[kictanet] IG Discussion 2009, Day 6 of 10

mwende njiraini mwende.njiraini at gmail.com
Wed May 6 02:17:46 EAT 2009 

Thank you Evans for this contribution.

Organizations may wish to consider seeking Information Security Management
System (ISMS) ISO/IEC 27001 certification which includes the following
elements:

   1. Security Objectives
   2. Information Security Policy
   3. Security Organization
   4. Asset Classification and Control
   5. Personnel Security
   6. Physical and Environmental Security
   7. Computer, S/W, Data, Operation, and Network Security
   8. System Access Control
   9. Systems Development and Maintenance
   10. Business Continuity Planning
   11. Compliance



Reference: http://www.iso.org/iso/catalogue_detail?csnumber=42103



Kind regards

Mwende



*Disclaimer: Views expressed here are the author’s own*


On Mon, May 4, 2009 at 6:53 PM, Evans Kahuthu <ifani.kinos at gmail.com> wrote:

> The purpose of Information Security/Cybersecurity is to protect an
> organizations's valuable resources, such as information, hardware and
> software. Through the selection and application of appropriate safeguards,
> Information Security helps the organization's mission by protectiing its
> physical and financial resources, reputation, legal position, employees, and
> other tangible and intangible assets.
> The issue of cybersecurity/Information security simply comes down to three
> things: 1) Confidentiality, 2) Integrity and Availability.
> Information Security management/cybersecurity entails the identification of
> an organisation's information assets and developemt, documentation, and
> implementation of policies, standards, procedures and guidelines, which
> ensure their Confidentiality, Integrity and Availability.
> Unfortunately, cybersecurity is sometimes viewed as hindering the mission
> of the organisation by impossing poorly selected bothersome rules and
> procedures on users, managers and systems. On the contrary, if well
> implemented, Cybersecurity rules and procedures can support the overall
> organisational mission.
> In the case of Kenya, the way to create a culture of cybersecurity is
> through management tools such as data classification, security awareness
> traininig, risk assesment and risk analysis in order to identify threats,
> classify assets, and rate their vulnerabilities so that effective security
> controls can be implemented.
>
> Regards,
> Evans
>
>
>   On Sun, May 3, 2009 at 10:59 PM, mwende njiraini <
> mwende.njiraini at gmail.com> wrote:
>
>>   Good morning,
>>
>>
>>
>> The focus of our discussion this week is on cybersecurity and trust.  We
>> will seek to address privacy and data security issues.
>>
>>
>>
>> Like many other Kenyans, we frequently register to use various online
>> services provided by the government and businesses.  The registration
>> process requires that we provide personal information including physical,
>> postal address, telephone numbers, credit card numbers, etc.  The younger
>> generation and the young-at-heart are readily sharing “personally
>> identifiable information” including photos and events through social
>> networking sites including facebook, youtube, myspace, flickr, twitter,
>> etc.
>>
>>
>>
>> Personal information collected and made available in the public domain
>> such as the electoral register, telephone directory can be combined with
>> information for example from  supermarkets loyalty cards to create valuable
>> market information  to  track individual preferences and purchase profiles.
>> This information may unfortunately be subject to abuse and theft.
>>  Consequently, ‘trust’ in policies and the security measures that the
>> government and businesses establish to protect user information is therefore
>> an essential element for the success of e-transactions (both e-government
>> and e-commerce)
>>
>>
>>
>>    - How can we create a cyber security culture in Kenya? What is the
>>    role of the educators, peers and parents in digital literacy with respect to
>>    privacy and security?
>>    - Does the current legal environment provide for the protection of
>>    privacy on the internet?  How can we establish a balance between security
>>    and right to privacy?
>>
>> Looking forward to hearing from you.
>>
>>
>>
>> Kind regards
>>
>> Mwende
>>
>>
>>
>> References
>>
>> 1.     Protecting your Privacy on the Internet:
>> http://privacy.gov.au/internet/internet_privacy/index.html#2
>>
>> 2.     Privacy Policies: http://www.facebook.com/policy.php?ref=pf,
>> http://twitter.com/privacy
>>
>> 3.     Article 12 of the Universal Declaration of Human Rights :
>> http://www.un.org/en/documents/udhr/index.shtml#a12
>>
>> 4.     Office of the Privacy Commissioner of Canada: Protecting Your
>> Privacy on the Internet:  http://www.priv.gc.ca/fs-fi/02_05_d_13_e.cfm
>>
>> 5.     Privacy illustrations:
>> http://www.priv.gc.ca/information/illustrations/index_e.cfm
>>
>> 6.     http://www.diplomacy.edu/ISL/IG/
>>
>>
>>
>> *Disclaimer: Views expressed here are the author’s own*
>>
>> _______________________________________________
>> kictanet mailing list
>> kictanet at lists.kictanet.or.ke
>> http://lists.kictanet.or.ke/mailman/listinfo/kictanet
>>
>> This message was sent to: ifani.kinos at gmail.com
>> Unsubscribe or change your options at
>> http://lists.kictanet.or.ke/mailman/options/kictanet/ifani.kinos%40gmail.com
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.kictanet.or.ke/pipermail/kictanet/attachments/20090506/f28abe11/attachment.htm>

More information about the KICTANet mailing list