Re: [kictanet] IG Discussion 2009, Day 9 of 10 - National Cybersecurity strategies
Morning, Reference to email below - you may wish to make reference to the following additional resources - One more CERT in Africa: Mauritius Gets Computer Emergency Response Team - http://www.pcworld.com/businesscenter/article/146123/mauritius_gets_computer... - CERT is located at Carnegie Mellon University, involved in Internet security vunerabilities, long term network changes research: http://www.cert.org/ - Team Cymru is a specialized Internet security research firm : http://www.team-cymru.org/ - FIRST is the global Forum for Incident Response and Security Teams: http://www.first.org/ Kind regards Mwende Please note the change in the subject line today is IG Discussion 2009,*Day 9 of 10 * *Disclaimer: Views expressed here (except those quoted or referenced) are the author’s own* On 5/7/09, mwende njiraini <mwende.njiraini@gmail.com> wrote:
Good morning,
Today we have the opportunity of discussing the last aspect of cybersecurity: Computer Security Incident Response Teams (CSIRTs)/Computer Emergency Response Teams (CERT). CSIRTs/CERTs are responsible for preparing for, detecting, managing and responding to cybersecurity incidents as well as creating consumer awareness.
Global cybersecurity is said to be ‘as strong as the weakest link’. Developing countries particularly in Africa have not sufficiently addressed cybersecurity issues. While some countries have initiated efforts to develop cybersecurity capabilities through the establishment of National CSIRTs/CERTs, the CERT-TCC in Tunisia is the only active national CERT in Africa (http://www.ansi.tn/en/about_cert-tcc.htm).
In establishing a National CERT/CSIRT…
- What structure could be adopted? - What services should be offered? - What elements could be considered to establish trust in this institution thereby encouraging organizations with critical information infrastructure (CII) such as government agencies, banks, educational institutions, water and power companies, etc, to share of cybersecurity incidents?
Kind regards
Mwende
*Disclaimer: Views expressed here (except those quoted or referenced) are the author’s own*
Emergency Response Teams? - for Computer or other disasters? Very difficult concept for Kenyans. We live in a culture that thrives on crisis-management...I bet 99.9% of Kenyan graduates submitted their final projects - or +2hr before and after the deadline. Its a culture that must be overcome if we shall ever setup a computer emergency response team. walu. nb: but maybe we could learn from the medical practitioners, they seem to respond better to swine, chicken and other emerging cocktails of flu. --- On Thu, 5/7/09, mwende njiraini <mwende.njiraini@gmail.com> wrote:
From: mwende njiraini <mwende.njiraini@gmail.com> Subject: Re: [kictanet] IG Discussion 2009, Day 9 of 10 - National Cybersecurity strategies To: jwalu@yahoo.com Cc: "KICTAnet ICT Policy Discussions" <kictanet@lists.kictanet.or.ke> Date: Thursday, May 7, 2009, 10:36 AM Morning,
Reference to email below - you may wish to make reference to the following additional resources
- One more CERT in Africa: Mauritius Gets Computer Emergency Response Team -
http://www.pcworld.com/businesscenter/article/146123/mauritius_gets_computer... - CERT is located at Carnegie Mellon University, involved in Internet security vunerabilities, long term network changes research: http://www.cert.org/ - Team Cymru is a specialized Internet security research firm : http://www.team-cymru.org/ - FIRST is the global Forum for Incident Response and Security Teams: http://www.first.org/
Kind regards Mwende Please note the change in the subject line today is IG Discussion 2009,*Day 9 of 10 *
*Disclaimer: Views expressed here (except those quoted or referenced) are the author’s own*
On 5/7/09, mwende njiraini <mwende.njiraini@gmail.com> wrote:
Good morning,
Today we have the opportunity of discussing the last aspect of cybersecurity: Computer Security Incident Response Teams (CSIRTs)/Computer Emergency Response Teams (CERT). CSIRTs/CERTs are responsible for preparing for, detecting, managing and responding to cybersecurity incidents as well as creating consumer awareness.
Global cybersecurity is said to be ‘as strong as the weakest link’. Developing countries particularly in Africa have not sufficiently addressed cybersecurity issues. While some countries have initiated efforts to develop cybersecurity capabilities through the establishment of National CSIRTs/CERTs, the CERT-TCC in Tunisia is the only active national CERT in Africa (http://www.ansi.tn/en/about_cert-tcc.htm).
In establishing a National CERT/CSIRT…
- What structure could be adopted? - What services should be offered? - What elements could be considered to establish trust in this institution thereby encouraging organizations with critical information infrastructure (CII) such as government agencies, banks, educational institutions, water and power companies, etc, to share of cybersecurity incidents?
Kind regards
Mwende
*Disclaimer: Views expressed here (except those quoted or referenced) are the author’s own*
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke http://lists.kictanet.or.ke/mailman/listinfo/kictanet
This message was sent to: jwalu@yahoo.com Unsubscribe or change your options at http://lists.kictanet.or.ke/mailman/options/kictanet/jwalu%40yahoo.com
Walu, Sorry I am coming in at the tail end...but is the question here an issue of we cannot do it? or we do not want to do it? or we cannot justify prioritizing doing it? Nyaki ________________________________ From: John Walubengo <jwalu@yahoo.com> To: elizaslider@yahoo.com Cc: KICTAnet ICT Policy Discussions <kictanet@lists.kictanet.or.ke> Sent: Thursday, May 7, 2009 1:57:26 PM Subject: Re: [kictanet] IG Discussion 2009, Day 9 of 10 - National Cybersecurity strategies Emergency Response Teams? - for Computer or other disasters? Very difficult concept for Kenyans. We live in a culture that thrives on crisis-management...I bet 99.9% of Kenyan graduates submitted their final projects - or +2hr before and after the deadline. Its a culture that must be overcome if we shall ever setup a computer emergency response team. walu. nb: but maybe we could learn from the medical practitioners, they seem to respond better to swine, chicken and other emerging cocktails of flu. --- On Thu, 5/7/09, mwende njiraini <mwende.njiraini@gmail.com> wrote:
From: mwende njiraini <mwende.njiraini@gmail.com> Subject: Re: [kictanet] IG Discussion 2009, Day 9 of 10 - National Cybersecurity strategies To: jwalu@yahoo.com Cc: "KICTAnet ICT Policy Discussions" <kictanet@lists.kictanet.or.ke> Date: Thursday, May 7, 2009, 10:36 AM Morning,
Reference to email below - you may wish to make reference to the following additional resources
- One more CERT in Africa: Mauritius Gets Computer Emergency Response Team -
http://www.pcworld.com/businesscenter/article/146123/mauritius_gets_computer... - CERT is located at Carnegie Mellon University, involved in Internet security vunerabilities, long term network changes research: http://www.cert.org/ - Team Cymru is a specialized Internet security research firm : http://www.team-cymru.org/ - FIRST is the global Forum for Incident Response and Security Teams: http://www.first.org/
Kind regards Mwende Please note the change in the subject line today is IG Discussion 2009,*Day 9 of 10 *
*Disclaimer: Views expressed here (except those quoted or referenced) are the author’s own*
On 5/7/09, mwende njiraini <mwende.njiraini@gmail.com> wrote:
Good morning,
Today we have the opportunity of discussing the last aspect of cybersecurity: Computer Security Incident Response Teams (CSIRTs)/Computer Emergency Response Teams (CERT). CSIRTs/CERTs are responsible for preparing for, detecting, managing and responding to cybersecurity incidents as well as creating consumer awareness.
