[kictanet] IG Discussion 2009, Day 6 of 10

mwende njiraini mwende.njiraini at gmail.com
Tue May 5 02:38:45 EAT 2009


Oops…in my previous email the right word should be ‘social re-engineering’
rather than ‘social engineering’.



Social engineering is “a term that describes a non-technical kind of
intrusion that relies heavily on human interaction and often involves
tricking other people to break normal security procedures”

or

“the act of manipulating people or exploiting people's weaknesses to gain
unauthorized access to secure information, assets, or facilities”



Social re-engineering is “the act of ensuring that the people-aspect of the
information security spectrum is well taken-cared of”.



Kind regards

Mwende



References

http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci531120,00.html



http://www.harriskern.com/index.php?m=p&pid=377&aid=64**

*Disclaimer: Views expressed here are the author’s own*

On Tue, May 5, 2009 at 1:42 AM, mwende njiraini
<mwende.njiraini at gmail.com>wrote:

> Thank you, Evans and Judy for your contributions to today’s discussion.
>
> Privacy is usually not a concern until one encounters an infringement.
>
> For example theft and misuse of personal information held the government,
> your bank, school, employer, local supermarket, etc may result in irritating
> phone calls/emails from a telemarketing agents who have gained access to
> your shopping patterns through loyalty cards or a surprise phone call from a
> long lost friend who has just seen your photo in an online version of
> ‘fashion police’J!
>
>
> Unfortunately, most citizens do not have the time or money to start legal
> proceedings in this regard.  Consequently, ‘social engineering’ has been
> proposed as the best method to overcome the challenges associated with
> infringement of privacy.  This involves exercising your right to opt-in or
> out, carefully reading privacy policies and end user agreements.
>
> Further discussion on this topic is most welcome!
>
> Kind regards
> Mwende
>
>
> *Disclaimer: Views expressed here are the author’s own*
>
>
>   On Mon, May 4, 2009 at 9:57 PM, Judy Okite <judyokite at gmail.com> wrote:
>
>> First- We need to create a culture of reading the terms and
>> conditions....on the websites.....that is always the first defense and
>> that's why they have it there.
>>
>> on the other hand - Your personal information being out there,without
>> your consent...is another thing altogether!
>>
>> Secondly- a lot of capacity building(lack of a better word) is
>> needed...as far as sharing personal information online is
>> concerned....from as early as introduction to internet ....whatever
>> kind of information,that is online, just make sure you will still be
>> proud of it 10 years to come, this will define you...whether its true
>> or false....your have just created your online profile!
>>
>>
>> Kind Regards,
>>
>> On 5/4/09, Evans Kahuthu <ifani.kinos at gmail.com> wrote:
>> > The purpose of Information Security/Cybersecurity is to protect an
>> > organizations's valuable resources, such as information, hardware and
>> > software. Through the selection and application of appropriate
>> safeguards,
>> > Information Security helps the organization's mission by protectiing its
>> > physical and financial resources, reputation, legal position, employees,
>> and
>> > other tangible and intangible assets.
>> > The issue of cybersecurity/Information security simply comes down to
>> three
>> > things: 1) Confidentiality, 2) Integrity and Availability.
>> > Information Security management/cybersecurity entails the identification
>> of
>> > an organisation's information assets and developemt, documentation, and
>> > implementation of policies, standards, procedures and guidelines, which
>> > ensure their Confidentiality, Integrity and Availability.
>> > Unfortunately, cybersecurity is sometimes viewed as hindering the
>> mission of
>> > the organisation by impossing poorly selected bothersome rules and
>> > procedures on users, managers and systems. On the contrary, if well
>> > implemented, Cybersecurity rules and procedures can support the overall
>> > organisational mission.
>> > In the case of Kenya, the way to create a culture of cybersecurity is
