IG Discussion 2009, Day 6 of 10
Good morning, The focus of our discussion this week is on cybersecurity and trust. We will seek to address privacy and data security issues. Like many other Kenyans, we frequently register to use various online services provided by the government and businesses. The registration process requires that we provide personal information including physical, postal address, telephone numbers, credit card numbers, etc. The younger generation and the young-at-heart are readily sharing “personally identifiable information” including photos and events through social networking sites including facebook, youtube, myspace, flickr, twitter, etc. Personal information collected and made available in the public domain such as the electoral register, telephone directory can be combined with information for example from supermarkets loyalty cards to create valuable market information to track individual preferences and purchase profiles. This information may unfortunately be subject to abuse and theft. Consequently, ‘trust’ in policies and the security measures that the government and businesses establish to protect user information is therefore an essential element for the success of e-transactions (both e-government and e-commerce) - How can we create a cyber security culture in Kenya? What is the role of the educators, peers and parents in digital literacy with respect to privacy and security? - Does the current legal environment provide for the protection of privacy on the internet? How can we establish a balance between security and right to privacy? Looking forward to hearing from you. Kind regards Mwende References 1. Protecting your Privacy on the Internet: http://privacy.gov.au/internet/internet_privacy/index.html#2 2. Privacy Policies: http://www.facebook.com/policy.php?ref=pf, http://twitter.com/privacy 3. Article 12 of the Universal Declaration of Human Rights : http://www.un.org/en/documents/udhr/index.shtml#a12 4. Office of the Privacy Commissioner of Canada: Protecting Your Privacy on the Internet: http://www.priv.gc.ca/fs-fi/02_05_d_13_e.cfm 5. Privacy illustrations: http://www.priv.gc.ca/information/illustrations/index_e.cfm 6. http://www.diplomacy.edu/ISL/IG/ *Disclaimer: Views expressed here are the author’s own*
mmhh, very quiet on the list...where are those guys Harry and Evans who had jumped onto security last week ;-): walu. --- On Mon, 5/4/09, mwende njiraini <mwende.njiraini@gmail.com> wrote:
From: mwende njiraini <mwende.njiraini@gmail.com> Subject: [kictanet] IG Discussion 2009, Day 6 of 10 To: jwalu@yahoo.com Cc: "KICTAnet ICT Policy Discussions" <kictanet@lists.kictanet.or.ke> Date: Monday, May 4, 2009, 9:59 AM Good morning,
The focus of our discussion this week is on cybersecurity and trust. We will seek to address privacy and data security issues.
Like many other Kenyans, we frequently register to use various online services provided by the government and businesses. The registration process requires that we provide personal information including physical, postal address, telephone numbers, credit card numbers, etc. The younger generation and the young-at-heart are readily sharing “personally identifiable information” including photos and events through social networking sites including facebook, youtube, myspace, flickr, twitter, etc.
Personal information collected and made available in the public domain such as the electoral register, telephone directory can be combined with information for example from supermarkets loyalty cards to create valuable market information to track individual preferences and purchase profiles. This information may unfortunately be subject to abuse and theft. Consequently, ‘trust’ in policies and the security measures that the government and businesses establish to protect user information is therefore an essential element for the success of e-transactions (both e-government and e-commerce)
- How can we create a cyber security culture in Kenya? What is the role of the educators, peers and parents in digital literacy with respect to privacy and security? - Does the current legal environment provide for the protection of privacy on the internet? How can we establish a balance between security and right to privacy?
Looking forward to hearing from you.
Kind regards
Mwende
References
1. Protecting your Privacy on the Internet: http://privacy.gov.au/internet/internet_privacy/index.html#2
2. Privacy Policies: http://www.facebook.com/policy.php?ref=pf, http://twitter.com/privacy
3. Article 12 of the Universal Declaration of Human Rights : http://www.un.org/en/documents/udhr/index.shtml#a12
4. Office of the Privacy Commissioner of Canada: Protecting Your Privacy on the Internet: http://www.priv.gc.ca/fs-fi/02_05_d_13_e.cfm
5. Privacy illustrations: http://www.priv.gc.ca/information/illustrations/index_e.cfm
6. http://www.diplomacy.edu/ISL/IG/
*Disclaimer: Views expressed here are the author’s own* _______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke http://lists.kictanet.or.ke/mailman/listinfo/kictanet
This message was sent to: jwalu@yahoo.com Unsubscribe or change your options at http://lists.kictanet.or.ke/mailman/options/kictanet/jwalu%40yahoo.com
The purpose of Information Security/Cybersecurity is to protect an organizations's valuable resources, such as information, hardware and software. Through the selection and application of appropriate safeguards, Information Security helps the organization's mission by protectiing its physical and financial resources, reputation, legal position, employees, and other tangible and intangible assets. The issue of cybersecurity/Information security simply comes down to three things: 1) Confidentiality, 2) Integrity and Availability. Information Security management/cybersecurity entails the identification of an organisation's information assets and developemt, documentation, and implementation of policies, standards, procedures and guidelines, which ensure their Confidentiality, Integrity and Availability. Unfortunately, cybersecurity is sometimes viewed as hindering the mission of the organisation by impossing poorly selected bothersome rules and procedures on users, managers and systems. On the contrary, if well implemented, Cybersecurity rules and procedures can support the overall organisational mission. In the case of Kenya, the way to create a culture of cybersecurity is through management tools such as data classification, security awareness traininig, risk assesment and risk analysis in order to identify threats, classify assets, and rate their vulnerabilities so that effective security controls can be implemented. Regards, Evans On Sun, May 3, 2009 at 10:59 PM, mwende njiraini <mwende.njiraini@gmail.com>wrote:
Good morning,
The focus of our discussion this week is on cybersecurity and trust. We will seek to address privacy and data security issues.