Global cybersecurity is said to be ‘as strong as the weakest link’. Developing countries particularly in Africa have not sufficiently addressed cybersecurity issues. While some countries have initiated efforts to develop cybersecurity capabilities through the establishment of National CSIRTs/CERTs, the CERT-TCC in Tunisia is the only active national CERT in Africa (http://www.ansi.tn/en/about_cert-tcc.htm).
In establishing a National CERT/CSIRT…
- What structure could be adopted? - What services should be offered? - What elements could be considered to establish trust in this institution thereby encouraging organizations with critical information infrastructure (CII) such as government agencies, banks, educational institutions, water and power companies, etc, to share of cybersecurity incidents?
Kind regards
Mwende
*Disclaimer: Views expressed here (except those quoted or referenced) are the author’s own*
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke http://lists.kictanet.or.ke/mailman/listinfo/kictanet
This message was sent to: jwalu@yahoo.com Unsubscribe or change your options at http://lists.kictanet.or.ke/mailman/options/kictanet/jwalu%40yahoo.com
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke http://lists.kictanet.or.ke/mailman/listinfo/kictanet This message was sent to: elizaslider@yahoo.com Unsubscribe or change your options at http://lists.kictanet.or.ke/mailman/options/kictanet/elizaslider%40yahoo.com
In my opinion there appears to be some ambiguity within our instituional structures. When it comes to Cybersecurity issues how does the NSIS for instance come in since it is a critical stakeholder. I am weary of non state actors taking up responsibilities that they might not be well equiped to handle, maybe PPP could work here Thanks On Thu, May 7, 2009 at 11:46 PM, Catherine Adeya <elizaslider@yahoo.com>wrote:
Walu,
Sorry I am coming in at the tail end...but is the question here an issue of we cannot do it? or we do not want to do it? or we cannot justify prioritizing doing it?
Nyaki
------------------------------ *From:* John Walubengo <jwalu@yahoo.com> *To:* elizaslider@yahoo.com *Cc:* KICTAnet ICT Policy Discussions <kictanet@lists.kictanet.or.ke> *Sent:* Thursday, May 7, 2009 1:57:26 PM
*Subject:* Re: [kictanet] IG Discussion 2009, Day 9 of 10 - National Cybersecurity strategies
Emergency Response Teams? - for Computer or other disasters? Very difficult concept for Kenyans. We live in a culture that thrives on crisis-management...I bet 99.9% of Kenyan graduates submitted their final projects - or +2hr before and after the deadline.
Its a culture that must be overcome if we shall ever setup a computer emergency response team.
walu. nb: but maybe we could learn from the medical practitioners, they seem to respond better to swine, chicken and other emerging cocktails of flu.
--- On Thu, 5/7/09, mwende njiraini <mwende.njiraini@gmail.com> wrote:
From: mwende njiraini <mwende.njiraini@gmail.com> Subject: Re: [kictanet] IG Discussion 2009, Day 9 of 10 - National Cybersecurity strategies To: jwalu@yahoo.com Cc: "KICTAnet ICT Policy Discussions" <kictanet@lists.kictanet.or.ke> Date: Thursday, May 7, 2009, 10:36 AM Morning,
Reference to email below - you may wish to make reference to the following additional resources
- One more CERT in Africa: Mauritius Gets Computer Emergency Response Team -
http://www.pcworld.com/businesscenter/article/146123/mauritius_gets_computer...
- CERT is located at Carnegie Mellon University, involved in Internet security vunerabilities, long term network changes research: http://www.cert.org/ - Team Cymru is a specialized Internet security research firm : http://www.team-cymru.org/ - FIRST is the global Forum for Incident Response and Security Teams: http://www.first.org/
Kind regards Mwende Please note the change in the subject line today is IG Discussion 2009,*Day 9 of 10 *
*Disclaimer: Views expressed here (except those quoted or referenced) are the author’s own*
On 5/7/09, mwende njiraini <mwende.njiraini@gmail.com> wrote:
Good morning,
Today we have the opportunity of discussing the last aspect of cybersecurity: Computer Security Incident Response Teams (CSIRTs)/Computer Emergency Response Teams (CERT). CSIRTs/CERTs are responsible for preparing for, detecting, managing and responding to cybersecurity incidents as well as creating consumer awareness.
Global cybersecurity is said to be ‘as strong as the weakest link’. Developing countries particularly in Africa have not sufficiently addressed cybersecurity issues. While some countries have initiated efforts to develop cybersecurity capabilities through the establishment of National CSIRTs/CERTs, the CERT-TCC in Tunisia is the only active national CERT in Africa (http://www.ansi.tn/en/about_cert-tcc.htm).
In establishing a National CERT/CSIRT…
- What structure could be adopted? - What services should be offered? - What elements could be considered to establish trust in this institution thereby encouraging organizations with critical information infrastructure (CII) such as government agencies, banks, educational institutions, water and power companies, etc, to share of cybersecurity incidents?
Kind regards
Mwende
*Disclaimer: Views expressed here (except those quoted or referenced) are the author’s own*
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke http://lists.kictanet.or.ke/mailman/listinfo/kictanet
This message was sent to: jwalu@yahoo.com Unsubscribe or change your options at http://lists.kictanet.or.ke/mailman/options/kictanet/jwalu%40yahoo.com
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke http://lists.kictanet.or.ke/mailman/listinfo/kictanet
This message was sent to: elizaslider@yahoo.com Unsubscribe or change your options at http://lists.kictanet.or.ke/mailman/options/kictanet/elizaslider%40yahoo.com
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke http://lists.kictanet.or.ke/mailman/listinfo/kictanet
This message was sent to: otieno.barrack@gmail.com Unsubscribe or change your options at http://lists.kictanet.or.ke/mailman/options/kictanet/otieno.barrack%40gmail....
