As I read through the policy I wonder how much work has been done to link with other policies. For example, KEBS has been pushing for the adoption of ISO 27001 (Information Security Management Systems) standard by Kenyan Organizations. Applying a best practice like ISO 27001 would prevent organizations from having to reinvent the wheel. Regards, Alex -----Original Message----- From: kictanet [mailto:kictanet-bounces+awatila=yahoo.co.uk@lists.kictanet.or.ke] On Behalf Of Barrack Otieno via kictanet Sent: Thursday, June 30, 2016 7:29 AM To: awatila@yahoo.co.uk Cc: Barrack Otieno <otieno.barrack@gmail.com> Subject: [kictanet] Draft National ICT Policy Discussions Day 7 of 10: How to enhance Cybersecurity Listers, Many thanks to those who contribued to day 6 discussions. The thread is still open, we also encourage listers to edit the policy directly on the Jadili platform (http://jadili.ictpolicy.org/docs/kenya-ict-policy). Today we focus on the following areas: *Online Citizen Safety, *Child Protection *Privacy issues *Security business transactions (Info-Security) *Security & Reliability of Critical ICT infrastructure The Background: The more we automate and rely on digital services, the more vulnerable we become as a society to cybercrime and other threats facing the digital society. The regulator has a Computer Emergency Response Team (CERT), the industry (TESPOK) also has a CERT, the Department of Criminal Investigation & National Intelligence also have CERT. What is not clear is whether there is a framework to have these teams working together and their capacity to counter a full-blown cyber attack against our digital national assets. Additionally, the tension between citizen privacy and national security, citizen privacy and business (profit) concerns remain perhaps due to lack of Data Protection, eTransaction and other laws. Finally, special protection for vulnerable groups (children) going online is non-existent. What needs to be done around these issues? Kindly submit your views. Best Regards -- Barrack O. Otieno +254721325277 +254733206359 Skype: barrack.otieno PGP ID: 0x2611D86A _______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/awatila%40yahoo.co.uk The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development. KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.