Like many other Kenyans, we frequently register to use various online services provided by the government and businesses. The registration process requires that we provide personal information including physical, postal address, telephone numbers, credit card numbers, etc. The younger generation and the young-at-heart are readily sharing “personally identifiable information” including photos and events through social networking sites including facebook, youtube, myspace, flickr, twitter, etc.
Personal information collected and made available in the public domain such as the electoral register, telephone directory can be combined with information for example from supermarkets loyalty cards to create valuable market information to track individual preferences and purchase profiles. This information may unfortunately be subject to abuse and theft. Consequently, ‘trust’ in policies and the security measures that the government and businesses establish to protect user information is therefore an essential element for the success of e-transactions (both e-government and e-commerce)
- How can we create a cyber security culture in Kenya? What is the role of the educators, peers and parents in digital literacy with respect to privacy and security? - Does the current legal environment provide for the protection of privacy on the internet? How can we establish a balance between security and right to privacy?
Looking forward to hearing from you.
Kind regards
Mwende
References
1. Protecting your Privacy on the Internet: http://privacy.gov.au/internet/internet_privacy/index.html#2
2. Privacy Policies: http://www.facebook.com/policy.php?ref=pf, http://twitter.com/privacy
3. Article 12 of the Universal Declaration of Human Rights : http://www.un.org/en/documents/udhr/index.shtml#a12
4. Office of the Privacy Commissioner of Canada: Protecting Your Privacy on the Internet: http://www.priv.gc.ca/fs-fi/02_05_d_13_e.cfm
5. Privacy illustrations: http://www.priv.gc.ca/information/illustrations/index_e.cfm
6. http://www.diplomacy.edu/ISL/IG/
*Disclaimer: Views expressed here are the author’s own*
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke http://lists.kictanet.or.ke/mailman/listinfo/kictanet
This message was sent to: ifani.kinos@gmail.com Unsubscribe or change your options at http://lists.kictanet.or.ke/mailman/options/kictanet/ifani.kinos%40gmail.com
First- We need to create a culture of reading the terms and conditions....on the websites.....that is always the first defense and that's why they have it there. on the other hand - Your personal information being out there,without your consent...is another thing altogether! Secondly- a lot of capacity building(lack of a better word) is needed...as far as sharing personal information online is concerned....from as early as introduction to internet ....whatever kind of information,that is online, just make sure you will still be proud of it 10 years to come, this will define you...whether its true or false....your have just created your online profile! Kind Regards, On 5/4/09, Evans Kahuthu <ifani.kinos@gmail.com> wrote:
The purpose of Information Security/Cybersecurity is to protect an organizations's valuable resources, such as information, hardware and software. Through the selection and application of appropriate safeguards, Information Security helps the organization's mission by protectiing its physical and financial resources, reputation, legal position, employees, and other tangible and intangible assets. The issue of cybersecurity/Information security simply comes down to three things: 1) Confidentiality, 2) Integrity and Availability. Information Security management/cybersecurity entails the identification of an organisation's information assets and developemt, documentation, and implementation of policies, standards, procedures and guidelines, which ensure their Confidentiality, Integrity and Availability. Unfortunately, cybersecurity is sometimes viewed as hindering the mission of the organisation by impossing poorly selected bothersome rules and procedures on users, managers and systems. On the contrary, if well implemented, Cybersecurity rules and procedures can support the overall organisational mission. In the case of Kenya, the way to create a culture of cybersecurity is through management tools such as data classification, security awareness traininig, risk assesment and risk analysis in order to identify threats, classify assets, and rate their vulnerabilities so that effective security controls can be implemented.
Regards, Evans
On Sun, May 3, 2009 at 10:59 PM, mwende njiraini <mwende.njiraini@gmail.com>wrote:
Good morning,
The focus of our discussion this week is on cybersecurity and trust. We will seek to address privacy and data security issues.
Like many other Kenyans, we frequently register to use various online services provided by the government and businesses. The registration process requires that we provide personal information including physical, postal address, telephone numbers, credit card numbers, etc. The younger generation and the young-at-heart are readily sharing “personally identifiable information” including photos and events through social networking sites including facebook, youtube, myspace, flickr, twitter, etc.
Personal information collected and made available in the public domain such as the electoral register, telephone directory can be combined with information for example from supermarkets loyalty cards to create valuable market information to track individual preferences and purchase profiles. This information may unfortunately be subject to abuse and theft. Consequently, ‘trust’ in policies and the security measures that the government and businesses establish to protect user information is therefore an essential element for the success of e-transactions (both e-government and e-commerce)
- How can we create a cyber security culture in Kenya? What is the role of the educators, peers and parents in digital literacy with respect to privacy and security? - Does the current legal environment provide for the protection of privacy on the internet? How can we establish a balance between security and right to privacy?
Looking forward to hearing from you.