-- Barrack O. Otieno ISSEN CONSULTING Tel: +254721325277 +254733206359 http://projectdiscovery.or.ke To give up the task of reforming society is to give up ones responsibility as a free man. Alan Paton, South Africa
Thanx Mwende for your 4day moderation on Security issues. Ofcourse more credit to the contributors whose insights am sure are being digested by stakeholders...feel free to make belated contributions. Today I want to introduce the second last theme before Mwende takes us through the Closure and Way forward on Monday 11th May 2009. Basically, we want to review the various "hybrid" electronic payments systems and their corresponding legal and regulatory frameworks. Hybrid electronic payment system exclude the traditional banking systmes which do have time-tested and proven legal/ regulatory frameworks. Typically they refer to emerging e-Payment systems that have been best exemplified by the MPESA/Zap phenomena. Such systems cut accross multiple industries (Banking, Telecommunication and IT) and present a huge challenge in terms of regulation/legislation. In developed economies, such systems have multiple legislation/regulation that demands that the entities involved in such ePayment services abide by strict Data Protection Acts which protect the customer data/privacy as well as other eLegislation (eCrime, eTransaction) that provides deterrence and assurance mechanism. In layman terms, consider an MPESA/ZAP User who sends value of 30,000Ksh from their mobile phone account to the parents upcountry when the following happens: 1. Disaster strikes and the electronic records are lost (whose liable?-it happened in 9/11, Tsunami, etc) 2. The Parents claim that they didnt recieve the money or worse still the sender claim they never send the money (non-repudiation issues) 3. An eCrime suspect is charged with altering ePayments records at the source (inside job/judicial issues) In general, do we have frameworks to protect consumers and businesses against such risks above and do we have investigative and judicial capacity to administer e-Crime related justice? What role should the Regulator (CCK), Banking (CBK), Police and Judiciary (NOT) have in these frameworks? Lets try and give views within today (1day)... walu.
Imoh, Ministry of Info and Comms should take the lead in legislation affecting the ICT sector and have an overall management role in it. I think some sort of IT security czar is required (or already exists) and may rightly sit in the CCK. The ministry should up its communication strategy even now to alert all on where we are regarding ICT security. All seems unclear because we (or maybe I) am unaware of what laws/structures are in place in government to address this issue. Over to you Dr Ndemo! Victor -----Original Message----- From: kictanet-bounces+v-gathara=dfid.gov.uk@lists.kictanet.or.ke [mailto:kictanet-bounces+v-gathara=dfid.gov.uk@lists.kictanet.or.ke] On Behalf Of John Walubengo Sent: 08 May 2009 08:27 To: Victor Gathara Cc: KICTAnet ICT Policy Discussions Subject: Re: [kictanet] IG Discussion 2009,Day 10 of 10 - ePayment Systems and Regulation Thanx Mwende for your 4day moderation on Security issues. Ofcourse more credit to the contributors whose insights am sure are being digested by stakeholders...feel free to make belated contributions. Today I want to introduce the second last theme before Mwende takes us through the Closure and Way forward on Monday 11th May 2009. Basically, we want to review the various "hybrid" electronic payments systems and their corresponding legal and regulatory frameworks. Hybrid electronic payment system exclude the traditional banking systmes which do have time-tested and proven legal/ regulatory frameworks. Typically they refer to emerging e-Payment systems that have been best exemplified by the MPESA/Zap phenomena. Such systems cut accross multiple industries (Banking, Telecommunication and IT) and present a huge challenge in terms of regulation/legislation. In developed economies, such systems have multiple legislation/regulation that demands that the entities involved in such ePayment services abide by strict Data Protection Acts which protect the customer data/privacy as well as other eLegislation (eCrime, eTransaction) that provides deterrence and assurance mechanism. In layman terms, consider an MPESA/ZAP User who sends value of 30,000Ksh from their mobile phone account to the parents upcountry when the following happens: 1. Disaster strikes and the electronic records are lost (whose liable?-it happened in 9/11, Tsunami, etc) 2. The Parents claim that they didnt recieve the money or worse still the sender claim they never send the money (non-repudiation issues) 3. An eCrime suspect is charged with altering ePayments records at the source (inside job/judicial issues) In general, do we have frameworks to protect consumers and businesses against such risks above and do we have investigative and judicial capacity to administer e-Crime related justice? What role should the Regulator (CCK), Banking (CBK), Police and Judiciary (NOT) have in these frameworks? Lets try and give views within today (1day)... walu. _______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke http://lists.kictanet.or.ke/mailman/listinfo/kictanet This message was sent to: v-gathara@dfid.gov.uk Unsubscribe or change your options at http://lists.kictanet.or.ke/mailman/options/kictanet/v-gathara%40dfid.go v.uk ________________________________________________________________________ This e-mail has been scanned for all viruses by Star. The service is powered by MessageLabs. For more information on a proactive anti-virus service working around the clock, around the globe, visit: http://www.star.net.uk ________________________________________________________________________ DFID, the Department for International Development: leading the British Government's fight against world poverty. Find out more about the major global poverty challenges and get the facts on what DFID is doing to fight them: http://www.dfid.gov.uk ______________________________________________________________________ This e-mail has been scanned for all viruses by Peapod. The service is powered by MessageLabs. For more information on a proactive anti-virus service working around the clock, around the globe, visit: http://www.peapod.co.uk/cleanmail
Walu, these talk should be extend for two days because this topic touches the heart of many Kenyans and it involves, yes, money. So exhausting this issue is an important step for the sake of Kenyans in the upcountry! On 08/05/2009, John Walubengo <jwalu@yahoo.com> wrote:
Thanx Mwende for your 4day moderation on Security issues. Ofcourse more credit to the contributors whose insights am sure are being digested by stakeholders...feel free to make belated contributions.
Today I want to introduce the second last theme before Mwende takes us through the Closure and Way forward on Monday 11th May 2009. Basically, we want to review the various "hybrid" electronic payments systems and their corresponding legal and regulatory frameworks.
Hybrid electronic payment system exclude the traditional banking systmes which do have time-tested and proven legal/ regulatory frameworks. Typically they refer to emerging e-Payment systems that have been best exemplified by the MPESA/Zap phenomena. Such systems cut accross multiple industries (Banking, Telecommunication and IT) and present a huge challenge in terms of regulation/legislation.
In developed economies, such systems have multiple legislation/regulation that demands that the entities involved in such ePayment services abide by strict Data Protection Acts which protect the customer data/privacy as well as other eLegislation (eCrime, eTransaction) that provides deterrence and assurance mechanism.
In layman terms, consider an MPESA/ZAP User who sends value of 30,000Ksh from their mobile phone account to the parents upcountry when the following happens: 1. Disaster strikes and the electronic records are lost (whose liable?-it happened in 9/11, Tsunami, etc) 2. The Parents claim that they didnt recieve the money or worse still the sender claim they never send the money (non-repudiation issues) 3. An eCrime suspect is charged with altering ePayments records at the source (inside job/judicial issues)
In general, do we have frameworks to protect consumers and businesses against such risks above and do we have investigative and judicial capacity to administer e-Crime related justice? What role should the Regulator (CCK), Banking (CBK), Police and Judiciary (NOT) have in these frameworks?
Lets try and give views within today (1day)...
walu.
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke http://lists.kictanet.or.ke/mailman/listinfo/kictanet
This message was sent to: solo.mburu@gmail.com Unsubscribe or change your options at http://lists.kictanet.or.ke/mailman/options/kictanet/solo.mburu%40gmail.com
-- Man is a gregarious animal and enjoys agreement as cows will graze all the same way to the side of a hill!
feel free to contribute, today and tmrw. Will move to another theme on Monday. walu. --- On Fri, 5/8/09, Solomon Mburu <solo.mburu@gmail.com> wrote:
From: Solomon Mburu <solo.mburu@gmail.com> Subject: Re: [kictanet] IG Discussion 2009, Day 10 of 10 - ePayment Systems and Regulation To: jwalu@yahoo.com Cc: "KICTAnet ICT Policy Discussions" <kictanet@lists.kictanet.or.ke> Date: Friday, May 8, 2009, 1:26 PM Walu, these talk should be extend for two days because this topic touches the heart of many Kenyans and it involves, yes, money. So exhausting this issue is an important step for the sake of Kenyans in the upcountry!
