Good afternoon,
Sorry for the late post.
I am seeking responses to the following in relation to security:
- Are there initiatives to create awareness on internet security?
- Apart from CSIRT-KENYA are there other institutions that monitor vulnerability incidents?
- What institutional framework should be set up to deal with cyber security?
- Are there any success stories in dealing with security incidents?
Kind regards
Mwende
Disclaimer: These comments are the author's own
Good afternoon ladies and gents,Information security... one query i had been asking myself for years.. is how can we be sure we take the necessary measures to ensure "my" information is safe...however this has always fallen on the higher side... especially now in a strange world of buying all types and goods and services from as far as Brazil and know it will be delivered right to my door. One element remains is how safe is my or any of your information and details in the virtual world...and what is being done to protect it once its there... Just looking back a couple moth ago, we saw with the safcom IPO when all (or maybe just me..) there was a loop hole to see what person had on a portfolio... ofcourse this could be downplayed.. but just for example...Information is only too powerful a resource that we all in different capacities hold dear...once in the hand of others we may feel violated / vulnerable... similar as being burgled in a way...someone being able to walk right through my front door and check on my personal files.. take what they need and do what they will... so information security surely needs to be tackled and or awareness to consumers and businesses;I think one area for review is this area of authentication of actual users and at the varios portals that are currently popping up in all avenues... as Mich and other colleagues have already indicated... u never know what site u may be logging onto and giving your access codes to the online mwizi...With that said e-commerce is here to be embraced... and most definitely for development...using whatever technologies or combination there are on the market to promote this...but with customer / consumer information at risk... i think the one main focus point is on the ample meausre's needed to ensure security of customer information...Given the ever growing rate in internet and or e-fraud instances currently experienced in Europe, US, etc.., one of the main reported cases of internet fraud is through identity fraud... i think as we embark on this new trend of business and convenience.. we could assist in eductating the community locally...regionally.. on the potential threats... and thereof....Ok prior to proposing a possible solution through this.. and respecting this as a discussion fora... i will first seek permission to :-)Just FYI: heres some information / statistics on cyber crime:Kind regards,Patrick MburuDirector - IT"Prevention is better than cure..."
2008/8/15 Judy Okite <judyokite@gmail.com>
This message was sent to: patrick.mburu@gmail.comMichuki,
I do agree with you,very few onliners, think about security,when they are online. examples:
1. How many people,do actually read the End User License Agreement on the websites,especially,when installing softwares? the link below should make a good read.
http://www.pcpitstop.com/spycheck/eula.asp
2. Should there be or is there a policy,when it comes to changing a domain name?
When one types; www.nationmedia.com you are redirected to www.nationmedia.co.ke....I check this website everyday....one day it was so slow loading...then...walaa...its .co.ke....if we dont take the time(maybe I missed it) to let our users know of the changes....then, what will happen when when Kenya gets into serious E-commerce? I believe we need to start now,to build trust online,it may seem like a small thing,but it will go a long way.
e.g what is the difference between www.safaricom.com and www.safaricom.co.ke?
I) The Jurisdiction and Arbitration of eCriminals e.g. How would one resolve a case where a Kenyan ISP is hosting an eCommerce site that sells content that is declared illegal in Germany (e.g Hitler's paraphanallia). Can/Should the Germans shut down the Kenyan business site?
Well,I think the Yahoo and France on the Nazi case was a great eye opener in this regard, but what does that mean.......if the Germany decides to filter ccTLD(.KE)...then all Kenyan businesses loose.....not a very wise option! the ISP's will have to be responsible for the contents they display??.
Kind Regards,
On Thu, Aug 14, 2008 at 8:05 AM, John Walubengo <jwalu@yahoo.com> wrote:
This message was sent to: judyokite@gmail.comMorning all,
Looks like very little response on yesterday's topic...where's Waudo formerly WGIG member? Nway, today's IG theme is the one with the most consensus across all stakeholders. The fact that the internet is becoming a place to place to work, live, pray or play is widely acknowledged and hence the consensus on the need to protect it.
The global and borderless nature of the Internet means that a secure internet needs a concerted global effort as earlier mentioned by Brian. A very secure US-territoial Internet is of no use if for example the Africa-territorial Internet is insecure since phising attacks, viruses, spam, eFrauds and other destabilizing conditions can be launched from there. Spam for example is known to constitute over 60% of email traffic on the Internet, which is a fairly significant chunk of Internet Bandwidth and Server Processing power going to waste.
The main internet security debate that cross-cuts into legal/social baskets often centers around:
I) How the Internet Protocol (IP) could be improved so as to trace-back the origin of the Spammers, eFraudsters, and other criminals. This may demand implementing IP tools that require all internet services (email, dns, web, etc) to be digitally signed - a feature that would come with some overheads (Mich could again assist here on which overheads these could be)
II) The Jurisdiction and Arbitration of eCriminals e.g. How would one resolve a case where a Kenyan ISP is hosting an eCommerce site that sells content that is declared illegal in Germany (e.g Hitler's paraphanallia). Can/Should the Germans shut down the Kenyan business site?
III) The delicate balance between pursing security and respecting citizen rights. To what extent should governments go into private emails, phone-logs, etc, in order to safeguard national security? Or what should be the mandatory procedures required of Businesses to safeguard sensitive electronic data of citizens?
Plse feel free to add, clarify, object or modify the above. More importantly think of what would be an E.African position on the issues.
As usual, 1day on this theme.
walu.
_______________________________________________
kictanet mailing list
kictanet@lists.kictanet.or.ke
http://lists.kictanet.or.ke/mailman/listinfo/kictanet
Unsubscribe or change your options at http://lists.kictanet.or.ke/mailman/options/kictanet/judyokite%40gmail.com
--
"Do not go where the path may lead, go instead where there is no path and leave a trail."
~ Ralph Waldo Emerson
_______________________________________________
kictanet mailing list
kictanet@lists.kictanet.or.ke
http://lists.kictanet.or.ke/mailman/listinfo/kictanet
Unsubscribe or change your options at http://lists.kictanet.or.ke/mailman/options/kictanet/patrick.mburu%40gmail.com
_______________________________________________
kictanet mailing list
kictanet@lists.kictanet.or.ke
http://lists.kictanet.or.ke/mailman/listinfo/kictanet
This message was sent to: mwende.njiraini@gmail.com
Unsubscribe or change your options at http://lists.kictanet.or.ke/mailman/options/kictanet/mwende.njiraini%40gmail.com