[kictanet] Fw: Police Website Hacking

Matunda Nyanchama mnyanchama at aganoconsulting.com
Wed Jan 19 23:12:02 EAT 2011 

Friends,

On the recent hacking of the Kenya Police website, here is what I posted on the 
Security  List <security at lists.my.co.ke>,although for some reason it hasn't 
shown up on the list.




----- Forwarded Message ----
From: Matunda Nyanchama <mnyanchama at aganoconsulting.com>
To: Security  List <security at lists.my.co.ke>
Sent: Wed, January 19, 2011 7:21:18 AM
Subject: Police Website Hacking


Friends,

I think this is a great opportunity for information protection professionals to 
step up and help government better protect its information assets. Remember: 
this government is much our own as it is of those that make decisions. Out here 
Canada, some people are pointing at me saying: what security professional can't 
step up to reduce the embarrassment and (possible) espionage when their 
government sites are hacked!

But conversation must a 2-way process and needs to happen us professionals and 
those in government.

We could help in this respect:

	* Do a current state assessment, including understanding what damage has been 
caused so far and what be happening "under the  hood". The hack is what became 
public. We don't know what else may be happening. I can bet that government 
servers are possibly on some international botnet rings where hackers (including 
spies - here is an example) may be collecting GoK information. The proposed 
assessment would look at everything from people to processes to technology and 
how these have been structured to protect government information assets.
	* Future state design: this is where the government security management would 
wish to be in the future
	* Gap analysis: what those gaps are and what are the priorities between current 
state and future state of security in government. My guess is that there are 
major gaps in skills (technical and management); technology may be there but is 
poorly deployed and managed (caring and feeding, e.g. monitoring, patching,  
etc.); processes may be poorly designed and implemented: ....
	* Roadmap to secure state: based on priorities we would design for them a 
master security plan to follow, including strategy, a proper security 
organization staffed with people with right skills and requisite mandate; 
technology infrastructure deployment and processes for managing things: people, 
processes and technology + associated accountabilities.

 I hope they take this offer, if they haven't started working on it already.

Over to you!

----------------------------------------------------------------------------------------------

Matunda Nyanchama, mnyanchama at aganoconsulting.com
Agano Consulting Inc.;  www.aganoconsulting.com
----------------------------------------------------------------------------------------------

“If you have an apple and I have an apple and we exchange these apples then you 
and I will still each have one apple. But if you have an idea and I have an idea 
and we exchange these ideas, then each of us will have two ideas.”- George 
Bernard Shaw 

-----------------------------------------------------------------------------------------------

This e-mail, including attachments, may be privileged and may contain 
confidential or proprietary information intended only for the addressee(s). Any 
other distribution, copying, use, or disclosure is unauthorized and strictly 
prohibited. If you have received this message in error, please notify the sender 
immediately by reply e-mail and permanently delete the message, including any 
attachments, without making a copy. Thank you.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.kictanet.or.ke/pipermail/kictanet/attachments/20110119/3e56c6a0/attachment.htm>

More information about the KICTANet mailing list