Integrating NIST and ISO Cybersecurity Audit and Risk Assessment Frameworks into Cameroonian Law

Abstract

This paper reviews cybersecurity laws and regulations in Cameroon, focusing on cybersecurity and information security audits and risk assessments. The importance of cybersecurity risk assessment and the implementation of security controls to cure deficiencies noted during risk assessments or audits is a critical step in developing cybersecurity resilience. Cameroon's cybersecurity legal framework provides for audits but does not explicitly enumerate controls. Consequently, integrating relevant controls from the NIST frameworks and ISO Standards can improve the cybersecurity posture in Cameroon while waiting for a comprehensive revision of the legal framework. NIST and ISO are internationally recognized as best practices in information security systems and cybersecurity risk management. This paper highlights the lack of specific international law provisions addressing cybersecurity audits and risk assessments. Overall, the paper highlights the importance of continuous risk assessment and monitoring, implementation of security controls, and compliance with organizational policies, relevant laws and regulations to ensure the adequate protection of information systems. Finally, the paper underscores the importance of improving Cameroon's cybersecurity regulations by integrating provisions from NIST and ISO.