services (AWS) generates annual revenues and margins in excess. Due to global interest in cloud services and the disruption they are causing across various sectors, AWS has played an increasingly important role in the cloud services industry and has become an important revenue earner for Amazon. With its trusted and secure solutions, customers can rely on its services.

Digital trust has already become critical to how you develop and maintain positive, long-term relationships with your customers and other stakeholders. Building digital trust requires businesses to shift their efforts in identity, security, and compliance to a more inclusive customer engagement strategy. If the lifeblood of the digital economy is data, its heart is digital trust - the level of confidence in people, processes, and technology to build a secure digital world. Companies that show the connected world how to lead in safety, security, reliability, privacy, and data ethics will be the titans of tomorrow (2018 Digital Trust Insights). When a person decides to use a company's product, they are confirming their digital trust in the business. The more digital trust a company receives, the more likely it will be to gain more users. Trust underpins the success of every business, traditional or new age.

Each transaction and interaction on a personal, societal, and business level requires the establishment of trust. Businesses should make it clear to users what they stand to gain from their services and products, or technologies, by addressing what people are alarmed about, and emphasizing what people are giving up. Businesses should also focus on removing risk because it negatively affects a consumer's confidence level. As some businesses have started including cybersecurity and privacy personnel in their development process from the beginning, instead of ignoring them, it helps ensure the company is not avoiding security measures just to get their service or device on the market. Some businesses have also started adopting the zero-trust model which decreases the number of opportunities a hacker has to access secure content by limiting who has privileged access to different machines or segments of the network. 

As businesses strive to grow and create value through digitalization, it is relevant to consider building sufficient digital trust controls. There should be a deliberate effort to evaluate whether their personnel have the right skills aligned to design, build, and sustain digitalization initiatives, and if there is the need, acquire external resources. Tie security and trust in business the right way, in order not to misalign business objectives. For instance, companies can make progress by focusing on embedding data security into new products and services; conducting risk, regulatory, and compliance assessment; refreshing cybersecurity controls and plans; implement data-governance programs that determine not only where sensitive data lives but also the value to the business and how to protect it; manage risks for the whole data lifecycle, including creation, storage, using, sharing, archiving, and destruction. Also, monitoring of technology infrastructure to enable high availability, disaster recovery, and data integrity; focus on identifying new and emerging legislation, rules, and implementation guidelines; as well as use an integrated compliance approach - businesses operating across different jurisdictions should comply with the highest standard.

Author: Richard Kafui Amanfu – (Director of Operations, Institute of ICT Professionals, Ghana)

For comments, contact richard.amanfu@iipgh.org or Mobile: +233244357006

www.iipgh.org

Protection of Ghana’s Critical Information Infrastructure in the Cyber Security Act

Critical Information Infrastructure (CII), which is also referred to in some jurisdictions as critical national infrastructure or critical infrastructure, are institutions of a country that, when disrupted, will disturb the economy, livelihood, and security of the citizens of that country. These infrastructures are at the heart of every state, hence any disruptions to them will jeopardize the smooth running of the state.

Due to their importance, they have become a major target for terrorists, hackers and other states as witnessed globally in recent times. According to Jackpotting & Muncaster (2018), out of over 200 responses received from CII organizations in the UK, 70% of them had experienced service outages in the past two years. 35% of these outages were due to cyber-attacks.

According to the World Economic Forum’s 2020 Global Risks Report, cyberattacks on CII (ranked 5^th top risk in 2020) is now “the new normal” in the health, energy, and transportation industries.

Ghana’s Cybersecurity Act, 2020 (Act 1038) spells out a number of controls (provisions) for protecting Ghana’s CII. Sections 35 to 40 of the Act are dedicated to protecting these infrastructures. In my view, the Act itself and the inclusion of these provisions is largely influenced by the Ghana National Cyber Security Policy & Strategy document dated March 2014.

In the presentation of the National Cyber Security Advisor at the 17^th Knowledge Forum of the Ghana Chamber of Telecommunications (7^th July 2021), he mentioned the following 13 sectors as CII of Ghana: education, finance, defence & security, ICT, transportation, health, government, mining, manufacturing, energy, water, emergency, and food & agriculture.

