Hello,
Been watching keenly with grave concern our public
institutions falling victims of numerous security attacks. The defacement of government
websites has just but opened the eyes of the general public as to how insecure
our data and information within these offices are.
Unfortunately going beyond defacement of public websites,
there are untold stories of viruses, malware, rootkits, Trojans, data breaches,
illegal and unauthorized access to information, intrusion, DoS attacks and any
more going on.
Indeed a simple analysis has proven most government
computers and laptops do not have simple line of defense i.e. passwords. In cases
where they are passwords, they are shared and are very simple to crack. Further,
lack of Information Security policy hampers development of proper security
roadmap and strategy.
In areas where counter measures have been put in place, the
staff lack skills to maintain these systems, and in the long run are incapable
of dealing with new emerging threats thus renders the counter measure
ineffective.
I believe this is due to lack of guidance from government
institutions tasked with providing either services or framework policy. Both
KICTB and Directorate of e-Government should work together to come up with a
quick solution to this persistent issue. As we look at this, it would be good
to keep in mind that technology alone cannot solve all incidents related to security.
We need to evaluate both people skills and processes in place. In regards to
people skills, it would be advisable to engage experienced consultants in the
field of Information Security to work together with government to properly
skill them.
In conclusion I believe this country has some of the best
skills currently in the private sector, we need to take a lead role in
contributing our knowledge and skills towards improving security in our public
sector institutions and Government in general.
Paul Roy Owino, CISSP, CISA, CISM, CEH, MCITP.
Technology Strategist, Microsoft Corp.