[kictanet] Kenya IGF 2011 Policy Discussions Day 5 Cyber Security and Privacy
Barrack Otieno
otieno.barrack at gmail.com
Tue Jul 5 22:41:52 EAT 2011
Thanks Ty, for the comprehensive response, you rightly mention the
fact that there are many strategies but execution is the problem, I
recently heard an interesting speech by his excellency the president
at the military academy in Lanet where he urged the academy to equip
itself against emerging threats through enhanced curricula , I
assumed emerging threats include Cybercrime, what is the role of
Universities and academic institutions in combating Cybercrime in view
of the recent collaborative efforts between KU, Egerton and our
uniformed forces?
On 7/5/11, ty <tyruskam at gmail.com> wrote:
> Barrack, See inline,
>
> On Tue, Jul 5, 2011 at 8:22 PM, Barrack Otieno
> <otieno.barrack at gmail.com>wrote:
>
>> Dear Listers,
>>
>> · With Cyber Security threats increasing at an alarming rate,
>> what strategies can we embrace as a nation to address and combat
>> the threats?
>>
>
> To start with, my biggest approach has been compliance. What do I mean? Some
> 3-4 years ago, we had a debate on Kictanet and Skunkworks as well about what
> measure companies and the Government should take to curb Cyberthreats which
> include but arent limited to Identity Theft, online and mobile money
> laundering, core infrastructure security etc etc. For starters, the biggest
> threat comes from none other than we humans. Any deployment carried out
> without a thoroughly thought out strategy will fail dismally in so many
> fronts.
> Personally I applaud the Govt for seeing the importance of having policies
> in place but my fear and worry has always been execution. The Kenya Police
> website hack is barely even the icing on the cake as to how far deep cyber
> crime can root itself. Even more sad is that in certain instances some
> corporate outfits boasting of offering Information Security awareness,
> assessments etc do a piecemeal job at it. This is akin to someone assessing
> your house and if he identifies that your door is the most vulnerable entry
> point and proceeds to recommend you to repaint your door!
>
> My opinion would be to raise awareness via such forums. Initially when
> skunkworks began, there was a very strong drive to hold talks over subjects
> such as this (I thank the mods for offering me an opportunity to present on
> one occasion). I would also encourage the Govt to see through the efforts in
> place to ensure that compliance and standards revolving around the fast
> growing world of IT are implemented and arent just white elephant projects.
>
> · What initiatives are needed to ensure there is sufficient
>> awareness and education on Cyber threats?
>>
> Lets take social networking as a case study. Most people hardly think twice
> when signing up or logging into any social network. The amount of
> information you give away is an all too familiar subject which most people
> either ignore or find too pedestrian to contemplate. Another front to think
> about it online/mobile transactions. Do you trust whoever you are providing
> your banking/credit card details? What level of compliance (ISO 27001/PCI
> DSS) are they adhering to? A third front is the latest boy in the yard,
> cloud computing. Do you feel safe relinquishing all your data to some cloud?
> Who else is accessing that cloud. Like I always say, Cyber crime is like a
> cancer, it slowly creeps and once manifested, the consequences are grave.
> Case in point, the recent Lulzsec saga and HB Gary's incident.
>
> On a technical level, I would advocate for Red Teaming (google is your
> friend) as a methodology to identify potential threats upto and including
> physical penetration etc. For those in security (CISA, CISSP, CEH etc etc
> etc), its time to stop with the mentality of "someone could break into
> this". go ahead and show your clients how horrible the world can be. If you
> are protecting against a static threat then security becomes a very easy
> task for anyone. But that's not the nature of things. We have dynamic
> threats which need continuous assessments, user training and awareness.
>
> I know the above goes against compliance. Saying you are compliant is
> equivalent to saying you have bread in your cupboard and claiming that no
> can break through into your house.
>
>
> Strictly my opinion and I welcome anyone else's
>
> -ty
>
>>
>>
>> the floor is open, feel free to continue commenting on previous threads.
>>
>> Best Regards
>> --
>> Barrack O. Otieno
>>
>> +254721325277
>> +254-20-2498789
>> Skype: barrack.otieno
>> _______________________________________________
>> Skunkworks mailing list
>> Skunkworks at lists.my.co.ke
>> http://orion.my.co.ke/cgi-bin/mailman/listinfo/skunkworks
>> ------------
>> Skunkworks Rules
>> http://my.co.ke/phpbb/viewtopic.php?f=24&t=94
>> ------------
>> Other services @ http://my.co.ke
>>
>
--
Sent from my mobile device
Barrack O. Otieno
Afriregister Ltd (Kenya)
www.afrire <http://www.afriregister.com>gister.bi,
www.afriregister.com<http://www.afriergister.com>
<http://www.afriregister.com>ICANN accredited registrar
+254721325277
+254-20-2498789
Skype: barrack.otieno
More information about the KICTANet
mailing list