Hi Grace, Many thanks for this interesting discussion. I would like to look at the subject from a slightly different angle, culture. We need to be deliberate and intentional about building a culture of security. Generally most Kenyan citizens frown at Security processes and procedures and equate them to harassment. Herein lies the challenge. Kenya is an active participant in ISO 27000 series Standards Development and is a voting member of Sub committee 27 that deals with Information Security Management Systems. Tonnes of Standards are lying at the Kenya Bureau of Standards library which are not bought by local sme's and enterprises. Every time is ask some of them why they are not implementing the standards they say it is too expensive and cumbersome to implement. This standards can be used to enhance our Information Systems Security culture. The other challenge we have is that is that only Health related standards are mandatory any other standards including Information Security Management System standards are implemented on a voluntary basis. It is very difficult to protect data under such an environment since data resides within an information Eco-system. I am also reliably informed that the ICT Authority has implemented some Information Security Management System Standards and that it is part of the performance contracting system for some government officers. It would be great to have feedback on how effective the implementation has been in light of data breaches that attributed to the IFMIS system. In conclusion, we have to build a culture of information security management through an awareness campaign program and capacity building as institutions such as KICTANet are doing. Kenyan Companies should also strive to align their Information Security Management Systems in accordance with International Standards and or best practices such a ISO 27000 series. In fact as many as can get certified should be certified the way the Communications Authority has done. Best Regards On 7/11/18, Grace Bomu via kictanet <[email protected]> wrote:
This is interesting. We have been conditioned to believe that more and more data is needed from us to usher us into the brave new world. And the use of good old maths to solve shiny new computing problems- We would be interested to hear more.... Thank you for this perspective
Il mercoledì 11 luglio 2018, John Paul Karijo <[email protected]> ha scritto:
I was in a multidisciplinary conference a few weeks ago and this presenter was working on a mathematical formula that would allow us to measure the optimum level at which to give up privacy in order for meaningful use to be viable on the data that is accessed.
A kind of a sweet spot where the data collected from users is sufficient for analysis, for computation, for analytics... enough for A.I and ubiquitous computing and yet not to the level where it is personally identifiable or can be used for unwarranted or unsolicited or harmful targeting.
He is still working on this - I will go look up his name and share later tomorrow.
He said something interesting though - that coders didn't know how to do this Math...and didn't consult mathematicians (speaking of needing each other)
My reservations though is that even if this did come to fruition in the long run it would become similar to other mathematical formulae such as the one used to calculate speed limits on roads... which totally doesn't make sense in this era... but which we still apply religiously.
With kind regards
Jeipea
Believe in yourself then you can change your world
____________________________________________ Skype: john.paul.em Cell: +254735586956
On Wed, Jul 11, 2018 at 9:21 PM Grace Bomu via kictanet < [email protected]> wrote:
@ Machuhi, Wahengas may need to be recalled to modify 'hakuna siri ya watu wawili' to the smartphone era.
Il mercoledì 11 luglio 2018, Grace Bomu <[email protected]> ha scritto:
@John, while it is important to understand these distinctions, we should also be alive to the pervasiveness of data harvesting in every aspect of our lives. We ought therefore to see stakeholders beyond the traditional players such as techies, law enforcement and government. @Muraya, Collins, thank you for the reality check examples.I n last year's KIGF, a big debate during the fireside chat was whether privavcy is dead? The call to engage with the Data Protection Bill may be a first step in ensuring that those who collect data protect it. We shall heed it @Mercy.
Il mercoledì 11 luglio 2018, K Machuhi via kictanet < [email protected]> ha scritto:
Haha.. Muraya's 'steal' deserves its own thread. privacy is what you have never told your smartphone.
On Wed, 11 Jul 2018, 19:41 S.M. Muraya via kictanet, < [email protected]> wrote:
Stolen >> "every app on your phone is allowed un-monitored access to everything and that with your full consent.."
