Thanks Adam, I'll check them out. Stay happy, Mutheu. On Fri, Aug 16, 2024 at 12:46 PM Adam Lane <adam.lane@huawei.com> wrote:
Dear Mutheu
The Common Criteria (CC) should be considered and ISO27001 & 27017 & 27018 & 27701.
Then there are some specific ones, like in the networks space, there is the Network Equipment Security Assurance Scheme/Security Assurance Specifications (NESAS/SCAS) and in the cloud space there is the CSA Cloud Controls Matrix (CCM).
There are also others in various domains like payment card standards, health informatics standards etc.
Regards
Adam
*From:* A Mutheu <mutheu@khimulu.com> *Sent:* Friday, 16 August 2024 12:43 *To:* Kenya's premier ICT Policy engagement platform < kictanet@lists.kictanet.or.ke> *Cc:* Adam Lane <adam.lane@huawei.com> *Subject:* Re: [kictanet] Re: Discussion: Shaping Kenya's Cybersecurity Ecosystem
Dear Adam,
Thanks for your insights, are there any specific standards from your experience in the sector you think should be considered? If so, do you have suggestions as regards specific international standards that can be studied, and then localized, if deemed relevant.
Stay happy,
Mutheu.
On Thu, Aug 15, 2024 at 12:55 PM Adam Lane via KICTANet < kictanet@lists.kictanet.or.ke> wrote:
Hi David
In my engagements with policy makers I emphasize the need for the government to intentionally identify relevant cybersecurity standards (either international, local or international ones that are localized) and then implement them within government and encourage the rest of the industry in the country to also adopt and implement. These standards are a good benchmark to define “secure” (though one must never accept reaching a standard as the end goal and not get complacent) and can be specific to certain areas (such as cloud, telcom networks, software etc) or be about certain processes and can be tested and certified against. This can grow the cybersecurity ecosystem (labs, certifiers, standards consultants etc) and support talent training and development as well.
Such standards may not need to be legally required necessarily, but this would be a discussion worth having.
Adam
*From:* David Indeje via KICTANet <kictanet@lists.kictanet.or.ke> *Sent:* Thursday, 15 August 2024 08:38 *To:* Adam Lane <adam.lane@huawei.com> *Cc:* David Indeje <dindeje@kictanet.or.ke> *Subject:* [kictanet] Re: Discussion: Shaping Kenya's Cybersecurity Ecosystem
Dear Listers,
*Day 3:*
The CMCA has profound implications for businesses, individuals, and the digital economy in Kenya. Its effectiveness in balancing innovation with cybersecurity, addressing emerging technologies, and protecting individual rights is a subject of ongoing debate. Today, we encourage discussion on the challenges and opportunities presented by the CMCA and explore potential solutions to enhance its effectiveness in shaping a secure and vibrant digital future for Kenya.
*Section 5: Impact on Businesses and Individuals.*
1. How has the CMCA impacted businesses in Kenya in terms of cybersecurity practices and investments? 2. Do you believe the CMCA adequately protects the rights of individuals in the digital space? 3. Have there been any unintended consequences of the CMCA on businesses or individuals? 4. How has the CMCA affected the digital economy in Kenya?
*Section 6: An analysis of the effectiveness of the CMCA to embrace emerging technologies and the cyberthreats they pose therein.*
1. How does the CMCA balance the need for innovation with cybersecurity? 2. Does the Act create an environment conducive to technological advancement or are there any provisions that stifle innovation? 3. How well does the CMCA address emerging technologies such as artificial intelligence, blockchain, Internet of Things (IoT), quantum computing and cryptocurrency? What can be done to enhance its ability to address these lacunas (if any). 4. How can the legal framework provided by the CMCA be enhanced to regulate the use of emerging technologies, while protecting individual digital rights?
*Section 7: General Questions.*
1. Are there any legal uncertainties or ambiguities in the Act that hinder its effectiveness? 2. What are the capacity-building needs of law enforcement and the judiciary in addressing cybercrimes related to emerging technologies? 3. Is the country’s cybersecurity infrastructure sufficiently robust to address the challenges posed by emerging technologies? 4. Any other relevant comment that you may wish to include as regards the CMCA?
--
*Kind Regards,*
*David Indeje*
*@**K**ICT**A**Net* <https://www.kictanet.or.ke/>* Communications * _____________________________________
+254 (0) 711 385 945 | +254 (0) 734 024 856
KICTANet portals
Connect With Us <https://linktr.ee/Kictanet>
______________________________________
_______________________________________________ KICTANet mailing list -- kictanet@lists.kictanet.or.ke To unsubscribe send an email to kictanet-leave@lists.kictanet.or.ke Unsubscribe or change your options at: https://mm3-lists.kictanet.or.ke/mm/lists/kictanet.lists.kictanet.or.ke/
Mailing List Posts Online: https://posts.kictanet.or.ke/
Twitter: https://twitter.com/KICTANet/ Facebook: https://www.facebook.com/KICTANet/ Instagram: https://www.instagram.com/KICTANet/ LinkedIn: https://www.linkedin.com/company/kictanet/ YouTube: https://www.youtube.com/channel/UCbcLVjnPtTGBEeYLGUb2Yow/ WhatsApp Channel: https://whatsapp.com/channel/0029VaQsX4w6mYPIctLsGh1K
KICTANet is a multi-stakeholder Think Tank for people and institutions interested and involved in ICT policy and regulation. KICTANet is a catalyst for reform in the Information and Communication Technology sector. Its work is guided by four pillars of Policy Advocacy, Capacity Building, Research, and Stakeholder Engagement.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
PRIVACY POLICY: See https://mm3-lists.kictanet.or.ke/mm/lists/kictanet.lists.kictanet.or.ke/
KICTANet - The Power of Communities, is Kenya's premier ICT policy engagement platform.