[kictanet] IG Discussion 2009, Day 6 of 10

Harry Delano harry at inds.co.ke
Tue May 5 03:12:32 EAT 2009




John, thanks a lot, for your moderation last week.

Since you have thrown the challenge, I will take it up. As you can see, am
still right up until now (0300Hrs)
checking out the postings. Indeed I dove right into the cyber security
discussion at the very onset of your 
discussion on the much anticipated under sea Fibre Cable, last week. Why
so..?

Having witnessed the exponential growth in the Information and
Communications Technology sector in this 
country for the last over 10 years, especially from the advent of Internet
and later the mobile technology,
I believe in the next few months we stand at the doorstep of another very
important milestone in this sector,
that promises to revolutionize virtually all sectors of our economy - The
Undersea optic Fibre.

But, just as we stand to gain more on it's good side (benefits that cannot
be enumerated), we need to prepare
ourselves, and put properly co-ordinated measures in place to mitigate the
challenges that will come with this
connectivity -  Cyber Security.

I strongly believe with the landing of this cable - Service Providers,
Government, Institutions, and other Data
banks urgently need to work on their cyber security capacities that will
take care of any imminent threats that 
are about to land, in hot pursuit. I will reproduce my last posting, just
incase. However,it is important to 
emphasize that we will significantly open up our local 'cyber space' given
the Super fast connectivity to the 
outside. 

While we stand to derive a lot of expanded cruising room on this Super
highway at super speeds, blended threats,
in the form of possible cyber based crimes including Network security
breaches (hacking),identity thefts, Data
Thefts, Denial of service (DOS)cyber attacks, cyber espionage activities and
others will come hurtling along,
albeit much faster this time. Simply put in another way - with the marine
fibre in place, picture your typical 
smart hacker sitting across the room, with the capability to access your pc
and data in a matter of less than 
50 msec, and before you could spell H-A-C-K-E-R, he will be off with your
valuable personal or organizational 
information if you are not secured. As I argued last week, presently our
slower Internety connectivity to the 
outside via Satellite Technology, and our congested international bandwidth
effectively frustrates many would
be hackers and other cyber crime activities. By this, I mean our cyber
security capacities have not been really 
challenged enough, and tested possibly to the limit, to enable us assess our
capabilities - our strengths and 
weaknesses. So we could be enjoying some unparalleled peace now, but it
might be shortlived. 

Having observed the local cyber space over a period of time now, I can
safely conclude that we are yet to witness
much locally generated cyber crime activity or the capacity to do so. It's
for this very reason that we have to a
expect with certainity an estimated 90% - 95 % of this cyber traffic to
emanate from outside. With End user systems 
that are poorly secured, or not secured at all - this exposure is likely to
spell a disaster-in-waiting, especially 
for the most sensitive of our institutions, and other organizations.

As we continue to embrace technology, a number of our key national
infrastructure and installations are already 
getting online, but could also pose a major target in a cyber attack
intended to sabotage provision of badly needed services.Let's ensure proper
inbuilt security, with an eye on any future challenges that need to be dealt
with.

The ministry under whose portfolio ICT lies, will be key in formulating
policy & other security standards for all
arms of government that need to be reviewed from time to time in order to
keep up to the ever mutating challenges
in this arena. Efforts geared towards establishing a national Cyberspace
security strategy would be needed, and of 
course there is a wide array of expertise and talent in the private sector
that could be drafted up to help with the 
establishment, enforcement and monitoring of compliance with the various
Cyber Security standards and benchmarks.

I'm sure, we are prepared are we to act. Are we...?

Harry Delano,
2404207
Securing Networks
*******************

 

-----Original Message-----
From: kictanet-bounces+harry=inds.co.ke at lists.kictanet.or.ke
[mailto:kictanet-bounces+harry=inds.co.ke at lists.kictanet.or.ke] On Behalf Of
kictanet-request at lists.kictanet.or.ke
Sent: Monday, May 04, 2009 9:52 PM
To: Harry Delano
Subject: kictanet Digest, Vol 24, Issue 9

Send kictanet mailing list submissions to
	kictanet at lists.kictanet.or.ke

To subscribe or unsubscribe via the World Wide Web, visit
	http://lists.kictanet.or.ke/mailman/listinfo/kictanet
or, via email, send a message with subject or body 'help' to
	kictanet-request at lists.kictanet.or.ke

You can reach the person managing the list at
	kictanet-owner at lists.kictanet.or.ke

When replying, please edit your Subject line so it is more specific than
"Re: Contents of kictanet digest..."


