[kictanet] Our Response to Systematic ICT Systems Failure at IEBC-just fix the laws/regulatory framework

Walubengo J jwalu at yahoo.com
Wed Mar 13 09:24:28 EAT 2013


Edith,

In Kenya there is NO explicit and compelling legal framework for auditing Information Systems. The  Kenya Comm. Act 2009 comes close but is too general and restricted to telcos. Furthermore the details of how  these telcos are supposed to maintain security and integrity of their Infor systems is correctly  left out since this does require and independent and substantive standolone  legislation that touches on the role of an IT savvy Judiciary, IT Savvy Prosecution, IT Savvy Investigators/Law Enforcement and IT Savvy Organisastional Requirments (e.g being compelled to do regular and report on IS Audits - more like we do for the Financial Audits). So that is the ecosystem/framework that needs to kick in to guarantee us some semblance of a secure information system landscape/knowledge industry.

Serious companies (mainly blue chip banking, insurance, telcos, etc) do Info System Audit either as best practice or as directed by their foreign Headquarters' legal requirements.  US/EU/Australia have specific laws compelling companies to annually do and report on their Information Systems Governance, Risks and Assurance.

In Kenya the closest we have come to having this framework is through the repeated and still continuing attempts to have the Data Protection Bill,  the Freedom of Information  Bill as well last years CCKs discussions on eCommerce Regulations in palce. In all these exercises ISACA-Kenya (www.isaca.or.ke) which is the local chapter for the international (www.isaca.org) that deals with Information Systems Governance, Risks and Assurance has been participating.  So my take going forward is just fix these laws and regulations and we can save ourselves the next election fiasco in 2017.

Your never having heard of them (ISACA-Kenya) is because "tunatenda bila kusema" (we do without saying :- ) just to rephrase the now famous slogan.

walu.

  



________________________________
 From: Edith Adera <eadera at idrc.ca>
To: Walubengo J <jwalu at yahoo.com> 
Cc: KICTAnet ICT Policy Discussions <kictanet at lists.kictanet.or.ke> 
Sent: Tuesday, March 12, 2013 9:53 PM
Subject: RE: [kictanet] Our Response to Systematic ICT Systems Failure at IEBC
 
Walu,

What is the legal and institutional framework for auditing such mega systems for public use? which is the standards body?

who would be responsible for carrying out such a public audit - afte action review?

Never heard of ISACA-Kenya?

Edith
________________________________________
From: kictanet [kictanet-bounces+eadera=idrc.ca at lists.kictanet.or.ke] on behalf of Walubengo J [jwalu at yahoo.com]
Sent: Tuesday, March 12, 2013 12:08 PM
To: Edith Adera
Cc: KICTAnet ICT Policy Discussions
Subject: Re: [kictanet] Our Response to Systematic ICT Systems Failure at       IEBC

+1,
@ Sam,
From your pitch,
>>...are we saying that nobody in this list bid for this system? nobody tried? ... doesn't that mean we are just talking ..... and talk is cheap.

am tempted to confess that indeed as a member of the ISACA-Kenya (the information system audit community) I did get an invite to make a bid to externally audit the election information system.  But guess what, the invite came on a Friday Feb 22nd and was due by that Monday 25th which incidentally was then just 1week to the voting/election day.  Assuming the eventual IS Auditor (whoever it was) did find issues that needed more than a week to fix?

My point which I have been singing all along, folks in Government and related type of organisations know what needs to be done, they just never get the complimentary and  necessary support in a timely manner.  So your post-mortem must go beyond the technical and begin to address the "organisational" context/issues.

walu.



________________________________
From: Sam Gichuru <gichuru at gmail.com>
To: jwalu at yahoo.com
Cc: KICTAnet ICT Policy Discussions <kictanet at lists.kictanet.or.ke>
Sent: Tuesday, March 12, 2013 6:45 PM
Subject: Re: [kictanet] Our Response to Systematic ICT Systems Failure at IEBC

Edith,

I am one of those who suggested a full Audit of the system but only after the elections and I am definitely looking forward to this weeks #140 Friday with Brian, I hear people involved will be available for candid discussions.