On 08/05/2009, John Walubengo <jwalu@yahoo.com> wrote:
Thanx Mwende for your 4day moderation on Security
credit to the contributors whose insights am sure are being digested by stakeholders...feel free to make belated contributions.
Today I want to introduce the second last theme before Mwende takes us through the Closure and Way forward on Monday 11th May
want to review the various "hybrid" electronic payments systems and their corresponding legal and regulatory frameworks.
Hybrid electronic payment system exclude the
which do have time-tested and proven legal/ regulatory
they refer to emerging e-Payment systems that have been best exemplified by the MPESA/Zap phenomena. Such systems cut accross multiple industries (Banking, Telecommunication and IT) and present a huge challenge in terms of regulation/legislation.
In developed economies, such systems have multiple legislation/regulation that demands that the entities involved in such ePayment services abide by strict Data Protection Acts which protect the customer data/privacy as well as other eLegislation (eCrime, eTransaction) that
assurance mechanism.
In layman terms, consider an MPESA/ZAP User who sends value of 30,000Ksh from their mobile phone account to the parents upcountry when the following happens: 1. Disaster strikes and the electronic records are lost (whose liable?-it happened in 9/11, Tsunami, etc) 2. The Parents claim that they didnt recieve the money or worse still the sender claim they never send the money (non-repudiation issues) 3. An eCrime suspect is charged with altering ePayments records at the source (inside job/judicial issues)
In general, do we have frameworks to protect consumers and businesses against such risks above and do we have investigative and judicial capacity to administer e-Crime related justice? What role should the Regulator (CCK), Banking (CBK), Police and Judiciary (NOT) have in
issues. Ofcourse more 2009. Basically, we traditional banking systmes frameworks. Typically provides deterrence and these frameworks?
Lets try and give views within today (1day)...
walu.
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke http://lists.kictanet.or.ke/mailman/listinfo/kictanet
This message was sent to: solo.mburu@gmail.com Unsubscribe or change your options at
http://lists.kictanet.or.ke/mailman/options/kictanet/solo.mburu%40gmail.com
-- Man is a gregarious animal and enjoys agreement as cows will graze all the same way to the side of a hill!
Walu your analogy or discovery points at a very interesting area - our education system - If you do not train a child how he/she should grow how do you expect them to be what you envision? Nyaki's questions are quite sport on! I my humble view I would beg to ask what kind of investment that the government has put down on this non-tangible risk or threat depending on how you look at it. Our current political environment may not be too interested on matters digital if things that make perfect sense such as environmental preservation (read Mau) have to have a protracted political battle and we can all see the effects of poor resource management. If our Intelligence agents (NISIS - CID) were more Techie savvy I think it would be a great boost just as Barrack mentioned in his post. However it all has to start somewhere, if Kenya has a CERT up an running we shall surely be starting on the right foot preempting disaster or cyber security issues and taking appropriate action rather than fighting fires! without fire equipment :) just for a the sake of argument - if the Migingo row degenerated further -God forbid- and a Cyber war broke out how would Kenya defend its Internet infrastructure from its aggressors? (in this case UG-sounds wired but hey its possible) read this article about the Russian Gorgian conflict that went all the way to the web! http://blogs.zdnet.com/security/?p=1670 On Fri, May 8, 2009 at 12:33 AM, Barrack Otieno <otieno.barrack@gmail.com>wrote:
In my opinion there appears to be some ambiguity within our instituional structures. When it comes to Cybersecurity issues how does the NSIS for instance come in since it is a critical stakeholder. I am weary of non state actors taking up responsibilities that they might not be well equiped to handle, maybe PPP could work here Thanks
On Thu, May 7, 2009 at 11:46 PM, Catherine Adeya <elizaslider@yahoo.com>wrote:
Walu,
Sorry I am coming in at the tail end...but is the question here an issue of we cannot do it? or we do not want to do it? or we cannot justify prioritizing doing it?
Nyaki
------------------------------ *From:* John Walubengo <jwalu@yahoo.com> *To:* elizaslider@yahoo.com *Cc:* KICTAnet ICT Policy Discussions <kictanet@lists.kictanet.or.ke> *Sent:* Thursday, May 7, 2009 1:57:26 PM
*Subject:* Re: [kictanet] IG Discussion 2009, Day 9 of 10 - National Cybersecurity strategies
Emergency Response Teams? - for Computer or other disasters? Very difficult concept for Kenyans. We live in a culture that thrives on crisis-management...I bet 99.9% of Kenyan graduates submitted their final projects - or +2hr before and after the deadline.
Its a culture that must be overcome if we shall ever setup a computer emergency response team.
walu. nb: but maybe we could learn from the medical practitioners, they seem to respond better to swine, chicken and other emerging cocktails of flu.
--- On Thu, 5/7/09, mwende njiraini <mwende.njiraini@gmail.com> wrote:
From: mwende njiraini <mwende.njiraini@gmail.com> Subject: Re: [kictanet] IG Discussion 2009, Day 9 of 10 - National Cybersecurity strategies To: jwalu@yahoo.com Cc: "KICTAnet ICT Policy Discussions" <kictanet@lists.kictanet.or.ke> Date: Thursday, May 7, 2009, 10:36 AM Morning,
Reference to email below - you may wish to make reference to the following additional resources
- One more CERT in Africa: Mauritius Gets Computer Emergency Response Team -
http://www.pcworld.com/businesscenter/article/146123/mauritius_gets_computer...
- CERT is located at Carnegie Mellon University, involved in Internet security vunerabilities, long term network changes research: http://www.cert.org/ - Team Cymru is a specialized Internet security research firm : http://www.team-cymru.org/ - FIRST is the global Forum for Incident Response and Security Teams: http://www.first.org/
Kind regards Mwende Please note the change in the subject line today is IG Discussion 2009,*Day 9 of 10 *
*Disclaimer: Views expressed here (except those quoted or referenced) are the author’s own*
On 5/7/09, mwende njiraini <mwende.njiraini@gmail.com> wrote:
Good morning,
Today we have the opportunity of discussing the last aspect of cybersecurity: Computer Security Incident Response Teams (CSIRTs)/Computer Emergency Response Teams (CERT). CSIRTs/CERTs are responsible for preparing for, detecting, managing and responding to cybersecurity incidents as well as creating consumer awareness.
Global cybersecurity is said to be ‘as strong as the weakest link’. Developing countries particularly in Africa have not sufficiently addressed cybersecurity issues. While some countries have initiated efforts to develop cybersecurity capabilities through the establishment of National CSIRTs/CERTs, the CERT-TCC in Tunisia is the only active national CERT in Africa (http://www.ansi.tn/en/about_cert-tcc.htm).