Today's Topics:

   1. Re: IG Discussion 2009, Day 6 of 10-Security (John Walubengo)
   2. Re: IG Discussion 2009, Day 6 of 10 (Evans Kahuthu)
   3. Re: IG Discussion 2009, Day 6 of 10 (Judy Okite)


----------------------------------------------------------------------

Message: 1
Date: Mon, 4 May 2009 04:36:37 -0700 (PDT)
From: John Walubengo <jwalu at yahoo.com>
Subject: Re: [kictanet] IG Discussion 2009, Day 6 of 10-Security
To: mwende njiraini <mwende.njiraini at gmail.com>
Cc: KICTAnet ICT Policy Discussions <kictanet at lists.kictanet.or.ke>
Message-ID: <512644.447.qm at web57805.mail.re3.yahoo.com>
Content-Type: text/plain; charset=utf-8


mmhh,

very quiet on the list...where are those guys Harry and Evans who had jumped
onto security last week ;-):

walu.

--- On Mon, 5/4/09, mwende njiraini <mwende.njiraini at gmail.com> wrote:

> From: mwende njiraini <mwende.njiraini at gmail.com>
> Subject: [kictanet] IG Discussion 2009, Day 6 of 10
> To: jwalu at yahoo.com
> Cc: "KICTAnet ICT Policy Discussions" <kictanet at lists.kictanet.or.ke>
> Date: Monday, May 4, 2009, 9:59 AM
> Good morning,
> 
> 
> 
> The focus of our discussion this week is on cybersecurity and trust.  
> We will seek to address privacy and data security issues.
> 
> 
> 
> Like many other Kenyans, we frequently register to use various online 
> services provided by the government and businesses.  The registration 
> process requires that we provide personal information including 
> physical, postal address, telephone numbers, credit card numbers, etc.  
> The younger generation and the young-at-heart are readily sharing 
> ?personally identifiable information? including photos and events 
> through social networking sites including facebook, youtube, myspace, 
> flickr, twitter, etc.
> 
> 
> 
> Personal information collected and made available in the public domain 
> such as the electoral register, telephone directory can be combined 
> with information for example from  supermarkets loyalty cards to 
> create valuable market information  to  track individual preferences 
> and purchase profiles.
> This information may unfortunately be subject to abuse and theft.
>  Consequently, ?trust? in policies and the security measures that the 
> government and businesses establish to protect user information is 
> therefore an essential element for the success of e-transactions (both 
> e-government and e-commerce)
> 
> 
> 
>    - How can we create a cyber security culture in Kenya?
> What is the role
>    of the educators, peers and parents in digital literacy with 
> respect to
>    privacy and security?
>    - Does the current legal environment provide for the protection of
>    privacy on the internet?  How can we establish a balance between 
> security
>    and right to privacy?
> 
> Looking forward to hearing from you.
> 
> 
> 
> Kind regards
> 
> Mwende
> 
> 
> 
> References
> 
> 1.     Protecting your Privacy on the Internet:
> http://privacy.gov.au/internet/internet_privacy/index.html#2
> 
> 2.     Privacy Policies:
> http://www.facebook.com/policy.php?ref=pf,
> http://twitter.com/privacy
> 
> 3.     Article 12 of the Universal Declaration of Human
> Rights :
> http://www.un.org/en/documents/udhr/index.shtml#a12
> 
> 4.     Office of the Privacy Commissioner of Canada:
> Protecting Your Privacy
> on the Internet: 
> http://www.priv.gc.ca/fs-fi/02_05_d_13_e.cfm
> 
> 5.     Privacy illustrations:
> http://www.priv.gc.ca/information/illustrations/index_e.cfm
> 
> 6.     http://www.diplomacy.edu/ISL/IG/
> 
> 
> 
> *Disclaimer: Views expressed here are the author?s own* 
> _______________________________________________
> kictanet mailing list
> kictanet at lists.kictanet.or.ke
> http://lists.kictanet.or.ke/mailman/listinfo/kictanet
> 
> This message was sent to: jwalu at yahoo.com Unsubscribe or change your 
> options at 
> http://lists.kictanet.or.ke/mailman/options/kictanet/jwalu%40yahoo.com


      



------------------------------

Message: 2
Date: Mon, 4 May 2009 08:53:30 -0700
From: Evans Kahuthu <ifani.kinos at gmail.com>
Subject: Re: [kictanet] IG Discussion 2009, Day 6 of 10
To: mwende njiraini <mwende.njiraini at gmail.com>
Cc: KICTAnet ICT Policy Discussions <kictanet at lists.kictanet.or.ke>
Message-ID:
	<184bd1560905040853r4858aba4l752d280fdffeed87 at mail.gmail.com>
Content-Type: text/plain; charset="windows-1252"