What I am seeing and I stand to be corrected is the spectator syndrome, when everything is ok and the international press highlight Kenya as a tech destination, Mpesa is praised, Ushahidi and startups with all our Mvitus, we celebrate, claim our team (#teamtech/ICT) is winning and write long blog posts and gazillion tweets etc

This only last as long as nothing goes wrong, but when it does, suddenly the conversation changes from "we" to "them", they have failed, they dint consult, they dint test, they... not us. This is what most football fans/Spectators do, they love their football team only when its winning, which basically makes one wonder are we players or are we fans of this game?

But to bring this home, we have a bigger problem, if this community started asking about the procurement process, the system architect and the companies that were selected to implement  the IEBC system only after it failed, we are not engaging enough, are we saying that nobody in this list bid for this system? nobody tried? ... doesn't that mean we are just talking ..... and talk is cheap.

I would like to challenge the community to engage more with an aim to problem solve, to tender and bid for local contracts, to build more open source solutions, to fundraise with an aim to seed fund startups, if we dont... we are going to be running around in circles and then move to Rwanda and guess what we will all say ..... they dint do xyz...


Let ask Ourselves ... who is they?


On Tue, Mar 12, 2013 at 4:35 PM, Edith Adera <eadera at idrc.ca<mailto:eadera at idrc.ca>> wrote:
Harry,

Not sure you were in Kenya or buried your head in the sand!

It’s a fact that the system did not work and IEBC had to revert to the manual system as reported by the Chair of the IEBC on TV.

We need to learn to tell the truth as a country and confront our issues. Someone suggested on this list, can’t remember who,  that as an ICT industry an audit should be carried out so we know what went wrong and learn for the future.

Why do we always turn to the easy targets….tribalism, partisan interests etc when hard questions are asked?

Edith

From: kictanet [mailto:kictanet-bounces+eadera<mailto:kictanet-bounces%2Beadera>=idrc.ca at lists.kictanet.or.ke<mailto:idrc.ca at lists.kictanet.or.ke>] On Behalf Of Harry Delano
Sent: March 12, 2013 3:22 PM
To: Edith Adera
Cc: KICTAnet ICT Policy Discussions
Subject: [kictanet] Our Response to Systematic ICT Systems Failure at IEBC


Aye..!

Could someone please aver what the furor was all about on this list when systems failed at IEBC last week. I thought it was so that
we could address systemic issues in that part of the election process..? Please someone correct me, but I seem to be settling on
this conclusion that we collectively only raise hue and cry when the system(s) are perceived to be working  against “us”, or not in
“our” interests – whichever side of divide each one of us sits. Once they serve ‘our’ interests, we quickly move on.. So where is
posterity in all this..? A pattern emerges where well calculated intellectual arguments everywhere nowadays, that  thinly  veil and
mask the real motives in us. We completely bury our heads in the ground and deny that we have deeply rooted issues that stem
from tribe, class etc and as a result,  we are caught up in this  vicious cycle that we cannot seem to free ourselves from and which
clouds our entire vision as a nation. Who will free us, if we do not take initiative ourselves..? How and when will we as a nation
confront this ‘monster’ head on, by first of all acknowledging it exists. Then moving to deal with it. Can this list be at the forefront
of it..?

If so,  let’s start now..

Harry

_______________________________________________
kictanet mailing list
kictanet at lists.kictanet.or.ke<mailto:kictanet at lists.kictanet.or.ke>
https://lists.kictanet.or.ke/mailman/listinfo/kictanet

Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/gichuru%40gmail.com

The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.

KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.



--
Warm Regards,
------------------------
Sam Gichuru


twitter: | @samgichuru<http://twitter.com/samgichuru>
Blog: |  www.samgichuru.com<http://www.samgichuru.com/>
Facebook: | Sam.g<http://sam.g/>ichuru<http://www.facebook.com/sam.gichuru>
Skype: Sam.gichuru
Cellphone: | +254-722-730565

Co-founder/ Director /Nailab Incubation
Location: | Nairobi
Website: | www.nailab.co.ke<http://www.nailab.co.ke/>
twitter: | @thenailab

_______________________________________________
kictanet mailing list
kictanet at lists.kictanet.or.ke<mailto:kictanet at lists.kictanet.or.ke>
https://lists.kictanet.or.ke/mailman/listinfo/kictanet

Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/jwalu%40yahoo.com

The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.

KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.kictanet.or.ke/pipermail/kictanet/attachments/20130312/ca9682f7/attachment.htm>


More information about the KICTANet mailing list