The following sections of this article discuss provisions of the Act related to protecting Ghana’s CII.

Designation and withdrawal of CII

The Minister may upon the advice of the Cyber Security Authority (CSA), designate a computer system or network as a CII if it is deemed necessary for national security, or the economic and social well-being of Ghanaians.

The determination of a CII should consider if the infrastructure is necessary for the security, defence, or international relations of Ghana if it is related to communications and telecommunications, financial services, public utilities, public transportation, public key infrastructure, public safety, public health, international business or communication affecting Ghanaians, the legislature, executive, judiciary, public services or security agencies.

Designated CII shall be gazetted, and a procedure for regulating them shall be established by the Minister.

The Minister may, also upon the advice of the CSA and by a gazette publication, withdraw the designation of a CII at any time if the infrastructure is considered as no longer meeting the defined criteria of a CII.

Registration of CII

The CSA is mandated to register all CII. It shall determine the registration requirements, procedure and any other matter relating to the registration.

Duties of owners of CII

Owners of registered CII shall, within seven (7) days after a change of ownership, inform the CSA of such change. Contravention of this clause shall result in the payment of administrative penalty between GH¢6,000 and GH¢120,000.

Owners of CII shall report cybersecurity incidents within 24 hours after detection to the relevant sectoral computer emergency response team or the national computer emergency response team. They shall also cause an audit to be performed on their infrastructure and submit a copy of the report to the CSA. Contravention of this clause shall result in the payment of administrative penalty between GH¢3,000 and GH¢120,000.

Management and compliance audit of CII

The Minister shall recommend minimum standards for prohibitions regarding the general management of CII, considered necessary for protecting national security.

The CSA shall conduct periodic audits and inspections on CII to ensure their compliance with the provisions of the Act.

Unauthorized access to CII

A person shall not access or attempt to access a CII without authorisation. Anyone who contravenes this clause can be convicted to a fine between GH¢30,000 to GH¢180,000 or imprisoned between 2 years to 5 years, or to both.

If unauthorized access to a CII results in a serious bodily injury, financial loss or damage to the infrastructure, the perpetrator can be convicted to a fine between GH¢60,000 to GH¢600,000 or imprisoned between 5 years to 15 years, or to both. However, if the unauthorized access is considered to be a terrorist act, the perpetrator can be imprisoned between 7 years to 25 years.

If the unauthorized access is related to an organization, the organization can be convicted to a fine between GH¢300,000 to GH¢600,000. Also, every director, officer, or management of the organization shall be deemed to have committed this offence and can be convicted of a fine between GH¢60,000 to GH¢600,000. However, a person cannot be convicted under this clause if it is proven that he/she exercised due diligence in preventing the commission of the offence, and the offence was committed without his/her knowledge or involvement.

Conclusion

The recent wanton cyber-attacks on CIIs globally give cause to worry as a nation. It is extremely important for CII to cooperate with the Cyber Security Authority to safeguard the security, economy, and safety of Ghana.

Compliance with the stipulations of Act 1038 ought to be taken seriously, irrespective of the sector (Private or public) and industry.

The Cyber Security Authority ought to collaborate with key stakeholders to create more awareness on this Act for the general public, owners of CII, the security agencies, lawyers and the judiciary.

Author

Sherrif Issah (Information Security Governance, Risk & Compliance Professional, and Director of Communications; IIPGH)

For comments, contact author mysherrif@gmail.com | Mobile: +233243835912

Source: www.iipgh.org

Data Protection in Africa

Data protection is about safeguarding our fundamental right to privacy by regulating the processing of personal data: providing the individual with rights over their data and setting up systems of accountability and clear obligations for those who control or undertake the processing of the data. Digital rights are basic human rights in the internet era - linked to freedom of expression and privacy, those that allow people to access, use, create and publish digital media, as well as access and use computers, other electronic devices, and communications networks. As a user of digital technology, you also have the right to privacy and the freedom of personal expression.