The purpose of Information Security/Cybersecurity is to protect an
organizations's valuable resources, such as information, hardware and
software. Through the selection and application of appropriate safeguards,
Information Security helps the organization's mission by protectiing its
physical and financial resources, reputation, legal position, employees, and
other tangible and intangible assets.
The issue of cybersecurity/Information security simply comes down to three
things: 1) Confidentiality, 2) Integrity and Availability.
Information Security management/cybersecurity entails the identification of
an organisation's information assets and developemt, documentation, and
implementation of policies, standards, procedures and guidelines, which
ensure their Confidentiality, Integrity and Availability.
Unfortunately, cybersecurity is sometimes viewed as hindering the mission of
the organisation by impossing poorly selected bothersome rules and
procedures on users, managers and systems. On the contrary, if well
implemented, Cybersecurity rules and procedures can support the overall
organisational mission.
In the case of Kenya, the way to create a culture of cybersecurity is
through management tools such as data classification, security awareness
traininig, risk assesment and risk analysis in order to identify threats,
classify assets, and rate their vulnerabilities so that effective security
controls can be implemented.

Regards,
Evans


On Sun, May 3, 2009 at 10:59 PM, mwende njiraini
<mwende.njiraini at gmail.com>wrote:

> Good morning,
>
>
>
> The focus of our discussion this week is on cybersecurity and trust.  
> We will seek to address privacy and data security issues.
>
>
>
> Like many other Kenyans, we frequently register to use various online 
> services provided by the government and businesses.  The registration 
> process requires that we provide personal information including 
> physical, postal address, telephone numbers, credit card numbers, etc.  
> The younger generation and the young-at-heart are readily sharing 
> ?personally identifiable information? including photos and events 
> through social networking sites including facebook, youtube, myspace, 
> flickr, twitter, etc.
>
>
>
> Personal information collected and made available in the public domain 
> such as the electoral register, telephone directory can be combined 
> with information for example from  supermarkets loyalty cards to 
> create valuable market information  to  track individual preferences and
purchase profiles.
> This information may unfortunately be subject to abuse and theft.
>  Consequently, ?trust? in policies and the security measures that the 
> government and businesses establish to protect user information is 
> therefore an essential element for the success of e-transactions (both 
> e-government and e-commerce)
>
>
>
>    - How can we create a cyber security culture in Kenya? What is the role
>    of the educators, peers and parents in digital literacy with respect to
>    privacy and security?
>    - Does the current legal environment provide for the protection of
>    privacy on the internet?  How can we establish a balance between
security
>    and right to privacy?
>
> Looking forward to hearing from you.
>
>
>
> Kind regards
>
> Mwende
>
>
>
> References
>
> 1.     Protecting your Privacy on the Internet:
> http://privacy.gov.au/internet/internet_privacy/index.html#2
>
> 2.     Privacy Policies: http://www.facebook.com/policy.php?ref=pf,
> http://twitter.com/privacy
>
> 3.     Article 12 of the Universal Declaration of Human Rights :
> http://www.un.org/en/documents/udhr/index.shtml#a12
>
> 4.     Office of the Privacy Commissioner of Canada: Protecting Your
> Privacy on the Internet:  http://www.priv.gc.ca/fs-fi/02_05_d_13_e.cfm
>
> 5.     Privacy illustrations:
> http://www.priv.gc.ca/information/illustrations/index_e.cfm
>
> 6.     http://www.diplomacy.edu/ISL/IG/
>
>
>
> *Disclaimer: Views expressed here are the author?s own*
>
> _______________________________________________
> kictanet mailing list
> kictanet at lists.kictanet.or.ke
> http://lists.kictanet.or.ke/mailman/listinfo/kictanet
>
> This message was sent to: ifani.kinos at gmail.com Unsubscribe or change 
> your options at 
> http://lists.kictanet.or.ke/mailman/options/kictanet/ifani.kinos%40gma
> il.com
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.kictanet.or.ke/mailman/private/kictanet/attachments/20090504/1
0f17964/attachment-0001.html>

------------------------------

Message: 3
Date: Mon, 4 May 2009 21:57:58 +0300
From: Judy Okite <judyokite at gmail.com>
Subject: Re: [kictanet] IG Discussion 2009, Day 6 of 10
To: Evans Kahuthu <ifani.kinos at gmail.com>
Cc: KICTAnet ICT Policy Discussions <kictanet at lists.kictanet.or.ke>
Message-ID:
	<45098e8f0905041157v542c8450vab3ce4e6c499edbe at mail.gmail.com>
Content-Type: text/plain; charset=windows-1252

First- We need to create a culture of reading the terms and conditions....on
the websites.....that is always the first defense and that's why they have
it there.

on the other hand - Your personal information being out there,without your
consent...is another thing altogether!

Secondly- a lot of capacity building(lack of a better word) is needed...as
far as sharing personal information online is concerned....from as early as
introduction to internet ....whatever kind of information,that is online,
just make sure you will still be proud of it 10 years to come, this will
define you...whether its true or false....your have just created your online
profile!


