How secure is our information in government offices?
Hello, Been watching keenly with grave concern our public institutions falling victims of numerous security attacks. The defacement of government websites has just but opened the eyes of the general public as to how insecure our data and information within these offices are. Unfortunately going beyond defacement of public websites, there are untold stories of viruses, malware, rootkits, Trojans, data breaches, illegal and unauthorized access to information, intrusion, DoS attacks and any more going on. Indeed a simple analysis has proven most government computers and laptops do not have simple line of defense i.e. passwords. In cases where they are passwords, they are shared and are very simple to crack. Further, lack of Information Security policy hampers development of proper security roadmap and strategy. In areas where counter measures have been put in place, the staff lack skills to maintain these systems, and in the long run are incapable of dealing with new emerging threats thus renders the counter measure ineffective. I believe this is due to lack of guidance from government institutions tasked with providing either services or framework policy. Both KICTB and Directorate of e-Government should work together to come up with a quick solution to this persistent issue. As we look at this, it would be good to keep in mind that technology alone cannot solve all incidents related to security. We need to evaluate both people skills and processes in place. In regards to people skills, it would be advisable to engage experienced consultants in the field of Information Security to work together with government to properly skill them. In conclusion I believe this country has some of the best skills currently in the private sector, we need to take a lead role in contributing our knowledge and skills towards improving security in our public sector institutions and Government in general. Paul Roy Owino, CISSP, CISA, CISM, CEH, MCITP. Technology Strategist, Microsoft Corp.
P. R Owino, The other issue of concern is the rise in the number of foreign governments and agencies literally falling over each other competing to donate computers to state institutions. Can someone stop this? Kipkemoi arap Kirui On 22 February 2011 11:01, Paul Roy <roykoikai@gmail.com> wrote:
Hello,
Been watching keenly with grave concern our public institutions falling victims of numerous security attacks. The defacement of government websites has just but opened the eyes of the general public as to how insecure our data and information within these offices are.
Unfortunately going beyond defacement of public websites, there are untold stories of viruses, malware, rootkits, Trojans, data breaches, illegal and unauthorized access to information, intrusion, DoS attacks and any more going on.
Indeed a simple analysis has proven most government computers and laptops do not have simple line of defense i.e. passwords. In cases where they are passwords, they are shared and are very simple to crack. Further, lack of Information Security policy hampers development of proper security roadmap and strategy.
In areas where counter measures have been put in place, the staff lack skills to maintain these systems, and in the long run are incapable of dealing with new emerging threats thus renders the counter measure ineffective.
I believe this is due to lack of guidance from government institutions tasked with providing either services or framework policy. Both KICTB and Directorate of e-Government should work together to come up with a quick solution to this persistent issue. As we look at this, it would be good to keep in mind that technology alone cannot solve all incidents related to security. We need to evaluate both people skills and processes in place. In regards to people skills, it would be advisable to engage experienced consultants in the field of Information Security to work together with government to properly skill them.
In conclusion I believe this country has some of the best skills currently in the private sector, we need to take a lead role in contributing our knowledge and skills towards improving security in our public sector institutions and Government in general.
Paul Roy Owino, CISSP, CISA, CISM, CEH, MCITP.
Technology Strategist, Microsoft Corp.
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke http://lists.kictanet.or.ke/mailman/listinfo/kictanet
This message was sent to: arapkirui@gmail.com Unsubscribe or change your options at http://lists.kictanet.or.ke/mailman/options/kictanet/arapkirui%40gmail.com
Well, Security is relative and it is a cultural issue, real government information is still in documents which have not yet been digitized i am sure the much you can fish out is Solitaire, nonetheless this is a wake up call. FYI Paul i think we have a CERT in Kenya (Computer emergency Response Team), what is not clear is how Kenyan like you who are sufficiently philanthrophic can participate in its activities, you have a valid point though. Best Regards On Tue, Feb 22, 2011 at 11:34 AM, Kipkemoi arap Kirui <arapkirui@gmail.com>wrote:
P. R Owino,
The other issue of concern is the rise in the number of foreign governments and agencies literally falling over each other competing to donate computers to state institutions. Can someone stop this?
Kipkemoi arap Kirui
On 22 February 2011 11:01, Paul Roy <roykoikai@gmail.com> wrote:
Hello,
Been watching keenly with grave concern our public institutions falling victims of numerous security attacks. The defacement of government websites has just but opened the eyes of the general public as to how insecure our data and information within these offices are.
Unfortunately going beyond defacement of public websites, there are untold stories of viruses, malware, rootkits, Trojans, data breaches, illegal and unauthorized access to information, intrusion, DoS attacks and any more going on.
Indeed a simple analysis has proven most government computers and laptops do not have simple line of defense i.e. passwords. In cases where they are passwords, they are shared and are very simple to crack. Further, lack of Information Security policy hampers development of proper security roadmap and strategy.
In areas where counter measures have been put in place, the staff lack skills to maintain these systems, and in the long run are incapable of dealing with new emerging threats thus renders the counter measure ineffective.
I believe this is due to lack of guidance from government institutions tasked with providing either services or framework policy. Both KICTB and Directorate of e-Government should work together to come up with a quick solution to this persistent issue. As we look at this, it would be good to keep in mind that technology alone cannot solve all incidents related to security. We need to evaluate both people skills and processes in place. In regards to people skills, it would be advisable to engage experienced consultants in the field of Information Security to work together with government to properly skill them.
In conclusion I believe this country has some of the best skills currently in the private sector, we need to take a lead role in contributing our knowledge and skills towards improving security in our public sector institutions and Government in general.
Paul Roy Owino, CISSP, CISA, CISM, CEH, MCITP.
Technology Strategist, Microsoft Corp.
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke http://lists.kictanet.or.ke/mailman/listinfo/kictanet
This message was sent to: arapkirui@gmail.com Unsubscribe or change your options at http://lists.kictanet.or.ke/mailman/options/kictanet/arapkirui%40gmail.com
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke http://lists.kictanet.or.ke/mailman/listinfo/kictanet
This message was sent to: otieno.barrack@gmail.com Unsubscribe or change your options at http://lists.kictanet.or.ke/mailman/options/kictanet/otieno.barrack%40gmail....
-- Barrack O. Otieno Afriregister Ltd (Kenya) www.afrire <http://www.afriregister.com>gister.bi, www.afriregister.com<http://www.afriergister.com> <http://www.afriregister.com>ICANN accredited registrar +254721325277 +254-20-2498789 Skype: barrack.otieno
participants (3)
-
Barrack Otieno -
Kipkemoi arap Kirui -
Paul Roy