[kictanet] EAIGF, Cyber Security and Kenya CIRT-CC

John Kariuki ngethe.kariuki2007 at yahoo.co.uk
Tue Jul 17 19:43:57 EAT 2012


Evans, Listers,
I would suggest that we separate Data Protection legislation from Cybersecurity matters.Both are important but the purposes and concepts are different.
Regarding the point raised by Brian, UK is  already planning to establish a Cyber Crime Unit as a part of their new National Crime Agency. You may also wish to see "Feasibility Report for a European Cybercrime Centre: Final Report" which is available online.
 
Thanks,
 
John Kariuki
From: Evans Ikua ikua.evans at gmail.com
To: ngethe.kariuki2007 at yahoo.co.uk 
Cc: KICTAnet ICT Policy Discussions <kictanet at lists.kictanet.or.ke> 
Sent: Tuesday, 17 July 2012, 18:21
Subject: [kictanet] EAIGF, Cyber Security and Kenya CIRT-CC


At the ongoing EA IGF at Jacaranda Hotel, Brian Longwe pointed out an important issue that relates to Cyber security. He pointed out that there needs to be a sort of a "cyber security police" kind of organization that enforces cyber security among users, knowing that users are the biggest point of weakness when it comes to information security. He is right on. But looking at it from another perspective, knowing that users include or belong to organizations, its important to point out that what Brian was referring to is called Compliance. But one may ask, compliance to what, and who is there to enforce the compliance across the board?

One question I always ask participants in our information security trainings is how well they have secured their networks. Very few people are able to answer this question in a satisfactory manner. The thing is, when you secure your information assets, what benchmark do you use, and how can you tell how well you are doing based on that benchmark? Thats called capability maturity.

To tie my argument, what is required is a framework that lays down the enforcement of information security within organizations in particular industries, and even down to individuals. Call it data protection, and bring in the issue of the data protection legislation that is being worked on. From my point of view, this data protection bill lacks in depth in specifying this framework which can be used across the industry by all, be it in the private sector or public sector. If we were to compare this to the SOX Act or HIPAA, we will find that ours is quite shallow and still needs a lot of depth so that it can effectively provide this "policing" framework.

Touching on what CCK informed regarding the CIRT-CC, I realized that there is no adequate representation there from the private sector, apart from TESPOK which is made up infrastructure owners. It would be good to include professional bodies like ISACA as they do have excellent skills that they can contribute on a policy level. Another important body missing in action is the Kenya Bureau of Standards, which is involved on an international level in making the actual standards that are relied on for information security.

These are just the comments that I would have made there but the time was very limited so I hope those responsible can take note.

-- 
----------------------------------------------------
Kind Regards,
Evans Ikua,
lanetconsulting.com,
lpi-eastafrica.org,
ict-innovation.fossfa.net,
Skype: @ikuae
Cell: +254-722-955831


_______________________________________________
kictanet mailing list
kictanet at lists.kictanet.or.ke
https://lists.kictanet.or.ke/mailman/listinfo/kictanet

Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/ngethe.kariuki2007%40yahoo.co.uk

The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.

KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.kictanet.or.ke/pipermail/kictanet/attachments/20120717/cbebc5d2/attachment.htm>


More information about the KICTANet mailing list