On 15/08/2024 12.54, Adam Lane via KICTANet wrote:
Hi David
In my engagements with policy makers I emphasize the need for the government to intentionally identify relevant cybersecurity standards (either international, local or international ones that are localized) and then implement them within government and encourage the rest of the industry in the country to also adopt and implement. These standards are a good benchmark to define “secure” (though one must never accept reaching a standard as the end goal and not get complacent) and can be specific to certain areas (such as cloud, telcom networks, software etc) or be about certain processes and can be tested and certified against. This can grow the cybersecurity ecosystem (labs, certifiers, standards consultants etc) and support talent training and development as well.
Such standards may not need to be legally required necessarily, but this would be a discussion worth having.
Probably more effort is required in keeping upto date with international standards and perhaps influencing their development. As an example, many of the laws are available as pdf only downloads from kenyalaw.org. County legislation is more difficult to obtain. Standards such as Akoma Ntoso [1] would make searching legislative documents much easier, and in particular improve hyperlinks in web versions. This would aid people doing dissemination work to be more effective. 1) https://en.wikipedia.org/wiki/Akoma_Ntoso