Re: [kictanet] IG Discussion 2009, Day 6 of 10
John, thanks a lot, for your moderation last week. Since you have thrown the challenge, I will take it up. As you can see, am still right up until now (0300Hrs) checking out the postings. Indeed I dove right into the cyber security discussion at the very onset of your discussion on the much anticipated under sea Fibre Cable, last week. Why so..? Having witnessed the exponential growth in the Information and Communications Technology sector in this country for the last over 10 years, especially from the advent of Internet and later the mobile technology, I believe in the next few months we stand at the doorstep of another very important milestone in this sector, that promises to revolutionize virtually all sectors of our economy - The Undersea optic Fibre. But, just as we stand to gain more on it's good side (benefits that cannot be enumerated), we need to prepare ourselves, and put properly co-ordinated measures in place to mitigate the challenges that will come with this connectivity - Cyber Security. I strongly believe with the landing of this cable - Service Providers, Government, Institutions, and other Data banks urgently need to work on their cyber security capacities that will take care of any imminent threats that are about to land, in hot pursuit. I will reproduce my last posting, just incase. However,it is important to emphasize that we will significantly open up our local 'cyber space' given the Super fast connectivity to the outside. While we stand to derive a lot of expanded cruising room on this Super highway at super speeds, blended threats, in the form of possible cyber based crimes including Network security breaches (hacking),identity thefts, Data Thefts, Denial of service (DOS)cyber attacks, cyber espionage activities and others will come hurtling along, albeit much faster this time. Simply put in another way - with the marine fibre in place, picture your typical smart hacker sitting across the room, with the capability to access your pc and data in a matter of less than 50 msec, and before you could spell H-A-C-K-E-R, he will be off with your valuable personal or organizational information if you are not secured. As I argued last week, presently our slower Internety connectivity to the outside via Satellite Technology, and our congested international bandwidth effectively frustrates many would be hackers and other cyber crime activities. By this, I mean our cyber security capacities have not been really challenged enough, and tested possibly to the limit, to enable us assess our capabilities - our strengths and weaknesses. So we could be enjoying some unparalleled peace now, but it might be shortlived. Having observed the local cyber space over a period of time now, I can safely conclude that we are yet to witness much locally generated cyber crime activity or the capacity to do so. It's for this very reason that we have to a expect with certainity an estimated 90% - 95 % of this cyber traffic to emanate from outside. With End user systems that are poorly secured, or not secured at all - this exposure is likely to spell a disaster-in-waiting, especially for the most sensitive of our institutions, and other organizations. As we continue to embrace technology, a number of our key national infrastructure and installations are already getting online, but could also pose a major target in a cyber attack intended to sabotage provision of badly needed services.Let's ensure proper inbuilt security, with an eye on any future challenges that need to be dealt with. The ministry under whose portfolio ICT lies, will be key in formulating policy & other security standards for all arms of government that need to be reviewed from time to time in order to keep up to the ever mutating challenges in this arena. Efforts geared towards establishing a national Cyberspace security strategy would be needed, and of course there is a wide array of expertise and talent in the private sector that could be drafted up to help with the establishment, enforcement and monitoring of compliance with the various Cyber Security standards and benchmarks. I'm sure, we are prepared are we to act. Are we...? Harry Delano, 2404207 Securing Networks ******************* -----Original Message----- From: kictanet-bounces+harry=inds.co.ke@lists.kictanet.or.ke [mailto:kictanet-bounces+harry=inds.co.ke@lists.kictanet.or.ke] On Behalf Of kictanet-request@lists.kictanet.or.ke Sent: Monday, May 04, 2009 9:52 PM To: Harry Delano Subject: kictanet Digest, Vol 24, Issue 9 Send kictanet mailing list submissions to kictanet@lists.kictanet.or.ke To subscribe or unsubscribe via the World Wide Web, visit http://lists.kictanet.or.ke/mailman/listinfo/kictanet or, via email, send a message with subject or body 'help' to kictanet-request@lists.kictanet.or.ke You can reach the person managing the list at kictanet-owner@lists.kictanet.or.ke When replying, please edit your Subject line so it is more specific than "Re: Contents of kictanet digest..." Today's Topics: 1. Re: IG Discussion 2009, Day 6 of 10-Security (John Walubengo) 2. Re: IG Discussion 2009, Day 6 of 10 (Evans Kahuthu) 3. Re: IG Discussion 2009, Day 6 of 10 (Judy Okite) ---------------------------------------------------------------------- Message: 1 Date: Mon, 4 May 2009 04:36:37 -0700 (PDT) From: John Walubengo <jwalu@yahoo.com> Subject: Re: [kictanet] IG Discussion 2009, Day 6 of 10-Security To: mwende njiraini <mwende.njiraini@gmail.com> Cc: KICTAnet ICT Policy Discussions <kictanet@lists.kictanet.or.ke> Message-ID: <512644.447.qm@web57805.mail.re3.yahoo.com> Content-Type: text/plain; charset=utf-8 mmhh, very quiet on the list...where are those guys Harry and Evans who had jumped onto security last week ;-): walu. --- On Mon, 5/4/09, mwende njiraini <mwende.njiraini@gmail.com> wrote:
From: mwende njiraini <mwende.njiraini@gmail.com> Subject: [kictanet] IG Discussion 2009, Day 6 of 10 To: jwalu@yahoo.com Cc: "KICTAnet ICT Policy Discussions" <kictanet@lists.kictanet.or.ke> Date: Monday, May 4, 2009, 9:59 AM Good morning,
The focus of our discussion this week is on cybersecurity and trust. We will seek to address privacy and data security issues.