>> > through management tools such as data classification, security awareness
>> > traininig, risk assesment and risk analysis in order to identify
>> threats,
>> > classify assets, and rate their vulnerabilities so that effective
>> security
>> > controls can be implemented.
>> >
>> > Regards,
>> > Evans
>> >
>> >
>> > On Sun, May 3, 2009 at 10:59 PM, mwende njiraini
>> > <mwende.njiraini at gmail.com>wrote:
>> >
>> >> Good morning,
>> >>
>> >>
>> >>
>> >> The focus of our discussion this week is on cybersecurity and trust.
>>  We
>> >> will seek to address privacy and data security issues.
>> >>
>> >>
>> >>
>> >> Like many other Kenyans, we frequently register to use various online
>> >> services provided by the government and businesses.  The registration
>> >> process requires that we provide personal information including
>> physical,
>> >> postal address, telephone numbers, credit card numbers, etc.  The
>> younger
>> >> generation and the young-at-heart are readily sharing “personally
>> >> identifiable information” including photos and events through social
>> >> networking sites including facebook, youtube, myspace, flickr, twitter,
>> >> etc.
>> >>
>> >>
>> >>
>> >> Personal information collected and made available in the public domain
>> >> such
>> >> as the electoral register, telephone directory can be combined with
>> >> information for example from  supermarkets loyalty cards to create
>> >> valuable
>> >> market information  to  track individual preferences and purchase
>> >> profiles.
>> >> This information may unfortunately be subject to abuse and theft.
>> >>  Consequently, ‘trust’ in policies and the security measures that the
>> >> government and businesses establish to protect user information is
>> >> therefore
>> >> an essential element for the success of e-transactions (both
>> e-government
>> >> and e-commerce)
>> >>
>> >>
>> >>
>> >>    - How can we create a cyber security culture in Kenya? What is the
>> role
>> >>    of the educators, peers and parents in digital literacy with respect
>> to
>> >>    privacy and security?
>> >>    - Does the current legal environment provide for the protection of
>> >>    privacy on the internet?  How can we establish a balance between
>> >> security
>> >>    and right to privacy?
>> >>
>> >> Looking forward to hearing from you.
>> >>
>> >>
>> >>
>> >> Kind regards
>> >>
>> >> Mwende
>> >>
>> >>
>> >>
>> >> References
>> >>
>> >> 1.     Protecting your Privacy on the Internet:
>> >> http://privacy.gov.au/internet/internet_privacy/index.html#2
>> >>
>> >> 2.     Privacy Policies: http://www.facebook.com/policy.php?ref=pf,
>> >> http://twitter.com/privacy
>> >>
>> >> 3.     Article 12 of the Universal Declaration of Human Rights :
>> >> http://www.un.org/en/documents/udhr/index.shtml#a12
>> >>
>> >> 4.     Office of the Privacy Commissioner of Canada: Protecting Your
>> >> Privacy on the Internet:  http://www.priv.gc.ca/fs-fi/02_05_d_13_e.cfm
>> >>
>> >> 5.     Privacy illustrations:
>> >> http://www.priv.gc.ca/information/illustrations/index_e.cfm
>> >>
>> >> 6.     http://www.diplomacy.edu/ISL/IG/
>> >>
>> >>
>> >>
>> >> *Disclaimer: Views expressed here are the author’s own*
>> >>
>> >> _______________________________________________
>> >> kictanet mailing list
>> >> kictanet at lists.kictanet.or.ke
>> >> http://lists.kictanet.or.ke/mailman/listinfo/kictanet
>> >>
>> >> This message was sent to: ifani.kinos at gmail.com
>> >> Unsubscribe or change your options at
>> >>
>> http://lists.kictanet.or.ke/mailman/options/kictanet/ifani.kinos%40gmail.com
>> >>
>> >>
>> >
>>
>>
>> --
>> "Each of us is great insofar as we perceive and act on the infinite
>> possibilities which lie undiscovered and unrecognized about us." James
>> Harvey Robinson
>>
>> _______________________________________________
>> kictanet mailing list
>> kictanet at lists.kictanet.or.ke
>> http://lists.kictanet.or.ke/mailman/listinfo/kictanet
>>
>> This message was sent to: mwende.njiraini at gmail.com
>> Unsubscribe or change your options at
>> http://lists.kictanet.or.ke/mailman/options/kictanet/mwende.njiraini%40gmail.com
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.kictanet.or.ke/pipermail/kictanet/attachments/20090505/a64d0d3c/attachment.htm>


More information about the KICTANet mailing list