In establishing a National CERT/CSIRT…
- What structure could be adopted? - What services should be offered? - What elements could be considered to establish trust in this institution thereby encouraging organizations with critical information infrastructure (CII) such as government agencies, banks, educational institutions, water and power companies, etc, to share of cybersecurity incidents?
Kind regards
Mwende
*Disclaimer: Views expressed here (except those quoted or referenced) are the author’s own*
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke http://lists.kictanet.or.ke/mailman/listinfo/kictanet
This message was sent to: jwalu@yahoo.com Unsubscribe or change your options at http://lists.kictanet.or.ke/mailman/options/kictanet/jwalu%40yahoo.com
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke http://lists.kictanet.or.ke/mailman/listinfo/kictanet
This message was sent to: elizaslider@yahoo.com Unsubscribe or change your options at http://lists.kictanet.or.ke/mailman/options/kictanet/elizaslider%40yahoo.com
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke http://lists.kictanet.or.ke/mailman/listinfo/kictanet
This message was sent to: otieno.barrack@gmail.com Unsubscribe or change your options at http://lists.kictanet.or.ke/mailman/options/kictanet/otieno.barrack%40gmail....
-- Barrack O. Otieno ISSEN CONSULTING Tel: +254721325277 +254733206359 http://projectdiscovery.or.ke To give up the task of reforming society is to give up ones responsibility as a free man. Alan Paton, South Africa
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke http://lists.kictanet.or.ke/mailman/listinfo/kictanet
This message was sent to: sam.gatere@gmail.com Unsubscribe or change your options at http://lists.kictanet.or.ke/mailman/options/kictanet/sam.gatere%40gmail.com
The war in Gaza had the same effects. (So much web defacing of Anti-muslim sites which Uganda was a victim, by Palestinians, and Israel Cyber attacks to Gaza TV Servers to broadcast their threats.) If you have watched Die Hard 4.0, that gives a pretty good example of what would happen if terror was taken all way to web. Check the Estonia cyber attack. Non of the Government sectors, in Kenya cares about Cyber Security or Cyber terror. Just try to explain to any of the IT big shots there about stuff like USSD being used by Terrorists (Mungiki etc) to spread propaganda. Most of them have no idea what USSD is and how it works and the protocols used in such technologies. Actually you will be amazed that the MNOs deal with the regulations here in Kenya. ./Chuks -- -- Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P I.T Security Analyst and Penetration Tester infosigmer@inbox.com {FORUM}http://lists.my.co.ke/pipermail/security/ http://nspkenya.blogspot.com/ http://chuksjonia.blogspot.com/ http://www.kamongo.co.ke/
Nyaki/Sam: My take was that we have the capacity to run Computer Emergency Response Teams (CERT) but we are not doing it. But am just attending the KENIC AGM and it looks like KENIC seems to have covered some ground in this area that could be used to crystalize the CERT idea. walu. --- On Fri, 5/8/09, Sam Gatere <sam.gatere@gmail.com> wrote:
From: Sam Gatere <sam.gatere@gmail.com> Subject: Re: [kictanet] IG Discussion 2009, Day 9 of 10 - National Cybersecurity strategies To: jwalu@yahoo.com Cc: "KICTAnet ICT Policy Discussions" <kictanet@lists.kictanet.or.ke> Date: Friday, May 8, 2009, 1:09 PM Walu your analogy or discovery points at a very interesting area - our education system - If you do not train a child how he/she should grow how do you expect them to be what you envision? Nyaki's questions are quite sport on! I my humble view I would beg to ask what kind of investment that the government has put down on this non-tangible risk or threat depending on how you look at it. Our current political environment may not be too interested on matters digital if things that make perfect sense such as environmental preservation (read Mau) have to have a protracted political battle and we can all see the effects of poor resource management. If our Intelligence agents (NISIS - CID) were more Techie savvy I think it would be a great boost just as Barrack mentioned in his post. However it all has to start somewhere, if Kenya has a CERT up an running we shall surely be starting on the right foot preempting disaster or cyber security issues and taking appropriate action rather than fighting fires! without fire equipment :) just for a the sake of argument - if the Migingo row degenerated further -God forbid- and a Cyber war broke out how would Kenya defend its Internet infrastructure from its aggressors? (in this case UG-sounds wired but hey its possible) read this article about the Russian Gorgian conflict that went all the way to the web!
http://blogs.zdnet.com/security/?p=1670
On Fri, May 8, 2009 at 12:33 AM, Barrack Otieno <otieno.barrack@gmail.com>wrote:
In my opinion there appears to be some ambiguity within our instituional structures. When it comes to Cybersecurity issues how does the NSIS for instance come in since it is a critical stakeholder. I am weary of non state actors taking up responsibilities that they might not be well equiped to handle, maybe PPP could work here Thanks
On Thu, May 7, 2009 at 11:46 PM, Catherine Adeya <elizaslider@yahoo.com>wrote:
Walu,
Sorry I am coming in at the tail end...but is the question here an issue of we cannot do it? or we do not want to do it? or we cannot justify prioritizing doing it?
Nyaki
------------------------------ *From:* John Walubengo <jwalu@yahoo.com> *To:* elizaslider@yahoo.com *Cc:* KICTAnet ICT Policy Discussions <kictanet@lists.kictanet.or.ke> *Sent:* Thursday, May 7, 2009 1:57:26 PM
*Subject:* Re: [kictanet] IG Discussion 2009, Day 9 of 10 - National Cybersecurity strategies
Emergency Response Teams? - for Computer or other disasters? Very difficult concept for Kenyans. We live in a culture that thrives on crisis-management...I bet 99.9% of Kenyan graduates submitted their final projects - or +2hr before and after the deadline.
Its a culture that must be overcome if we shall ever setup a computer emergency response team.
walu. nb: but maybe we could learn from the medical practitioners, they seem to respond better to swine, chicken and other emerging cocktails of flu.
--- On Thu, 5/7/09, mwende njiraini <mwende.njiraini@gmail.com> wrote:
From: mwende njiraini <mwende.njiraini@gmail.com> Subject: Re: [kictanet] IG Discussion 2009, Day 9 of 10 - National Cybersecurity strategies To: jwalu@yahoo.com Cc: "KICTAnet ICT Policy Discussions" <kictanet@lists.kictanet.or.ke> Date: Thursday, May 7, 2009, 10:36 AM Morning,
Reference to email below - you may wish to make reference to the following additional resources
- One more CERT in Africa: Mauritius Gets Computer Emergency Response Team -
- CERT is located at Carnegie Mellon University, involved in Internet security vunerabilities, long term network changes research: http://www.cert.org/ - Team Cymru is a specialized Internet security research firm : http://www.team-cymru.org/ - FIRST is the global Forum for Incident Response and Security Teams: http://www.first.org/
Kind regards Mwende Please note the change in the subject line today is IG Discussion 2009,*Day 9 of 10 *
*Disclaimer: Views expressed here (except
referenced) are the author’s own*
On 5/7/09, mwende njiraini <mwende.njiraini@gmail.com> wrote:
Good morning,
Today we have the opportunity of discussing the last aspect of cybersecurity: Computer Security Incident Response Teams (CSIRTs)/Computer Emergency Response Teams (CERT). CSIRTs/CERTs are responsible for preparing for, detecting, managing and responding to cybersecurity incidents as well as creating consumer awareness.