On Wed, Jul 11, 2018 at 9:46 AM Admin CampusCiti via kictanet < [email protected]> wrote:
> Grace and all > > This is a pertinent issue in 2018. First let me address this in the > context of Policy and Legislation. > > 1. In the absence of solid Policy and laws regarding Data Security > we > are really groping in the dark. I appreciate that there are various > initiatives ongoing to remedy this situation. From a personal data > security > there’s always the issue of who is accessing my data - this needs to > be > viewed from a personal security angle i.e hackers, unauthorized use > of data > by corporates, unsolicited communication using data mining tools, > government subpoenas etc. > > 2. From a Corporate perspective the above is relevant but from a > body > corporate perspective. This becomes more important considering the > magnitude of data some corporates hold and the potential liabilities > and > losses that can arise through data breaches. For example it is > alleged that > Kenyan banks lost Kshs.30 billion in the last 3 years. > > https://www.standardmedia.co.ke/business/article/ > 2001232241/how-kenyan-banks-lost-sh30-billion-in-two- > years-to-tech-savvy-criminals > > 3. From a government perspective it takes on a National Security > perspective. As the proliferation of Cloud Computing becomes > standard > operating procedure for most organizations governments are starting > to ask > pertinent questions about control, access to data etc. One critical > issue > that is now a major block is the one about Data Sovereignty. In a > nutshell > the issues around Data Sovereignty can be encapsulated in one > sentence. > > *Data sovereignty* comes into play when an organisation's *data* is > stored outside of their country and is subject to the laws of the > country > in which the *data* resides. The main concern with *data sovereignty* > is > maintaining privacy regulations and keeping foreign countries from > being > able to subpoena *data*. > > Bottom line I’d urge us to expedite the building of both hard > (roads, > bridges, fiber etc) and soft (enabling policy, laws and regulations > etc) > infrastructure. Soft Infrastructure is not going in tandem with hard > Infrastructure. Data Security is a key component of this. Without > this in > place we cannot expect Tier 4 Data Centre operators to even think > about > investing in Kenya. > > *Ali Hussein* > > +254 0713 601113 > > Twitter: @AliHKassim > > Skype: abu-jomo > > LinkedIn: http://ke.linkedin.com/in/alihkassim > <http://ke.linkedin.com/in/alihkassim> > > Blog: www.alyhussein.com > > "Discovery consists in seeing what everyone else has seen and > thinking what no one else has thought". ~ Albert Szent-Györgyi > > Sent from my iPad > > On 11 Jul 2018, at 7:52 AM, Grace Bomu via kictanet < > [email protected]> wrote: > > Listers, > Thank you to all who contributed to yesterday's topic. The thread is > still open for those who may have further thoughts on content > regulation. > Welcome to Day 2 of online pre KIGF debates where out topic today is > Strengthening > Data Security in the Context of Emerging Trends. We shall look at > cybersecurity in the context of data. > > Barely a few weeks ago, social media was awash with memes of Wazir > Boniface Chacha, the young man alleged to have conned MPs after > getting > access to their phone data. Later when this was used as a > justification in > debates for the Cybercrime Act, some wondered whether the political > process > had used the Chacha saga to justify the quick passage of a law > creating > offences. > > But beyond "small data" in our personal possession, many SMEs , > corporations, institutions, societies and other bodies are holding > significant amounts of data. > In this community, the wider issue of cyber security has been a > recurring theme in KIGF. It is generally agreed that the best > approach is a > multi-pronged one that includes the law, good practices, effective > mitigation and response to incidences at multiple levels, creation > of > awareness and technical solutions among others. Having gotten a new > law in > the form of the Cybercrimes Act, are we assured of data security? > Are our existing mechanisms for mitigation and response to > incidences > adequate for emerging threats? > Do we have positive cases or good practices to imitate? > What challenges that remain and how can we address them? > > Welcome to the discussion. > > -- > Grace Mutung'u > Skype: gracebomu > @Bomu > PGP ID : 0x33A3450F > > _______________________________________________ > kictanet mailing list > [email protected] > https://lists.kictanet.or.ke/mailman/listinfo/kictanet > Twitter: http://twitter.com/kictanet > Facebook: https://www.facebook.com/KICTANet/ > Domain Registration sponsored by www.eacdirectory.co.ke > > Unsubscribe or change your options at https://lists.kictanet.or.ke/ > mailman/options/kictanet/info%40campusciti.com > > The Kenya ICT Action Network (KICTANet) is a multi-stakeholder > platform for people and institutions interested and involved in ICT > policy > and regulation. The network aims to act as a catalyst for reform in > the ICT > sector in support of the national aim of ICT enabled growth and > development. > > KICTANetiquette : Adhere to the same standards of acceptable > behaviors online that you follow in real life: respect people's times > and > bandwidth, share knowledge, don't flame or abuse or personalize, > respect > privacy, do not spam, do not market your wares or qualifications. > > _______________________________________________ > kictanet mailing list > [email protected] > https://lists.kictanet.or.ke/mailman/listinfo/kictanet > Twitter: http://twitter.com/kictanet > Facebook: https://www.facebook.com/KICTANet/ > Domain Registration sponsored by www.eacdirectory.co.ke > > Unsubscribe or change your options at https://lists.kictanet.or.ke/ > mailman/options/kictanet/murigi.muraya%40gmail.com > > The Kenya ICT Action Network (KICTANet) is a multi-stakeholder > platform for people and institutions interested and involved in ICT > policy > and regulation. The network aims to act as a catalyst for reform in > the ICT > sector in support of the national aim of ICT enabled growth and > development. > > KICTANetiquette : Adhere to the same standards of acceptable > behaviors online that you follow in real life: respect people's times > and > bandwidth, share knowledge, don't flame or abuse or personalize, > respect > privacy, do not spam, do not market your wares or qualifications. >
-- SMM
*"Better a patient person than a warrior, one with self-control than one who takes a city." Prov 16:32* _______________________________________________ kictanet mailing list [email protected] https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/ Domain Registration sponsored by www.eacdirectory.co.ke
Unsubscribe or change your options at https://lists.kictanet.or.ke/ mailman/options/kictanet/kmachuhi%40gmail.com
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
-- Grace Mutung'u Skype: gracebomu @Bomu PGP ID : 0x33A3450F
-- Grace Mutung'u Skype: gracebomu @Bomu PGP ID : 0x33A3450F
_______________________________________________ kictanet mailing list [email protected] https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/ Domain Registration sponsored by www.eacdirectory.co.ke
Unsubscribe or change your options at https://lists.kictanet.or.ke/ mailman/options/kictanet/johnpaulem%40gmail.com
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
-- Grace Mutung'u Skype: gracebomu @Bomu PGP ID : 0x33A3450F
-- Barrack O. Otieno +254721325277 +254733206359 Skype: barrack.otieno PGP ID: 0x2611D86A