2020 brought several major developments in the world of data protection legislation. Also, the rise of so many digitally enabled markets in Africa means that more consumers are being asked to give access to their personal data, including financial, demographic, and geolocation data. As the 55 African countries of the African Union (AU) move towards greater integration of trade policies through the African Continental Free Trade Agreement (AfCFTA), one area of noted trade policy divergence is the governance of digital trade. African nations have varied rules governing the protection of personal data, with some countries offering little to no protection policy while others have extensive digital governance frameworks. As internet connectivity, broadband access, and digital trade have converged with wider economic development, the extent to which African nations form policies governing the digital landscape can also shape development across the whole continent.

The Internet has introduced new spaces. The online environment has gone mainstream, and there is more democratic participation. As we increasingly conduct our lives online—shopping, socializing, and sharing information—our digital rights, particularly the rights to privacy and freedom of expression, are becoming more important. We need to understand how our data is being used by companies, governments, and internet giants such as Facebook and Google. Is it being handled fairly and carefully, sold, or shared without our consent?

As governments and companies collect our personal data, cybercriminals are also easily collecting our personal data and tracking our movements and activities. It is important to know who has access to the data trail or footprints we create online. Brands want to look at the content that we create and share, such as our social media profiles and location data from mobile phones, because it helps them build a picture of how we spend our time and money. Also, employee records, customer details, transactions, and data collection through surveys need to be protected. This is to prevent that data from being misused by third parties for fraud, such as phishing scams and identity theft. Thus, the regulations governing the protection of personal data are becoming increasingly important.

Data privacy is a fundamental right that is yet to be completely established across many countries in Africa. Only 32 countries in Africa have data privacy laws. The African Union convention on cybersecurity and personal data protection (Malabo Convention) 2014, sets a strong intention of protecting personal data and ensuring cybersecurity in Africa. The Convention seeks to establish a credible framework for cybersecurity in Africa through the organization of electronic transactions, protection of personal data, and promotion of cybersecurity, e-governance, and combating cybercrime. It also provides a personal data protection framework that African countries might switch into their national legislation for it to have the full force of the law and encourages African countries to recognize the need for protecting personal data. By this, emphasizing the responsibility of African states to respect, protect and fulfil human rights online for all people.

The continent is divided along the line of countries with a framework, an insufficient framework, and no framework. Many countries are also yet to adopt any major data protection regulations. The divergent framework creates a fractured terrain for data protection and enforcement of the law across the continent, and for establishing a common market for regional trade in digital goods and services.

Despite the gaps, Ghana has spent considerable efforts to update and amend laws and regulations to encourage the establishment of a larger digital trade economy. This includes laws that govern the protection and privacy of personal data. Ghana’s Data Protection Act came into force in 2012 to protect the privacy of individual and personal data by regulating the processing of personal information. In 2019 Kenya, Nigeria, Togo, and Uganda enacted data protection policies, followed by Egypt, to create a data protection framework with its Personal Data Protection Law. Next came South Africa, whose Protection of Personal Information Act came into force in 2020. Other countries are revising existing data protection policies or working to establish structures to enforce existing laws and regulations.

Although the gaps and wide flexibility of privacy and data protection laws from country to country, the economic and trade impact on technology firms seems to be minor, as the size of the African digital market is still growing. In the wake of emerging technologies, several new data security laws around the world will be enforced, introducing among others, mandatory data breach notifications, and increased penalties for non-compliance. 2021 will see these changes applied and for Ghana and other African digital economies to grow, we must push for enforcement and compliance, and fall in line with the international standard set by the General Data Protection Regulation (GDPR). Cross-border transfers are likely to be one of the big compliance issues being tackled by legislative bodies and data protection authorities must ensure a regularization and normalization of data transfers between countries.

 Author: Richard Kafui Amanfu – (Director of Operations, Institute of ICT Professionals, Ghana)

For comments, contact richard.amanfu@iipgh.org or Mobile: +233244357006

Source: www.iipgh.org

SCRUM: The New Way To Manage your IT and other Projects

SCRUM has quickly become the new standard way to do IT projects. In this article, the authors explain the way SCRUM differs from traditional methods of project management like PRINCE 2 or PMP and why it may help you as a business owner to achieve your goals.

