[kictanet] How secure is our information in government offices?
Paul Roy
roykoikai at gmail.com
Tue Feb 22 11:01:52 EAT 2011
Hello,
Been watching keenly with grave concern our public
institutions falling victims of numerous security attacks. The defacement of
government
websites has just but opened the eyes of the general public as to how
insecure
our data and information within these offices are.
Unfortunately going beyond defacement of public websites,
there are untold stories of viruses, malware, rootkits, Trojans, data
breaches,
illegal and unauthorized access to information, intrusion, DoS attacks and
any
more going on.
Indeed a simple analysis has proven most government
computers and laptops do not have simple line of defense i.e. passwords. In
cases
where they are passwords, they are shared and are very simple to crack.
Further,
lack of Information Security policy hampers development of proper security
roadmap and strategy.
In areas where counter measures have been put in place, the
staff lack skills to maintain these systems, and in the long run are
incapable
of dealing with new emerging threats thus renders the counter measure
ineffective.
I believe this is due to lack of guidance from government
institutions tasked with providing either services or framework policy. Both
KICTB and Directorate of e-Government should work together to come up with a
quick solution to this persistent issue. As we look at this, it would be
good
to keep in mind that technology alone cannot solve all incidents related to
security.
We need to evaluate both people skills and processes in place. In regards to
people skills, it would be advisable to engage experienced consultants in
the
field of Information Security to work together with government to properly
skill them.
In conclusion I believe this country has some of the best
skills currently in the private sector, we need to take a lead role in
contributing our knowledge and skills towards improving security in our
public
sector institutions and Government in general.
Paul Roy Owino, CISSP, CISA, CISM, CEH, MCITP.
Technology Strategist, Microsoft Corp.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.kictanet.or.ke/pipermail/kictanet/attachments/20110222/c17bd99f/attachment.htm>
More information about the KICTANet
mailing list