Kind regards
Mwende
References
1. Protecting your Privacy on the Internet: http://privacy.gov.au/internet/internet_privacy/index.html#2
2. Privacy Policies: http://www.facebook.com/policy.php?ref=pf, http://twitter.com/privacy
3. Article 12 of the Universal Declaration of Human Rights : http://www.un.org/en/documents/udhr/index.shtml#a12
4. Office of the Privacy Commissioner of Canada: Protecting Your Privacy on the Internet: http://www.priv.gc.ca/fs-fi/02_05_d_13_e.cfm
5. Privacy illustrations: http://www.priv.gc.ca/information/illustrations/index_e.cfm
6. http://www.diplomacy.edu/ISL/IG/
*Disclaimer: Views expressed here are the author’s own*
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke http://lists.kictanet.or.ke/mailman/listinfo/kictanet
This message was sent to: ifani.kinos@gmail.com Unsubscribe or change your options at http://lists.kictanet.or.ke/mailman/options/kictanet/ifani.kinos%40gmail.com
-- "Each of us is great insofar as we perceive and act on the infinite possibilities which lie undiscovered and unrecognized about us." James Harvey Robinson
Thank you, Evans and Judy for your contributions to today’s discussion. Privacy is usually not a concern until one encounters an infringement. For example theft and misuse of personal information held the government, your bank, school, employer, local supermarket, etc may result in irritating phone calls/emails from a telemarketing agents who have gained access to your shopping patterns through loyalty cards or a surprise phone call from a long lost friend who has just seen your photo in an online version of ‘fashion police’J! Unfortunately, most citizens do not have the time or money to start legal proceedings in this regard. Consequently, ‘social engineering’ has been proposed as the best method to overcome the challenges associated with infringement of privacy. This involves exercising your right to opt-in or out, carefully reading privacy policies and end user agreements. Further discussion on this topic is most welcome! Kind regards Mwende *Disclaimer: Views expressed here are the author’s own* On Mon, May 4, 2009 at 9:57 PM, Judy Okite <judyokite@gmail.com> wrote:
First- We need to create a culture of reading the terms and conditions....on the websites.....that is always the first defense and that's why they have it there.
on the other hand - Your personal information being out there,without your consent...is another thing altogether!
Secondly- a lot of capacity building(lack of a better word) is needed...as far as sharing personal information online is concerned....from as early as introduction to internet ....whatever kind of information,that is online, just make sure you will still be proud of it 10 years to come, this will define you...whether its true or false....your have just created your online profile!
Kind Regards,
The purpose of Information Security/Cybersecurity is to protect an organizations's valuable resources, such as information, hardware and software. Through the selection and application of appropriate safeguards, Information Security helps the organization's mission by protectiing its physical and financial resources, reputation, legal position, employees, and other tangible and intangible assets. The issue of cybersecurity/Information security simply comes down to
things: 1) Confidentiality, 2) Integrity and Availability. Information Security management/cybersecurity entails the identification of an organisation's information assets and developemt, documentation, and implementation of policies, standards, procedures and guidelines, which ensure their Confidentiality, Integrity and Availability. Unfortunately, cybersecurity is sometimes viewed as hindering the mission of the organisation by impossing poorly selected bothersome rules and procedures on users, managers and systems. On the contrary, if well implemented, Cybersecurity rules and procedures can support the overall organisational mission. In the case of Kenya, the way to create a culture of cybersecurity is through management tools such as data classification, security awareness traininig, risk assesment and risk analysis in order to identify threats, classify assets, and rate their vulnerabilities so that effective security controls can be implemented.
Regards, Evans
On Sun, May 3, 2009 at 10:59 PM, mwende njiraini <mwende.njiraini@gmail.com>wrote:
Good morning,
The focus of our discussion this week is on cybersecurity and trust. We will seek to address privacy and data security issues.
Like many other Kenyans, we frequently register to use various online services provided by the government and businesses. The registration process requires that we provide personal information including
On 5/4/09, Evans Kahuthu <ifani.kinos@gmail.com> wrote: three physical,
postal address, telephone numbers, credit card numbers, etc. The younger generation and the young-at-heart are readily sharing “personally identifiable information” including photos and events through social networking sites including facebook, youtube, myspace, flickr, twitter, etc.
Personal information collected and made available in the public domain such as the electoral register, telephone directory can be combined with information for example from supermarkets loyalty cards to create valuable market information to track individual preferences and purchase profiles. This information may unfortunately be subject to abuse and theft. Consequently, ‘trust’ in policies and the security measures that the government and businesses establish to protect user information is therefore an essential element for the success of e-transactions (both e-government and e-commerce)
- How can we create a cyber security culture in Kenya? What is the role of the educators, peers and parents in digital literacy with respect to privacy and security? - Does the current legal environment provide for the protection of privacy on the internet? How can we establish a balance between security and right to privacy?
Looking forward to hearing from you.
Kind regards
Mwende
References
1. Protecting your Privacy on the Internet: http://privacy.gov.au/internet/internet_privacy/index.html#2
2. Privacy Policies: http://www.facebook.com/policy.php?ref=pf, http://twitter.com/privacy
3. Article 12 of the Universal Declaration of Human Rights : http://www.un.org/en/documents/udhr/index.shtml#a12
4. Office of the Privacy Commissioner of Canada: Protecting Your Privacy on the Internet: http://www.priv.gc.ca/fs-fi/02_05_d_13_e.cfm
5. Privacy illustrations: http://www.priv.gc.ca/information/illustrations/index_e.cfm
6. http://www.diplomacy.edu/ISL/IG/
*Disclaimer: Views expressed here are the author’s own*
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke http://lists.kictanet.or.ke/mailman/listinfo/kictanet
This message was sent to: ifani.kinos@gmail.com Unsubscribe or change your options at
http://lists.kictanet.or.ke/mailman/options/kictanet/ifani.kinos%40gmail.com
-- "Each of us is great insofar as we perceive and act on the infinite possibilities which lie undiscovered and unrecognized about us." James Harvey Robinson
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke http://lists.kictanet.or.ke/mailman/listinfo/kictanet
This message was sent to: mwende.njiraini@gmail.com Unsubscribe or change your options at http://lists.kictanet.or.ke/mailman/options/kictanet/mwende.njiraini%40gmail...
