The fact that there is high internet penetration in Africa / Kenya where an average of one user for every five has access to affordable internet has created enabling environment for cyber-criminals.
By the nature of cyberspace where the perpetrators of cyber-crime remain ubiquitous. This necessitated a need for legislation to control crime, and to provide confidence and security in African cyberspace, leading to the drafting of the Africa Union Convention on Cybersecurity (AUCC). But some groups like CIPIT and civil society opposed the convention on the ground that it was prepared without their inputs. Their main argument is that the convention did not make enough provisions to protect privacy and freedom of speech.
Member States have to undertake necessary measures to encourage the establishment of institutions that exchange information on cyber threats and the evaluation of vulnerabilities such as Computer Emergency Response Team (CERT). Kenya has at least done something on this by establishing KE-CIRT at CA. There is also a masterplan and PKI in place thou there has been implementation challenges. We will note that most governments departments have not yet established cybersecurity departments and this leads to low / lack of budgetary allocation.In summary Government bodies, policy networks, scholars, the media, technology experts and the people need to engage in a global conversation that will help demystify Cyber-crime and define what it constitutes of and how Cyber-criminals should be dealt with.
The role of the media (television, blogs, online news outlets and more) is critical in the process of educating the public and engaging in a conversation, as they will be the mediators and curators of information and discourse on the issue. Thus, a concise and sensible approach, devoid of fear-mongering and shock practices, should be followed. We all remember recently how media has mishandled cyber crime news without a very somber deep analysis
Since this is an international issue, governments and policy networks across the world have to come together and discuss openly on what is better for their citizens. Something like AUCC is a positive move by African states
Scholars and academics can provide valuable expertise on technological, psychological, ethical and other issues, while highlighting any misgivings by those involved in the process. At least Strathmore has tried on this
The people in their local communities, families and social networks should help and train each other to increase their peers’ level of Internet literacy and highlight the advantages of the web. A higher Internet literacy level can help people protect themselves even better by taking simple security measures, such as using anti-virus software and identifying potential risks or scams in their online financial transactions. More is needed from the technology community to provide awareness to end users even if through probono program.The technology community needs a unity of purpose. Looking at programmers / developers, DBA, network admins, infosec there has been lack of proper coordination. Developers are working hard to prove that their products cant be broken. Infosec on the other hand are working so hard to prove to blue team / developers that they can break their products. At the end no one benefit from such a contest. Many technical conferences / seminars should be encouraged to enable sharing of information / knowledge in the local technology community.Great day comrades.On Tue, Jul 21, 2015 at 9:28 AM, Stephen Munguti via Security <security@lists.my.co.ke> wrote:Hello all,I think most of our security concerns stem from internal users and this is the reason many banks and telecos refuse to part with this information, i could be wrong thoughOn Tue, Jul 21, 2015 at 8:58 AM, Grace Mutung'u (Bomu) via skunkworks <skunkworks@lists.my.co.ke> wrote:_______________________________________________Dear Listers,
Kenya has had its fair share of high profile cyber threats, hacking etc, the latest being the alleged compromise of the IFMIS system at NYS/Ministry of Devolution. The country and Africa at large is making efforts to assure cyber-security. These include among others her involvement in the Africa Union Convention on Cybercrime and a proposal for a Cybercrime law, an initiative led by the Office of the Director of Public Prosecutions. Significant financial resources have also been earmarked by government for security and cyber security in particular. There are also partnerships between government and private sector in deploying cybersecurity centres.
The private sector has employed practical measures to protect their businesses. However, businesses such as mobile money providers and banks have been shy to divulge their cyber security concerns to protect their interests.
Civil society on the other hand has raised concern about the line between protecting the cyber space and creating a facilitative environment for innovators as well as protecting the rights of users.
Are our efforts at deterring cyber-crime the correct way to assure cyber security? Are fears about a partnership between government and private sector and the general fears about stifling innovation and human rights in the name of cybersecurity legitimate? Are there other practical approaches that different stakeholders can take to enhance cyber security?
Over to you.
--Grace L.N. Mutung'u
Nairobi Kenya
Skype: gracebomu
Twitter: @Bomu
<http://www.diplointernetgovernance.org/profile/GraceMutungu>
skunkworks mailing list
skunkworks@lists.my.co.ke
------------
List info, subscribe/unsubscribe
http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks
------------
Skunkworks Rules
http://my.co.ke/phpbb/viewtopic.php?f=24&t=94
------------
Other services @ http://my.co.ke
--
_______________________________________________
Security mailing list
Security@lists.my.co.ke
http://lists.my.co.ke/cgi-bin/mailman/listinfo/security
--
-------------------------------------
Kind Regards;
Fredrick Wahome Ndung'u
Team Leader
Secunets Technologies Ltd
Website: www.secunets.com
Cell: +254725264890
Email: fred@secunets.com
Facebook: secunetstech
Twitter: @secunets
Skype: secunets.technologies
Experts in: Domain Registration, Web Hosting, Open Source Solutions, Information Security & Training, Digital Forensic Investigations, Web 2.0 Applications & I.C.T Consultancy."Secure Business Technology"
------------------------------------------------------------------------------------------------------------------------------------------------SECUNETS TECHNOLOGIES DISCLAIMER:
This email message and any file(s) transmitted with it is intended solely for the individual or entity to whom it is addressed and may contain confidential and/or legally privileged information which confidentiality and/or privilege is not lost or waived by reason of mistaken transmission. If you have received this message by error you are not authorized to view disseminate distribute or copy the message without the written consent of Secunets Technologies and are requested to contact the sender by telephone or e-mail and destroy the original. Although Secunets Technologies takes all reasonable precautions to ensure that this message and any file transmitted with it is virus free, Secunets Technologies accepts no liability for any damage that may be caused by any virus transmitted by this email.
_______________________________________________
Security mailing list
Security@lists.my.co.ke
http://lists.my.co.ke/cgi-bin/mailman/listinfo/security