Traditional project management demands detailed upfront planning for a complete project. There is a lot of attention to fixing the scope, in terms of the end product, delivery date, and budget. These parameters must be managed and reported, often in bulky documents to bureaucratic committees. Whereas SCRUM encourages data-based, iterative decision making in which the primary focus is on delivering products that satisfy customer requirements.

To deliver the greatest amount of value in the shortest amount of time, SCRUM promotes prioritization and time-boxing over fixing the scope, cost, and schedule of an entire project. Important features of SCRUM are self-management and cross-functionality, which allow the individuals who are actually doing the work to estimate and take ownership of tasks.

There has always been a lot of “pride” with people who were doing projects in PMP or PRINCE 2, but in reality, there were many problems, in particular in IT projects.

In a lot of projects, the scope seems to be clear in the beginning, but as time goes on, there are either new insights or new external developments that require a change. In such cases, classical project management is too slow and inflexible because it requires time-consuming decision-making. In the end, the project either does not meet the expectations of the end-users or has exceeded its timelines and budgets excessively. Everyone is disappointed.

In classic project management, a lot of roles and responsibilities are clearly defined, and processes are being put in place to help the project advance (monitoring, change management, etc.). This looks solid, but it is not only slowing down the pace of the work (you have to wait for another board meeting before you can continue). It also gives people the entitlement to stick to their own responsibilities only, rather than taking charge of the total project result. One can always refer management to another team member to be blamed for the problems.

SCRUM, on the contrary, acknowledges that most problems are messy, and realities are always changing. It tries to be productive and creative in such a context, AGILE SO TO SPEAK. At the same time, it wants to deliver products of the highest possible value.

In 2000, SCRUM inventors Ken Schwaber and Jeff Sutherland were so frustrated about costly and failing IT projects, that they created the SCRUM guide as an alternative. So, SCRUM is a lightweight framework that helps people, teams, and organizations generate value through adaptive solutions for complex problems. SCRUM as a concept originates in Rugby as the frequent get-together of a team to restart the match after an incident. The SCRUM guide elaborates on that principle with accountabilities, events, artifacts, and the rules that bind them together.

Although SCRUM may be unsuitable for certain projects (like the construction of a power plant where everything needs to be planned upfront) you may want to explore the possible advantages for your business such as faster delivery, higher customer satisfaction, or happy personnel. Learning SCRUM is not difficult: an interactive course of a few days may get you started (various institutes like Maxim Nyansa IT Solutions in Accra, provide in-company training with optional certification exams). But the practice is harder than it seems because SCRUM profoundly changes the way people in the organization interact.

We see that organizations that actually benefit from SCRUM are those who have actively engaged the management as well as the SCRUM teams in the introduction of the concept. Everyone needs to be involved.

For the managers, this is most difficult. They are used to having control of an entire team, but in SCRUM the team gets most of the responsibilities. In the beginning, it may be scary to let go of certain things, but often it turns out to be an advantage that the team members all bring in their talents and ideas and take charge of the result. And of course, any change in the way you work will evoke a certain level of fear and resistance. SCRUM is no exception in that, you must have the courage to embrace change.

However, you will soon find out that your employees will enjoy their work more and be more productive. 

If you think this article is appealing to you, you may give it a try starting with a pilot in one of your projects or teams after a short practical training. But if you believe that SCRUM is still a bridge too far for your organization, note that the approach can also be used in your personal life or for your personal development. For example, you can use SCRUM techniques to set your personal goals for your week, your year, or for your personal development. Then, use other SCRUM tools to plan your actions, to monitor, evaluate and continuously improve yourself.