Oops…in my previous email the right word should be ‘social re-engineering’ rather than ‘social engineering’. Social engineering is “a term that describes a non-technical kind of intrusion that relies heavily on human interaction and often involves tricking other people to break normal security procedures” or “the act of manipulating people or exploiting people's weaknesses to gain unauthorized access to secure information, assets, or facilities” Social re-engineering is “the act of ensuring that the people-aspect of the information security spectrum is well taken-cared of”. Kind regards Mwende References http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci531120,00.html http://www.harriskern.com/index.php?m=p&pid=377&aid=64** *Disclaimer: Views expressed here are the author’s own* On Tue, May 5, 2009 at 1:42 AM, mwende njiraini <mwende.njiraini@gmail.com>wrote:
Thank you, Evans and Judy for your contributions to today’s discussion.
Privacy is usually not a concern until one encounters an infringement.
For example theft and misuse of personal information held the government, your bank, school, employer, local supermarket, etc may result in irritating phone calls/emails from a telemarketing agents who have gained access to your shopping patterns through loyalty cards or a surprise phone call from a long lost friend who has just seen your photo in an online version of ‘fashion police’J!
Unfortunately, most citizens do not have the time or money to start legal proceedings in this regard. Consequently, ‘social engineering’ has been proposed as the best method to overcome the challenges associated with infringement of privacy. This involves exercising your right to opt-in or out, carefully reading privacy policies and end user agreements.
Further discussion on this topic is most welcome!
Kind regards Mwende
*Disclaimer: Views expressed here are the author’s own*
On Mon, May 4, 2009 at 9:57 PM, Judy Okite <judyokite@gmail.com> wrote:
First- We need to create a culture of reading the terms and conditions....on the websites.....that is always the first defense and that's why they have it there.
on the other hand - Your personal information being out there,without your consent...is another thing altogether!
Secondly- a lot of capacity building(lack of a better word) is needed...as far as sharing personal information online is concerned....from as early as introduction to internet ....whatever kind of information,that is online, just make sure you will still be proud of it 10 years to come, this will define you...whether its true or false....your have just created your online profile!
Kind Regards,
The purpose of Information Security/Cybersecurity is to protect an organizations's valuable resources, such as information, hardware and software. Through the selection and application of appropriate safeguards, Information Security helps the organization's mission by protectiing its physical and financial resources, reputation, legal position, employees, and other tangible and intangible assets. The issue of cybersecurity/Information security simply comes down to
things: 1) Confidentiality, 2) Integrity and Availability. Information Security management/cybersecurity entails the identification of an organisation's information assets and developemt, documentation, and implementation of policies, standards, procedures and guidelines, which ensure their Confidentiality, Integrity and Availability. Unfortunately, cybersecurity is sometimes viewed as hindering the mission of the organisation by impossing poorly selected bothersome rules and procedures on users, managers and systems. On the contrary, if well implemented, Cybersecurity rules and procedures can support the overall organisational mission. In the case of Kenya, the way to create a culture of cybersecurity is through management tools such as data classification, security awareness traininig, risk assesment and risk analysis in order to identify
classify assets, and rate their vulnerabilities so that effective security controls can be implemented.
Regards, Evans
On Sun, May 3, 2009 at 10:59 PM, mwende njiraini <mwende.njiraini@gmail.com>wrote:
Good morning,
The focus of our discussion this week is on cybersecurity and trust. We will seek to address privacy and data security issues.
Like many other Kenyans, we frequently register to use various online services provided by the government and businesses. The registration process requires that we provide personal information including
On 5/4/09, Evans Kahuthu <ifani.kinos@gmail.com> wrote: three threats, physical,
postal address, telephone numbers, credit card numbers, etc. The younger generation and the young-at-heart are readily sharing “personally identifiable information” including photos and events through social networking sites including facebook, youtube, myspace, flickr, twitter, etc.
Personal information collected and made available in the public domain such as the electoral register, telephone directory can be combined with information for example from supermarkets loyalty cards to create valuable market information to track individual preferences and purchase profiles. This information may unfortunately be subject to abuse and theft. Consequently, ‘trust’ in policies and the security measures that the government and businesses establish to protect user information is therefore an essential element for the success of e-transactions (both e-government and e-commerce)
- How can we create a cyber security culture in Kenya? What is the role of the educators, peers and parents in digital literacy with respect to privacy and security? - Does the current legal environment provide for the protection of privacy on the internet? How can we establish a balance between security and right to privacy?
Looking forward to hearing from you.
Kind regards
Mwende
References
1. Protecting your Privacy on the Internet: http://privacy.gov.au/internet/internet_privacy/index.html#2
2. Privacy Policies: http://www.facebook.com/policy.php?ref=pf, http://twitter.com/privacy
3. Article 12 of the Universal Declaration of Human Rights : http://www.un.org/en/documents/udhr/index.shtml#a12
4. Office of the Privacy Commissioner of Canada: Protecting Your Privacy on the Internet: http://www.priv.gc.ca/fs-fi/02_05_d_13_e.cfm
5. Privacy illustrations: http://www.priv.gc.ca/information/illustrations/index_e.cfm
6. http://www.diplomacy.edu/ISL/IG/
*Disclaimer: Views expressed here are the author’s own*
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke http://lists.kictanet.or.ke/mailman/listinfo/kictanet
This message was sent to: ifani.kinos@gmail.com Unsubscribe or change your options at
http://lists.kictanet.or.ke/mailman/options/kictanet/ifani.kinos%40gmail.com
-- "Each of us is great insofar as we perceive and act on the infinite possibilities which lie undiscovered and unrecognized about us." James Harvey Robinson
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke http://lists.kictanet.or.ke/mailman/listinfo/kictanet
This message was sent to: mwende.njiraini@gmail.com Unsubscribe or change your options at http://lists.kictanet.or.ke/mailman/options/kictanet/mwende.njiraini%40gmail...