Global cybersecurity is said to be ‘as strong as the weakest link’. Developing countries particularly in Africa have not sufficiently addressed cybersecurity issues. While some countries have initiated efforts to develop cybersecurity capabilities
establishment of National
CSIRTs/CERTs, the CERT-TCC in Tunisia is
http://www.pcworld.com/businesscenter/article/146123/mauritius_gets_computer... those quoted or through the the only
Africa (http://www.ansi.tn/en/about_cert-tcc.htm).
In establishing a National CERT/CSIRT…
- What structure could be adopted? - What services should be offered? - What elements could be considered to establish
active national CERT in trust in this
institution thereby encouraging organizations with critical information infrastructure (CII) such as government agencies, banks, educational institutions, water and power companies, etc, to share of cybersecurity incidents?
Kind regards
Mwende
*Disclaimer: Views expressed here (except those quoted or referenced) are the author’s own*
kictanet mailing list kictanet@lists.kictanet.or.ke
http://lists.kictanet.or.ke/mailman/listinfo/kictanet
This message was sent to: jwalu@yahoo.com Unsubscribe or change your options at
http://lists.kictanet.or.ke/mailman/options/kictanet/jwalu%40yahoo.com
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke
http://lists.kictanet.or.ke/mailman/listinfo/kictanet
This message was sent to: elizaslider@yahoo.com Unsubscribe or change your options at
http://lists.kictanet.or.ke/mailman/options/kictanet/elizaslider%40yahoo.com
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke
http://lists.kictanet.or.ke/mailman/listinfo/kictanet
This message was sent to: otieno.barrack@gmail.com Unsubscribe or change your options at
http://lists.kictanet.or.ke/mailman/options/kictanet/otieno.barrack%40gmail....
-- Barrack O. Otieno ISSEN CONSULTING Tel: +254721325277 +254733206359 http://projectdiscovery.or.ke To give up the task of reforming society is to give up ones responsibility as a free man. Alan Paton, South Africa
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke http://lists.kictanet.or.ke/mailman/listinfo/kictanet
This message was sent to: sam.gatere@gmail.com Unsubscribe or change your options at
http://lists.kictanet.or.ke/mailman/options/kictanet/sam.gatere%40gmail.com
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke http://lists.kictanet.or.ke/mailman/listinfo/kictanet
This message was sent to: jwalu@yahoo.com Unsubscribe or change your options at http://lists.kictanet.or.ke/mailman/options/kictanet/jwalu%40yahoo.com
Thanks Walu, and what you have just written is an issue on its own. It is not completely on the topic we are discussing but allow me this once to digress. There are multiple initiatives going on in Kenya that many who should be cognizant about but are not. It is quite worrying sometimes that I find out so many developments in the ICT industry from researchers overseas....sometimes I have to cover up and quickly confirm the information and normally it is factual. I am very happy with what KENIC is doing and anyone else doing anything similar even if it is for an academic thesis, do share. There is alot of good research or ideas that gather dust in our local universities once the student has gotten his/her qualification, they move on and sometimes they are not encouraged to build on this ideas (local innovation). As I said I know I was digressing.....back to the topic. Nyaki ________________________________ From: John Walubengo <jwalu@yahoo.com> To: elizaslider@yahoo.com Cc: KICTAnet ICT Policy Discussions <kictanet@lists.kictanet.or.ke> Sent: Friday, May 8, 2009 11:55:37 AM Subject: Re: [kictanet] IG Discussion 2009, Day 9 of 10 - National Cybersecurity strategies Nyaki/Sam: My take was that we have the capacity to run Computer Emergency Response Teams (CERT) but we are not doing it. But am just attending the KENIC AGM and it looks like KENIC seems to have covered some ground in this area that could be used to crystalize the CERT idea. walu. --- On Fri, 5/8/09, Sam Gatere <sam.gatere@gmail.com> wrote:
From: Sam Gatere <sam.gatere@gmail.com> Subject: Re: [kictanet] IG Discussion 2009, Day 9 of 10 - National Cybersecurity strategies To: jwalu@yahoo.com Cc: "KICTAnet ICT Policy Discussions" <kictanet@lists.kictanet.or.ke> Date: Friday, May 8, 2009, 1:09 PM Walu your analogy or discovery points at a very interesting area - our education system - If you do not train a child how he/she should grow how do you expect them to be what you envision? Nyaki's questions are quite sport on! I my humble view I would beg to ask what kind of investment that the government has put down on this non-tangible risk or threat depending on how you look at it. Our current political environment may not be too interested on matters digital if things that make perfect sense such as environmental preservation (read Mau) have to have a protracted political battle and we can all see the effects of poor resource management. If our Intelligence agents (NISIS - CID) were more Techie savvy I think it would be a great boost just as Barrack mentioned in his post. However it all has to start somewhere, if Kenya has a CERT up an running we shall surely be starting on the right foot preempting disaster or cyber security issues and taking appropriate action rather than fighting fires! without fire equipment :) just for a the sake of argument - if the Migingo row degenerated further -God forbid- and a Cyber war broke out how would Kenya defend its Internet infrastructure from its aggressors? (in this case UG-sounds wired but hey its possible) read this article about the Russian Gorgian conflict that went all the way to the web!
http://blogs.zdnet.com/security/?p=1670
On Fri, May 8, 2009 at 12:33 AM, Barrack Otieno <otieno.barrack@gmail.com>wrote:
In my opinion there appears to be some ambiguity within our instituional structures. When it comes to Cybersecurity issues how does the NSIS for instance come in since it is a critical stakeholder. I am weary of non state actors taking up responsibilities that they might not be well equiped to handle, maybe PPP could work here Thanks
On Thu, May 7, 2009 at 11:46 PM, Catherine Adeya <elizaslider@yahoo.com>wrote:
Walu,
Sorry I am coming in at the tail end...but is the question here an issue of we cannot do it? or we do not want to do it? or we cannot justify prioritizing doing it?
Nyaki
------------------------------ *From:* John Walubengo <jwalu@yahoo.com> *To:* elizaslider@yahoo.com *Cc:* KICTAnet ICT Policy Discussions <kictanet@lists.kictanet.or.ke> *Sent:* Thursday, May 7, 2009 1:57:26 PM
*Subject:* Re: [kictanet] IG Discussion 2009, Day 9 of 10 - National Cybersecurity strategies
Emergency Response Teams? - for Computer or other disasters? Very difficult concept for Kenyans. We live in a culture that thrives on crisis-management...I bet 99.9% of Kenyan graduates submitted their final projects - or +2hr before and after the deadline.
Its a culture that must be overcome if we shall ever setup a computer emergency response team.
walu. nb: but maybe we could learn from the medical practitioners, they seem to respond better to swine, chicken and other emerging cocktails of flu.
