[kictanet] Kenya's new registry system
tyrus at icsit.jkuat.ac.ke
tyrus at icsit.jkuat.ac.ke
Wed Jun 11 13:06:49 EAT 2008
Wesley,
I totally agree with you on this point.
Its one thing to set up a system where you will have citizens access their
details and its another entirely different thing to ensure its security is
not compromised. Even as these guys come up with this revolutionary
system, am sure they have security in mind and even more importantly have
taken the necessary steps to ensuring that its not compromised. What I
always have qualms with as you are well aware of in skunkworks, is the
reluctance by the developers or system operators to provide room for
Independent Penetration Testing. Granted this is not a panacea for
hack-proofing the system but will make the system devoid of common
vulnerabilities like what we saw in the ipo website.
In America, identity theft has occurred even on their secure servers alike
but if you look at the frequency, its relatively low since tests are
carried out on the system very often and when loop holes are discovered
relevant authorities are informed.
Its a very novel idea the Government is pursuing but even as we speak
there are notable Govt bodies whose IT infrastructure's security is very
sketchy. If there was a dedicated body in the ICT Board to dedicatedly
look into security issues regarding IT growth and implementation, I guess
there would be standards set even when putting a very basic implementation
like a web-site.
Regards,
"fyodor"
More information about the KICTANet
mailing list