Thank you Evans for this contribution. Organizations may wish to consider seeking Information Security Management System (ISMS) ISO/IEC 27001 certification which includes the following elements: 1. Security Objectives 2. Information Security Policy 3. Security Organization 4. Asset Classification and Control 5. Personnel Security 6. Physical and Environmental Security 7. Computer, S/W, Data, Operation, and Network Security 8. System Access Control 9. Systems Development and Maintenance 10. Business Continuity Planning 11. Compliance Reference: http://www.iso.org/iso/catalogue_detail?csnumber=42103 Kind regards Mwende *Disclaimer: Views expressed here are the author’s own* On Mon, May 4, 2009 at 6:53 PM, Evans Kahuthu <ifani.kinos@gmail.com> wrote:
The purpose of Information Security/Cybersecurity is to protect an organizations's valuable resources, such as information, hardware and software. Through the selection and application of appropriate safeguards, Information Security helps the organization's mission by protectiing its physical and financial resources, reputation, legal position, employees, and other tangible and intangible assets. The issue of cybersecurity/Information security simply comes down to three things: 1) Confidentiality, 2) Integrity and Availability. Information Security management/cybersecurity entails the identification of an organisation's information assets and developemt, documentation, and implementation of policies, standards, procedures and guidelines, which ensure their Confidentiality, Integrity and Availability. Unfortunately, cybersecurity is sometimes viewed as hindering the mission of the organisation by impossing poorly selected bothersome rules and procedures on users, managers and systems. On the contrary, if well implemented, Cybersecurity rules and procedures can support the overall organisational mission. In the case of Kenya, the way to create a culture of cybersecurity is through management tools such as data classification, security awareness traininig, risk assesment and risk analysis in order to identify threats, classify assets, and rate their vulnerabilities so that effective security controls can be implemented.
Regards, Evans
On Sun, May 3, 2009 at 10:59 PM, mwende njiraini < mwende.njiraini@gmail.com> wrote:
Good morning,
The focus of our discussion this week is on cybersecurity and trust. We will seek to address privacy and data security issues.
Like many other Kenyans, we frequently register to use various online services provided by the government and businesses. The registration process requires that we provide personal information including physical, postal address, telephone numbers, credit card numbers, etc. The younger generation and the young-at-heart are readily sharing “personally identifiable information” including photos and events through social networking sites including facebook, youtube, myspace, flickr, twitter, etc.
Personal information collected and made available in the public domain such as the electoral register, telephone directory can be combined with information for example from supermarkets loyalty cards to create valuable market information to track individual preferences and purchase profiles. This information may unfortunately be subject to abuse and theft. Consequently, ‘trust’ in policies and the security measures that the government and businesses establish to protect user information is therefore an essential element for the success of e-transactions (both e-government and e-commerce)
- How can we create a cyber security culture in Kenya? What is the role of the educators, peers and parents in digital literacy with respect to privacy and security? - Does the current legal environment provide for the protection of privacy on the internet? How can we establish a balance between security and right to privacy?
Looking forward to hearing from you.
Kind regards
Mwende
References
1. Protecting your Privacy on the Internet: http://privacy.gov.au/internet/internet_privacy/index.html#2
2. Privacy Policies: http://www.facebook.com/policy.php?ref=pf, http://twitter.com/privacy
3. Article 12 of the Universal Declaration of Human Rights : http://www.un.org/en/documents/udhr/index.shtml#a12
4. Office of the Privacy Commissioner of Canada: Protecting Your Privacy on the Internet: http://www.priv.gc.ca/fs-fi/02_05_d_13_e.cfm
5. Privacy illustrations: http://www.priv.gc.ca/information/illustrations/index_e.cfm
6. http://www.diplomacy.edu/ISL/IG/
*Disclaimer: Views expressed here are the author’s own*
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke http://lists.kictanet.or.ke/mailman/listinfo/kictanet
This message was sent to: ifani.kinos@gmail.com Unsubscribe or change your options at http://lists.kictanet.or.ke/mailman/options/kictanet/ifani.kinos%40gmail.com
Though coming in late on this one, I'm nevertheless compelled to chip in. When I subscribe to say, ZAP, m-Pesa or Magic pay, etc, doesn't that mean I sell my privacy to these firms making it their 'property'? How many of us do read those small font terms and conditions when subscribing to any cyber related content? Mama mboga and a CEO who frequently uses these services do not bother acquaint themselves with the conditions binding an agreement except in verbal quickie situation. The cyber products must be clearly explained especially the privacy part. Solomon Mburu. On 05/05/2009, mwende njiraini <mwende.njiraini@gmail.com> wrote:
Thank you Evans for this contribution.