Author: Diana van der Stelt is a social entrepreneur outsourcing SCRUM teams to the Netherlands at Trinity Software Center in Kumasi and the Co-founder of Maxim Nyansa IT solutions, an IT training center in Accra | Member, Institute of ICT Professionals Ghana. Elvin Assiam, agile SCRUM trainer and consultant with Maxim Nyansa IT solutions

For comments, contact dianavanderstelt@trinitysoftwarecenter.com

Source: www.iipgh.org

Mobile App Permissions – what you need to know

The growth of the mobile application (app) industry is on the ascendancy. Using smartphones have increased and serves as a major driver of innovations. Companies have leveraged the capability of the smartphone to lower costs at various levels. Unfortunately, certain elements in society have taken undue advantage of the growth in the mobile app industry. The interest of unscrupulous mobile app developers have led to the collection of excessive amounts of personal information for various reasons, including aggressive marketing campaigns.

Mobile apps may require access to both the capabilities of the devices they reside on and the user information contained on those devices to function. As users go about their lives, their mobile devices produce a vast trove of personal information and data, ranging from the user’s location to a history of his or her phone calls or text message interactions. This puts apps at the center of debates about privacy in the digital age.

Mobile apps operate on the principle of permissions, to protect your data from exploitation. This means that applications can access hardware and data only if they are given permission. The system maintains a list of permissions for each application installed on the device. Mobile apps permissions have improved a lot over the years. Despite that, the apps are not trustworthy. Mobile apps’ permission system is intended to inform users about the risks of installing applications. When a user installs an application, he or she has the opportunity to review the application’s permission requests and cancel the installation if the permissions are excessive or objectionable.

The permissions you have granted to apps you installed, give the apps control over your phone and access to your private conversations, photos, and more. Anyone concerned about their privacy and security should keep an eye out for apps that request access to some critical permissions. For example, if you allow an app access to your camera, the app will automatically have access to take pictures as well.

The following access must be carefully scrutinized and any app that seeks access must be watched carefully according to AVG (https://www.avg.com/en/signal/guide-to-android-app-permissions-how-to-use-them-smartly#topic-2)

Body Sensors

Allow access to your health data from heart-rate monitors, fitness trackers, and other external sensors. Fitness apps need this permission to monitor your heart rate while you exercise, provide health tips, etc. A malicious app could spy on your health.

Calendar

Allows apps to read, create, edit, or delete your calendar events. Calendar apps obviously need this permission to create calendar events, but so do social networking apps that allow you to add events and invitations to your calendar. A malicious app can spy on your personal routines, meeting times, etc. — and even delete them from your calendar. 

Camera

Allows apps to use your camera to take photos and record videos. Camera apps need this permission so you can take pictures. A malicious app can secretly turn on your camera and record what is going on around you.

Contacts

Allows apps to read, create, or edit your contact list, and access the list of all accounts (e.g., Facebook, Instagram, Twitter, etc.) used on your device. A communication app can use this to let you text or call other people on your contact list. Likewise, a malicious app can steal the entire contents of your address book and then target your friends and family with spam, phishing scams, etc. 

Location

Allows apps to access your approximate location. Navigation apps can help you get around and a malicious app can secretly track your location to build a profile on your daily habits, or even let thieves know when you’re not at home.

Microphone

Allows apps to use your microphone to record audio. A communication app can use this to allow you to send voice messages to your friends. A malicious app can secretly record what’s going on around you, including private talks with your family, conversations with your doctor, and confidential business meetings.

Phone

Allows apps to know your phone number, current cellular network information, and ongoing call status. Apps can also make and end calls, see who’s calling you, read and edit your calling logs, add voicemail, use VoIP, and even redirect calls to other numbers. A malicious app can spy on your phone habits and make calls without your consent (including paid calls).

SMS

Allows apps to read, receive, and send SMS messages. Communication apps can use this to let you message your friends. A malicious app can spy on your messages, use your phone to spam others, and even subscribe you to unwanted paid services. 

Storage

Allows apps to read and write to your internal or external storage. An app can save downloaded songs to your SD card, or a social networking app can save your friends’ photos to your phone. A malicious app can secretly read, change, and delete any of your saved documents, music, photos, and other files.

 Author: Emmanuel K. Gadasu

Member & Data Protection Officer, IIPGH | Data Privacy Consultant at Information Governance Solutions

 

For comments, contact author  ekgadasu@gmail.com  or Mobile: +233-243913077