--- On Thu, 5/7/09, mwende njiraini <mwende.njiraini@gmail.com> wrote:
From: mwende njiraini <mwende.njiraini@gmail.com> Subject: Re: [kictanet] IG Discussion 2009, Day 9 of 10 - National Cybersecurity strategies To: jwalu@yahoo.com Cc: "KICTAnet ICT Policy Discussions" <kictanet@lists.kictanet.or.ke> Date: Thursday, May 7, 2009, 10:36 AM Morning,
Reference to email below - you may wish to make reference to the following additional resources
- One more CERT in Africa: Mauritius Gets Computer Emergency Response Team -
- CERT is located at Carnegie Mellon University, involved in Internet security vunerabilities, long term network changes research: http://www.cert.org/ - Team Cymru is a specialized Internet security research firm : http://www.team-cymru.org/ - FIRST is the global Forum for Incident Response and Security Teams: http://www.first.org/
Kind regards Mwende Please note the change in the subject line today is IG Discussion 2009,*Day 9 of 10 *
*Disclaimer: Views expressed here (except
referenced) are the author’s own*
On 5/7/09, mwende njiraini <mwende.njiraini@gmail.com> wrote:
Good morning,
Today we have the opportunity of discussing the last aspect of cybersecurity: Computer Security Incident Response Teams (CSIRTs)/Computer Emergency Response Teams (CERT). CSIRTs/CERTs are responsible for preparing for, detecting, managing and responding to cybersecurity incidents as well as creating consumer awareness.
Global cybersecurity is said to be ‘as strong as the weakest link’. Developing countries particularly in Africa have not sufficiently addressed cybersecurity issues. While some countries have initiated efforts to develop cybersecurity capabilities
establishment of National
CSIRTs/CERTs, the CERT-TCC in Tunisia is
http://www.pcworld.com/businesscenter/article/146123/mauritius_gets_computer... those quoted or through the the only
Africa (http://www.ansi.tn/en/about_cert-tcc.htm).
In establishing a National CERT/CSIRT…
- What structure could be adopted? - What services should be offered? - What elements could be considered to establish
active national CERT in trust in this
institution thereby encouraging organizations with critical information infrastructure (CII) such as government agencies, banks, educational institutions, water and power companies, etc, to share of cybersecurity incidents?
Kind regards
Mwende
*Disclaimer: Views expressed here (except those quoted or referenced) are the author’s own*
kictanet mailing list kictanet@lists.kictanet.or.ke
http://lists.kictanet.or.ke/mailman/listinfo/kictanet
This message was sent to: jwalu@yahoo.com Unsubscribe or change your options at
http://lists.kictanet.or.ke/mailman/options/kictanet/jwalu%40yahoo.com
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke
http://lists.kictanet.or.ke/mailman/listinfo/kictanet
This message was sent to: elizaslider@yahoo.com Unsubscribe or change your options at
http://lists.kictanet.or.ke/mailman/options/kictanet/elizaslider%40yahoo.com
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke
http://lists.kictanet.or.ke/mailman/listinfo/kictanet
This message was sent to: otieno.barrack@gmail.com Unsubscribe or change your options at
http://lists.kictanet.or.ke/mailman/options/kictanet/otieno.barrack%40gmail....
-- Barrack O. Otieno ISSEN CONSULTING Tel: +254721325277 +254733206359 http://projectdiscovery.or.ke To give up the task of reforming society is to give up ones responsibility as a free man. Alan Paton, South Africa
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke http://lists.kictanet.or.ke/mailman/listinfo/kictanet
This message was sent to: sam.gatere@gmail.com Unsubscribe or change your options at
http://lists.kictanet.or.ke/mailman/options/kictanet/sam.gatere%40gmail.com
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke http://lists.kictanet.or.ke/mailman/listinfo/kictanet
This message was sent to: jwalu@yahoo.com Unsubscribe or change your options at http://lists.kictanet.or.ke/mailman/options/kictanet/jwalu%40yahoo.com
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke http://lists.kictanet.or.ke/mailman/listinfo/kictanet This message was sent to: elizaslider@yahoo.com Unsubscribe or change your options at http://lists.kictanet.or.ke/mailman/options/kictanet/elizaslider%40yahoo.com
Afternoon, I think Department of Defense should be taking a lead on this, rather than Kenic. -- -- Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P I.T Security Analyst and Penetration Tester infosigmer@inbox.com {FORUM}http://lists.my.co.ke/pipermail/security/ http://nspkenya.blogspot.com/ http://chuksjonia.blogspot.com/ http://www.kamongo.co.ke/
Hi All, Coming into this very very late. Security will remain what a colleague of mine refers to as "broccoli technology" basically its good (healthy for you) but we dont necessarily like the taste of it. The only time we get to eat broccoli is when the doctor orders. As such until when data & information forms the lifeline of our businesses shall we look at security more seriously. Regards, Michuki. Catherine Adeya wrote:
Walu,
Sorry I am coming in at the tail end...but is the question here an issue of we cannot do it? or we do not want to do it? or we cannot justify prioritizing doing it?
Nyaki
________________________________ From: John Walubengo <jwalu@yahoo.com> To: elizaslider@yahoo.com Cc: KICTAnet ICT Policy Discussions <kictanet@lists.kictanet.or.ke> Sent: Thursday, May 7, 2009 1:57:26 PM Subject: Re: [kictanet] IG Discussion 2009, Day 9 of 10 - National Cybersecurity strategies
Emergency Response Teams? - for Computer or other disasters? Very difficult concept for Kenyans. We live in a culture that thrives on crisis-management...I bet 99.9% of Kenyan graduates submitted their final projects - or +2hr before and after the deadline.
Its a culture that must be overcome if we shall ever setup a computer emergency response team.
walu. nb: but maybe we could learn from the medical practitioners, they seem to respond better to swine, chicken and other emerging cocktails of flu.
--- On Thu, 5/7/09, mwende njiraini <mwende.njiraini@gmail.com> wrote:
From: mwende njiraini <mwende.njiraini@gmail.com> Subject: Re: [kictanet] IG Discussion 2009, Day 9 of 10 - National Cybersecurity strategies To: jwalu@yahoo.com Cc: "KICTAnet ICT Policy Discussions" <kictanet@lists.kictanet.or.ke> Date: Thursday, May 7, 2009, 10:36 AM Morning,
Reference to email below - you may wish to make reference to the following additional resources
- One more CERT in Africa: Mauritius Gets Computer Emergency Response Team -
http://www.pcworld.com/businesscenter/article/146123/mauritius_gets_computer... - CERT is located at Carnegie Mellon University, involved in Internet security vunerabilities, long term network changes research: http://www.cert.org/ - Team Cymru is a specialized Internet security research firm : http://www.team-cymru.org/ - FIRST is the global Forum for Incident Response and Security Teams: http://www.first.org/
Kind regards Mwende Please note the change in the subject line today is IG Discussion 2009,*Day 9 of 10 *
*Disclaimer: Views expressed here (except those quoted or referenced) are the author’s own*
On 5/7/09, mwende njiraini <mwende.njiraini@gmail.com> wrote:
Good morning,
Today we have the opportunity of discussing the last aspect of cybersecurity: Computer Security Incident Response Teams (CSIRTs)/Computer Emergency Response Teams (CERT). CSIRTs/CERTs are responsible for preparing for, detecting, managing and responding to cybersecurity incidents as well as creating consumer awareness.