Organizations may wish to consider seeking Information Security Management System (ISMS) ISO/IEC 27001 certification which includes the following elements:
1. Security Objectives 2. Information Security Policy 3. Security Organization 4. Asset Classification and Control 5. Personnel Security 6. Physical and Environmental Security 7. Computer, S/W, Data, Operation, and Network Security 8. System Access Control 9. Systems Development and Maintenance 10. Business Continuity Planning 11. Compliance
Reference: http://www.iso.org/iso/catalogue_detail?csnumber=42103
Kind regards
Mwende
*Disclaimer: Views expressed here are the author’s own*
On Mon, May 4, 2009 at 6:53 PM, Evans Kahuthu <ifani.kinos@gmail.com> wrote:
The purpose of Information Security/Cybersecurity is to protect an organizations's valuable resources, such as information, hardware and software. Through the selection and application of appropriate safeguards, Information Security helps the organization's mission by protectiing its physical and financial resources, reputation, legal position, employees, and other tangible and intangible assets. The issue of cybersecurity/Information security simply comes down to three things: 1) Confidentiality, 2) Integrity and Availability. Information Security management/cybersecurity entails the identification of an organisation's information assets and developemt, documentation, and implementation of policies, standards, procedures and guidelines, which ensure their Confidentiality, Integrity and Availability. Unfortunately, cybersecurity is sometimes viewed as hindering the mission of the organisation by impossing poorly selected bothersome rules and procedures on users, managers and systems. On the contrary, if well implemented, Cybersecurity rules and procedures can support the overall organisational mission. In the case of Kenya, the way to create a culture of cybersecurity is through management tools such as data classification, security awareness traininig, risk assesment and risk analysis in order to identify threats, classify assets, and rate their vulnerabilities so that effective security controls can be implemented.
Regards, Evans
On Sun, May 3, 2009 at 10:59 PM, mwende njiraini < mwende.njiraini@gmail.com> wrote:
Good morning,
The focus of our discussion this week is on cybersecurity and trust. We will seek to address privacy and data security issues.
Like many other Kenyans, we frequently register to use various online services provided by the government and businesses. The registration process requires that we provide personal information including physical, postal address, telephone numbers, credit card numbers, etc. The younger generation and the young-at-heart are readily sharing “personally identifiable information” including photos and events through social networking sites including facebook, youtube, myspace, flickr, twitter, etc.
Personal information collected and made available in the public domain such as the electoral register, telephone directory can be combined with information for example from supermarkets loyalty cards to create valuable market information to track individual preferences and purchase profiles. This information may unfortunately be subject to abuse and theft. Consequently, ‘trust’ in policies and the security measures that the government and businesses establish to protect user information is therefore an essential element for the success of e-transactions (both e-government and e-commerce)
- How can we create a cyber security culture in Kenya? What is the role of the educators, peers and parents in digital literacy with respect to privacy and security? - Does the current legal environment provide for the protection of privacy on the internet? How can we establish a balance between security and right to privacy?
Looking forward to hearing from you.
Kind regards
Mwende
References
1. Protecting your Privacy on the Internet: http://privacy.gov.au/internet/internet_privacy/index.html#2
2. Privacy Policies: http://www.facebook.com/policy.php?ref=pf, http://twitter.com/privacy
3. Article 12 of the Universal Declaration of Human Rights : http://www.un.org/en/documents/udhr/index.shtml#a12
4. Office of the Privacy Commissioner of Canada: Protecting Your Privacy on the Internet: http://www.priv.gc.ca/fs-fi/02_05_d_13_e.cfm
5. Privacy illustrations: http://www.priv.gc.ca/information/illustrations/index_e.cfm
6. http://www.diplomacy.edu/ISL/IG/
*Disclaimer: Views expressed here are the author’s own*
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke http://lists.kictanet.or.ke/mailman/listinfo/kictanet
This message was sent to: ifani.kinos@gmail.com Unsubscribe or change your options at http://lists.kictanet.or.ke/mailman/options/kictanet/ifani.kinos%40gmail.com
-- Man is a gregarious animal and enjoys agreement as cows will graze all the same way to the side of a hill!