Kind Regards,

On 5/4/09, Evans Kahuthu <ifani.kinos at gmail.com> wrote:
> The purpose of Information Security/Cybersecurity is to protect an 
> organizations's valuable resources, such as information, hardware and 
> software. Through the selection and application of appropriate 
> safeguards, Information Security helps the organization's mission by 
> protectiing its physical and financial resources, reputation, legal 
> position, employees, and other tangible and intangible assets.
> The issue of cybersecurity/Information security simply comes down to 
> three
> things: 1) Confidentiality, 2) Integrity and Availability.
> Information Security management/cybersecurity entails the 
> identification of an organisation's information assets and developemt, 
> documentation, and implementation of policies, standards, procedures 
> and guidelines, which ensure their Confidentiality, Integrity and
Availability.
> Unfortunately, cybersecurity is sometimes viewed as hindering the 
> mission of the organisation by impossing poorly selected bothersome 
> rules and procedures on users, managers and systems. On the contrary, 
> if well implemented, Cybersecurity rules and procedures can support 
> the overall organisational mission.
> In the case of Kenya, the way to create a culture of cybersecurity is 
> through management tools such as data classification, security 
> awareness traininig, risk assesment and risk analysis in order to 
> identify threats, classify assets, and rate their vulnerabilities so 
> that effective security controls can be implemented.
>
> Regards,
> Evans
>
>
> On Sun, May 3, 2009 at 10:59 PM, mwende njiraini
> <mwende.njiraini at gmail.com>wrote:
>
>> Good morning,
>>
>>
>>
>> The focus of our discussion this week is on cybersecurity and trust.  
>> We will seek to address privacy and data security issues.
>>
>>
>>
>> Like many other Kenyans, we frequently register to use various online 
>> services provided by the government and businesses.  The registration 
>> process requires that we provide personal information including 
>> physical, postal address, telephone numbers, credit card numbers, 
>> etc.  The younger generation and the young-at-heart are readily 
>> sharing ?personally identifiable information? including photos and 
>> events through social networking sites including facebook, youtube, 
>> myspace, flickr, twitter, etc.
>>
>>
>>
>> Personal information collected and made available in the public 
>> domain such as the electoral register, telephone directory can be 
>> combined with information for example from  supermarkets loyalty 
>> cards to create valuable market information  to  track individual 
>> preferences and purchase profiles.
>> This information may unfortunately be subject to abuse and theft.
>>  Consequently, ?trust? in policies and the security measures that the 
>> government and businesses establish to protect user information is 
>> therefore an essential element for the success of e-transactions 
>> (both e-government and e-commerce)
>>
>>
>>
>>    - How can we create a cyber security culture in Kenya? What is the
role
>>    of the educators, peers and parents in digital literacy with respect
to
>>    privacy and security?
>>    - Does the current legal environment provide for the protection of
>>    privacy on the internet?  How can we establish a balance between 
>> security
>>    and right to privacy?
>>
>> Looking forward to hearing from you.
>>
>>
>>
>> Kind regards
>>
>> Mwende
>>
>>
>>
>> References
>>
>> 1.     Protecting your Privacy on the Internet:
>> http://privacy.gov.au/internet/internet_privacy/index.html#2
>>
>> 2.     Privacy Policies: http://www.facebook.com/policy.php?ref=pf,
>> http://twitter.com/privacy
>>
>> 3.     Article 12 of the Universal Declaration of Human Rights :
>> http://www.un.org/en/documents/udhr/index.shtml#a12
>>
>> 4.     Office of the Privacy Commissioner of Canada: Protecting Your
>> Privacy on the Internet:  
>> http://www.priv.gc.ca/fs-fi/02_05_d_13_e.cfm
>>
>> 5.     Privacy illustrations:
>> http://www.priv.gc.ca/information/illustrations/index_e.cfm
>>
>> 6.     http://www.diplomacy.edu/ISL/IG/
>>
>>
>>
>> *Disclaimer: Views expressed here are the author?s own*
>>
>> _______________________________________________
>> kictanet mailing list
>> kictanet at lists.kictanet.or.ke
>> http://lists.kictanet.or.ke/mailman/listinfo/kictanet
>>
>> This message was sent to: ifani.kinos at gmail.com Unsubscribe or change 
>> your options at 
>> http://lists.kictanet.or.ke/mailman/options/kictanet/ifani.kinos%40gm
>> ail.com
>>
>>
>


--
"Each of us is great insofar as we perceive and act on the infinite
possibilities which lie undiscovered and unrecognized about us." James
Harvey Robinson



------------------------------

_______________________________________________
kictanet mailing list
kictanet at lists.kictanet.or.ke
http://lists.kictanet.or.ke/mailman/listinfo/kictanet


End of kictanet Digest, Vol 24, Issue 9
***************************************





More information about the KICTANet mailing list