Global cybersecurity is said to be ‘as strong as the weakest link’. Developing countries particularly in Africa have not sufficiently addressed cybersecurity issues. While some countries have initiated efforts to develop cybersecurity capabilities through the establishment of National CSIRTs/CERTs, the CERT-TCC in Tunisia is the only active national CERT in Africa (http://www.ansi.tn/en/about_cert-tcc.htm).
In establishing a National CERT/CSIRT…
- What structure could be adopted? - What services should be offered? - What elements could be considered to establish trust in this institution thereby encouraging organizations with critical information infrastructure (CII) such as government agencies, banks, educational institutions, water and power companies, etc, to share of cybersecurity incidents?
Kind regards
Mwende
*Disclaimer: Views expressed here (except those quoted or referenced) are the author’s own*
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke http://lists.kictanet.or.ke/mailman/listinfo/kictanet
This message was sent to: jwalu@yahoo.com Unsubscribe or change your options at http://lists.kictanet.or.ke/mailman/options/kictanet/jwalu%40yahoo.com
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke http://lists.kictanet.or.ke/mailman/listinfo/kictanet
This message was sent to: elizaslider@yahoo.com Unsubscribe or change your options at http://lists.kictanet.or.ke/mailman/options/kictanet/elizaslider%40yahoo.com
------------------------------------------------------------------------
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke http://lists.kictanet.or.ke/mailman/listinfo/kictanet
This message was sent to: michuki@swiftkenya.com Unsubscribe or change your options at http://lists.kictanet.or.ke/mailman/options/kictanet/michuki%40swiftkenya.co...
Intersting analogy, broccoli technology! I find it quite befiting to your description. In our local scenario I think Security matters will only take center stage when we start seeing actual threats manifest into real security challenges. On Mon, May 11, 2009 at 10:51 AM, Michuki Mwangi <michuki@swiftkenya.com>wrote:
Hi All,
Coming into this very very late.
Security will remain what a colleague of mine refers to as "broccoli technology" basically its good (healthy for you) but we dont necessarily like the taste of it.
The only time we get to eat broccoli is when the doctor orders.
As such until when data & information forms the lifeline of our businesses shall we look at security more seriously.
Regards,
Michuki.
Walu,
Sorry I am coming in at the tail end...but is the question here an issue of we cannot do it? or we do not want to do it? or we cannot justify
Catherine Adeya wrote: prioritizing doing it?
Nyaki
________________________________ From: John Walubengo <jwalu@yahoo.com> To: elizaslider@yahoo.com Cc: KICTAnet ICT Policy Discussions <kictanet@lists.kictanet.or.ke> Sent: Thursday, May 7, 2009 1:57:26 PM Subject: Re: [kictanet] IG Discussion 2009, Day 9 of 10 - National
Cybersecurity strategies
Emergency Response Teams? - for Computer or other disasters? Very
difficult concept for Kenyans. We live in a culture that thrives on crisis-management...I bet 99.9% of Kenyan graduates submitted their final projects - or +2hr before and after the deadline.
Its a culture that must be overcome if we shall ever setup a computer
emergency response team.
walu. nb: but maybe we could learn from the medical practitioners, they seem to
respond better to swine, chicken and other emerging cocktails of flu.
--- On Thu, 5/7/09, mwende njiraini <mwende.njiraini@gmail.com> wrote:
From: mwende njiraini <mwende.njiraini@gmail.com> Subject: Re: [kictanet] IG Discussion 2009, Day 9 of 10 - National
Cybersecurity strategies
To: jwalu@yahoo.com Cc: "KICTAnet ICT Policy Discussions" <kictanet@lists.kictanet.or.ke> Date: Thursday, May 7, 2009, 10:36 AM Morning,
Reference to email below - you may wish to make reference to the following additional resources
- One more CERT in Africa: Mauritius Gets Computer Emergency Response Team -
http://www.pcworld.com/businesscenter/article/146123/mauritius_gets_computer...
- CERT is located at Carnegie Mellon University, involved in Internet security vunerabilities, long term network changes research: http://www.cert.org/ - Team Cymru is a specialized Internet security research firm : http://www.team-cymru.org/ - FIRST is the global Forum for Incident Response and Security Teams: http://www.first.org/
Kind regards Mwende Please note the change in the subject line today is IG Discussion 2009,*Day 9 of 10 *
*Disclaimer: Views expressed here (except those quoted or referenced) are the author’s own*
On 5/7/09, mwende njiraini <mwende.njiraini@gmail.com> wrote:
Good morning,
Today we have the opportunity of discussing the last aspect of cybersecurity: Computer Security Incident Response Teams (CSIRTs)/Computer Emergency Response Teams (CERT). CSIRTs/CERTs are responsible for preparing for, detecting, managing and responding to cybersecurity incidents as well as creating consumer awareness.
Global cybersecurity is said to be ‘as strong as the weakest link’. Developing countries particularly in Africa have not sufficiently addressed cybersecurity issues. While some countries have initiated efforts to develop cybersecurity capabilities through the establishment of National CSIRTs/CERTs, the CERT-TCC in Tunisia is the only active national CERT in Africa (http://www.ansi.tn/en/about_cert-tcc.htm).
In establishing a National CERT/CSIRT…
- What structure could be adopted? - What services should be offered? - What elements could be considered to establish trust in this institution thereby encouraging organizations with critical information infrastructure (CII) such as government agencies, banks, educational institutions, water and power companies, etc, to share of cybersecurity incidents?
Kind regards
Mwende
*Disclaimer: Views expressed here (except those quoted or referenced) are the author’s own*
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke http://lists.kictanet.or.ke/mailman/listinfo/kictanet
This message was sent to: jwalu@yahoo.com Unsubscribe or change your options at http://lists.kictanet.or.ke/mailman/options/kictanet/jwalu%40yahoo.com
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke http://lists.kictanet.or.ke/mailman/listinfo/kictanet
This message was sent to: elizaslider@yahoo.com Unsubscribe or change your options at http://lists.kictanet.or.ke/mailman/options/kictanet/elizaslider%40yahoo.com
------------------------------------------------------------------------
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke http://lists.kictanet.or.ke/mailman/listinfo/kictanet
This message was sent to: michuki@swiftkenya.com Unsubscribe or change your options at http://lists.kictanet.or.ke/mailman/options/kictanet/michuki%40swiftkenya.co...
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke http://lists.kictanet.or.ke/mailman/listinfo/kictanet
This message was sent to: sam.gatere@gmail.com Unsubscribe or change your options at http://lists.kictanet.or.ke/mailman/options/kictanet/sam.gatere%40gmail.com
participants (9)
-
Barrack Otieno -
Catherine Adeya -
chuks Jonia -
John Walubengo -
Michuki Mwangi -
mwende njiraini -
Sam Gatere -
Solomon Mburu -
Victor Gathara