Its only when we have something valuable exposed that we move to secure it. I think that the move toward securing the Kenyan netspace will only take off once we have important content online such as financial history, credit card information, address information and so on. This requires legislation. The FOI act should be speeded up to 'force' government to avail data online. The recently signed (then unsigned?) law on communications has some enabling legislation for e-commerce. Not sure it takes into account security but government should be clear on who the onus to secure data on one's network is. I think more a problem for industry players than 'Wanjiku'...If you create a site where you require my credit card details then by all means you should take the blow if someone steals the info and misuses my card! Victor ________________________________ From: kictanet-bounces+v-gathara=dfid.gov.uk@lists.kictanet.or.ke [mailto:kictanet-bounces+v-gathara=dfid.gov.uk@lists.kictanet.or.ke] On Behalf Of mwende njiraini Sent: 04 May 2009 09:00 To: Victor Gathara Cc: KICTAnet ICT Policy Discussions Subject: [kictanet] IG Discussion 2009, Day 6 of 10 Good morning, The focus of our discussion this week is on cybersecurity and trust. We will seek to address privacy and data security issues. Like many other Kenyans, we frequently register to use various online services provided by the government and businesses. The registration process requires that we provide personal information including physical, postal address, telephone numbers, credit card numbers, etc. The younger generation and the young-at-heart are readily sharing "personally identifiable information" including photos and events through social networking sites including facebook, youtube, myspace, flickr, twitter, etc. Personal information collected and made available in the public domain such as the electoral register, telephone directory can be combined with information for example from supermarkets loyalty cards to create valuable market information to track individual preferences and purchase profiles. This information may unfortunately be subject to abuse and theft. Consequently, 'trust' in policies and the security measures that the government and businesses establish to protect user information is therefore an essential element for the success of e-transactions (both e-government and e-commerce) * How can we create a cyber security culture in Kenya? What is the role of the educators, peers and parents in digital literacy with respect to privacy and security? * Does the current legal environment provide for the protection of privacy on the internet? How can we establish a balance between security and right to privacy? Looking forward to hearing from you. Kind regards Mwende References 1. Protecting your Privacy on the Internet: http://privacy.gov.au/internet/internet_privacy/index.html#2 <http://privacy.gov.au/internet/internet_privacy/index.html#2> 2. Privacy Policies: http://www.facebook.com/policy.php?ref=pf <http://www.facebook.com/policy.php?ref=pf> , http://twitter.com/privacy <http://twitter.com/privacy> 3. Article 12 of the Universal Declaration of Human Rights :http://www.un.org/en/documents/udhr/index.shtml#a12 <http://www.un.org/en/documents/udhr/index.shtml#a12> 4. Office of the Privacy Commissioner of Canada: Protecting Your Privacy on the Internet: http://www.priv.gc.ca/fs-fi/02_05_d_13_e.cfm <http://www.priv.gc.ca/fs-fi/02_05_d_13_e.cfm> 5. Privacy illustrations: http://www.priv.gc.ca/information/illustrations/index_e.cfm <http://www.priv.gc.ca/information/illustrations/index_e.cfm> 6. http://www.diplomacy.edu/ISL/IG/ <http://www.diplomacy.edu/ISL/IG/> Disclaimer: Views expressed here are the author's own ________________________________________________________________________ This e-mail has been scanned for all viruses by Star. The service is powered by MessageLabs. For more information on a proactive anti-virus service working around the clock, around the globe, visit: http://www.star.net.uk ________________________________________________________________________ DFID, the Department for International Development: leading the British Government's fight against world poverty. Find out more about the major global poverty challenges and get the facts on what DFID is doing to fight them: http://www.dfid.gov.uk ______________________________________________________________________ This e-mail has been scanned for all viruses by Peapod. The service is powered by MessageLabs. For more information on a proactive anti-virus service working around the clock, around the globe, visit: http://www.peapod.co.uk/cleanmail
I agree with you, Victor. Once the Freedom of Information Act is passed, then we need to follow that up with an Data Security Act, both which have been said to be under way. Dr. Ndemo has previously volunteered to post a copy of the draft Data Security Act onto the listserve, but we have not yet received a copy... Perhaps posting the suggested bill onlist would evoke more participation and discussion. Many blessings, Crystal On Tue, May 5, 2009 at 11:47 AM, Victor Gathara <v-gathara@dfid.gov.uk>wrote:
Its only when we have something valuable exposed that we move to secure it. I think that the move toward securing the Kenyan netspace will only take off once we have important content online such as financial history, credit card information, address information and so on. This requires legislation. The FOI act should be speeded up to 'force' government to avail data online. The recently signed (then unsigned?) law on communications has some enabling legislation for e-commerce. Not sure it takes into account security but government should be clear on who the onus to secure data on one's network is. I think more a problem for industry players than 'Wanjiku'...If you create a site where you require my credit card details then by all means you should take the blow if someone steals the info and misuses my card!
Victor
------------------------------ *From:* kictanet-bounces+v-gathara=dfid.gov.uk@lists.kictanet.or.ke[mailto: kictanet-bounces+v-gathara <kictanet-bounces%2Bv-gathara>=dfid.gov.uk@ lists.kictanet.or.ke] *On Behalf Of *mwende njiraini *Sent:* 04 May 2009 09:00 *To:* Victor Gathara *Cc:* KICTAnet ICT Policy Discussions *Subject:* [kictanet] IG Discussion 2009, Day 6 of 10
Good morning,
The focus of our discussion this week is on cybersecurity and trust. We will seek to address privacy and data security issues.
Like many other Kenyans, we frequently register to use various online services provided by the government and businesses. The registration process requires that we provide personal information including physical, postal address, telephone numbers, credit card numbers, etc. The younger generation and the young-at-heart are readily sharing “personally identifiable information” including photos and events through social networking sites including facebook, youtube, myspace, flickr, twitter, etc.
Personal information collected and made available in the public domain such as the electoral register, telephone directory can be combined with information for example from supermarkets loyalty cards to create valuable market information to track individual preferences and purchase profiles. This information may unfortunately be subject to abuse and theft. Consequently, ‘trust’ in policies and the security measures that the government and businesses establish to protect user information is therefore an essential element for the success of e-transactions (both e-government and e-commerce)
- How can we create a cyber security culture in Kenya? What is the role of the educators, peers and parents in digital literacy with respect to privacy and security? - Does the current legal environment provide for the protection of privacy on the internet? How can we establish a balance between security and right to privacy?
Looking forward to hearing from you.