Like many other Kenyans, we frequently register to use various online services provided by the government and businesses. The registration process requires that we provide personal information including physical, postal address, telephone numbers, credit card numbers, etc. The younger generation and the young-at-heart are readily sharing ?personally identifiable information? including photos and events through social networking sites including facebook, youtube, myspace, flickr, twitter, etc.
Personal information collected and made available in the public domain such as the electoral register, telephone directory can be combined with information for example from supermarkets loyalty cards to create valuable market information to track individual preferences and purchase profiles. This information may unfortunately be subject to abuse and theft. Consequently, ?trust? in policies and the security measures that the government and businesses establish to protect user information is therefore an essential element for the success of e-transactions (both e-government and e-commerce)
- How can we create a cyber security culture in Kenya? What is the role of the educators, peers and parents in digital literacy with respect to privacy and security? - Does the current legal environment provide for the protection of privacy on the internet? How can we establish a balance between security and right to privacy?
Looking forward to hearing from you.
Kind regards
Mwende
References
1. Protecting your Privacy on the Internet: http://privacy.gov.au/internet/internet_privacy/index.html#2
2. Privacy Policies: http://www.facebook.com/policy.php?ref=pf, http://twitter.com/privacy
3. Article 12 of the Universal Declaration of Human Rights : http://www.un.org/en/documents/udhr/index.shtml#a12
4. Office of the Privacy Commissioner of Canada: Protecting Your Privacy on the Internet: http://www.priv.gc.ca/fs-fi/02_05_d_13_e.cfm
5. Privacy illustrations: http://www.priv.gc.ca/information/illustrations/index_e.cfm
6. http://www.diplomacy.edu/ISL/IG/
*Disclaimer: Views expressed here are the author?s own* _______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke http://lists.kictanet.or.ke/mailman/listinfo/kictanet
This message was sent to: jwalu@yahoo.com Unsubscribe or change your options at http://lists.kictanet.or.ke/mailman/options/kictanet/jwalu%40yahoo.com
Good morning,
The focus of our discussion this week is on cybersecurity and trust. We will seek to address privacy and data security issues.
Like many other Kenyans, we frequently register to use various online services provided by the government and businesses. The registration process requires that we provide personal information including physical, postal address, telephone numbers, credit card numbers, etc. The younger generation and the young-at-heart are readily sharing ?personally identifiable information? including photos and events through social networking sites including facebook, youtube, myspace, flickr, twitter, etc.
Personal information collected and made available in the public domain such as the electoral register, telephone directory can be combined with information for example from supermarkets loyalty cards to create valuable market information to track individual preferences and
------------------------------ Message: 2 Date: Mon, 4 May 2009 08:53:30 -0700 From: Evans Kahuthu <ifani.kinos@gmail.com> Subject: Re: [kictanet] IG Discussion 2009, Day 6 of 10 To: mwende njiraini <mwende.njiraini@gmail.com> Cc: KICTAnet ICT Policy Discussions <kictanet@lists.kictanet.or.ke> Message-ID: <184bd1560905040853r4858aba4l752d280fdffeed87@mail.gmail.com> Content-Type: text/plain; charset="windows-1252" The purpose of Information Security/Cybersecurity is to protect an organizations's valuable resources, such as information, hardware and software. Through the selection and application of appropriate safeguards, Information Security helps the organization's mission by protectiing its physical and financial resources, reputation, legal position, employees, and other tangible and intangible assets. The issue of cybersecurity/Information security simply comes down to three things: 1) Confidentiality, 2) Integrity and Availability. Information Security management/cybersecurity entails the identification of an organisation's information assets and developemt, documentation, and implementation of policies, standards, procedures and guidelines, which ensure their Confidentiality, Integrity and Availability. Unfortunately, cybersecurity is sometimes viewed as hindering the mission of the organisation by impossing poorly selected bothersome rules and procedures on users, managers and systems. On the contrary, if well implemented, Cybersecurity rules and procedures can support the overall organisational mission. In the case of Kenya, the way to create a culture of cybersecurity is through management tools such as data classification, security awareness traininig, risk assesment and risk analysis in order to identify threats, classify assets, and rate their vulnerabilities so that effective security controls can be implemented. Regards, Evans On Sun, May 3, 2009 at 10:59 PM, mwende njiraini <mwende.njiraini@gmail.com>wrote: purchase profiles.
This information may unfortunately be subject to abuse and theft. Consequently, ?trust? in policies and the security measures that the government and businesses establish to protect user information is therefore an essential element for the success of e-transactions (both e-government and e-commerce)
- How can we create a cyber security culture in Kenya? What is the role of the educators, peers and parents in digital literacy with respect to privacy and security? - Does the current legal environment provide for the protection of privacy on the internet? How can we establish a balance between security and right to privacy?
Looking forward to hearing from you.
Kind regards
Mwende
References
1. Protecting your Privacy on the Internet: http://privacy.gov.au/internet/internet_privacy/index.html#2
2. Privacy Policies: http://www.facebook.com/policy.php?ref=pf, http://twitter.com/privacy
3. Article 12 of the Universal Declaration of Human Rights : http://www.un.org/en/documents/udhr/index.shtml#a12
4. Office of the Privacy Commissioner of Canada: Protecting Your Privacy on the Internet: http://www.priv.gc.ca/fs-fi/02_05_d_13_e.cfm
5. Privacy illustrations: http://www.priv.gc.ca/information/illustrations/index_e.cfm
6. http://www.diplomacy.edu/ISL/IG/
*Disclaimer: Views expressed here are the author?s own*
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke http://lists.kictanet.or.ke/mailman/listinfo/kictanet
This message was sent to: ifani.kinos@gmail.com Unsubscribe or change your options at http://lists.kictanet.or.ke/mailman/options/kictanet/ifani.kinos%40gma il.com
participants (1)
-
Harry Delano