Kind regards
Mwende
References
1. Protecting your Privacy on the Internet: http://privacy.gov.au/internet/internet_privacy/index.html#2
2. Privacy Policies: http://www.facebook.com/policy.php?ref=pf, http://twitter.com/privacy
3. Article 12 of the Universal Declaration of Human Rights : http://www.un.org/en/documents/udhr/index.shtml#a12
4. Office of the Privacy Commissioner of Canada: Protecting Your Privacy on the Internet: http://www.priv.gc.ca/fs-fi/02_05_d_13_e.cfm
5. Privacy illustrations: http://www.priv.gc.ca/information/illustrations/index_e.cfm
6. http://www.diplomacy.edu/ISL/IG/
*Disclaimer: Views expressed here are the author’s own*
________________________________________________________________________ This e-mail has been scanned for all viruses by Star. The service is powered by MessageLabs. For more information on a proactive anti-virus service working around the clock, around the globe, visit: http://www.star.net.uk ________________________________________________________________________
DFID, the Department for International Development: leading the British Government's fight against world poverty. Find out more about the major global poverty challenges and get the facts on what DFID is doing to fight them: http://www.dfid.gov.uk ______________________________________________________________________
This e-mail has been scanned for all viruses by Peapod. The service is powered by MessageLabs. For more information on a proactive anti-virus service working around the clock, around the globe, visit: http://www.peapod.co.uk/cleanmail
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke http://lists.kictanet.or.ke/mailman/listinfo/kictanet
This message was sent to: crystal@voicesofafrica.org Unsubscribe or change your options at http://lists.kictanet.or.ke/mailman/options/kictanet/crystal%40voicesofafric...
-- Crystal "Naliaka" Watley Kigoni Voices of Africa for Sustainable Development crystal@voicesofafrica.org http://www.voicesofafrica.org/ "You must be the change you wish to see" - Gandhi
somewhat related to this discussion, please see http://www.bdafrica.com/index.php?option=com_content&task=view&id=14416&Itemid=5821 Evans On Tue, May 5, 2009 at 1:47 AM, Victor Gathara <v-gathara@dfid.gov.uk>wrote:
Its only when we have something valuable exposed that we move to secure it. I think that the move toward securing the Kenyan netspace will only take off once we have important content online such as financial history, credit card information, address information and so on. This requires legislation. The FOI act should be speeded up to 'force' government to avail data online. The recently signed (then unsigned?) law on communications has some enabling legislation for e-commerce. Not sure it takes into account security but government should be clear on who the onus to secure data on one's network is. I think more a problem for industry players than 'Wanjiku'...If you create a site where you require my credit card details then by all means you should take the blow if someone steals the info and misuses my card!
Victor
------------------------------ *From:* kictanet-bounces+v-gathara=dfid.gov.uk@lists.kictanet.or.ke[mailto: kictanet-bounces+v-gathara <kictanet-bounces%2Bv-gathara>=dfid.gov.uk@ lists.kictanet.or.ke] *On Behalf Of *mwende njiraini *Sent:* 04 May 2009 09:00 *To:* Victor Gathara *Cc:* KICTAnet ICT Policy Discussions *Subject:* [kictanet] IG Discussion 2009, Day 6 of 10
Good morning,
The focus of our discussion this week is on cybersecurity and trust. We will seek to address privacy and data security issues.
Like many other Kenyans, we frequently register to use various online services provided by the government and businesses. The registration process requires that we provide personal information including physical, postal address, telephone numbers, credit card numbers, etc. The younger generation and the young-at-heart are readily sharing “personally identifiable information” including photos and events through social networking sites including facebook, youtube, myspace, flickr, twitter, etc.
Personal information collected and made available in the public domain such as the electoral register, telephone directory can be combined with information for example from supermarkets loyalty cards to create valuable market information to track individual preferences and purchase profiles. This information may unfortunately be subject to abuse and theft. Consequently, ‘trust’ in policies and the security measures that the government and businesses establish to protect user information is therefore an essential element for the success of e-transactions (both e-government and e-commerce)
- How can we create a cyber security culture in Kenya? What is the role of the educators, peers and parents in digital literacy with respect to privacy and security? - Does the current legal environment provide for the protection of privacy on the internet? How can we establish a balance between security and right to privacy?
Looking forward to hearing from you.
Kind regards
Mwende
References
1. Protecting your Privacy on the Internet: http://privacy.gov.au/internet/internet_privacy/index.html#2
2. Privacy Policies: http://www.facebook.com/policy.php?ref=pf, http://twitter.com/privacy
3. Article 12 of the Universal Declaration of Human Rights : http://www.un.org/en/documents/udhr/index.shtml#a12
4. Office of the Privacy Commissioner of Canada: Protecting Your Privacy on the Internet: http://www.priv.gc.ca/fs-fi/02_05_d_13_e.cfm
5. Privacy illustrations: http://www.priv.gc.ca/information/illustrations/index_e.cfm
6. http://www.diplomacy.edu/ISL/IG/
*Disclaimer: Views expressed here are the author’s own*
________________________________________________________________________ This e-mail has been scanned for all viruses by Star. The service is powered by MessageLabs. For more information on a proactive anti-virus service working around the clock, around the globe, visit: http://www.star.net.uk ________________________________________________________________________
DFID, the Department for International Development: leading the British Government's fight against world poverty. Find out more about the major global poverty challenges and get the facts on what DFID is doing to fight them: http://www.dfid.gov.uk ______________________________________________________________________
This e-mail has been scanned for all viruses by Peapod. The service is powered by MessageLabs. For more information on a proactive anti-virus service working around the clock, around the globe, visit: http://www.peapod.co.uk/cleanmail
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke http://lists.kictanet.or.ke/mailman/listinfo/kictanet
This message was sent to: ifani.kinos@gmail.com Unsubscribe or change your options at http://lists.kictanet.or.ke/mailman/options/kictanet/ifani.kinos%40gmail.com
participants (7)
-
Crystal Watley -
Evans Kahuthu -
John Walubengo -
Judy Okite -
mwende njiraini -
Solomon Mburu -
Victor Gathara