[kictanet] Kenya IGF Online Discussions Day 2: Strengthening Data Security in the Context of Emerging Trends

Barrack Otieno otieno.barrack at gmail.com
Wed Jul 11 23:16:37 EAT 2018


Hi Grace,


Many thanks for this interesting discussion. I would like to look at
the subject from a slightly different angle, culture.

We need to be deliberate and intentional about building a culture of
security. Generally most Kenyan citizens frown at Security processes
and procedures and equate  them to harassment. Herein lies the
challenge.
Kenya is an active participant in ISO 27000 series Standards
Development and is a voting member of Sub committee 27 that deals with
Information Security Management Systems.
Tonnes of Standards are lying at the Kenya Bureau of Standards library
which are not bought by local sme's and enterprises. Every time is ask
some of them why they are not implementing the standards they say it
is too expensive and cumbersome to implement.  This standards can be
used to enhance our Information Systems Security culture.
The other challenge we have is that  is that only Health related
standards are mandatory any other standards including Information
Security Management System  standards are implemented on a voluntary
basis. It is very difficult to protect data under such an environment
since data resides within an information Eco-system.
I am also reliably informed that the ICT Authority has implemented
some Information Security Management System Standards and that it is
part of the performance contracting system for some government
officers. It would be great to have feedback on how effective the
implementation has been in light of data breaches that attributed to
the IFMIS system.

In conclusion, we have to build a culture of information security
management through an awareness campaign program and capacity building
as institutions such as KICTANet are doing.
Kenyan Companies should also strive to align their Information
Security Management Systems in accordance with International Standards
and or best practices such a ISO 27000 series. In fact as many as can
get certified should be certified the way the Communications Authority
has done.

Best Regards

On 7/11/18, Grace Bomu via kictanet <kictanet at lists.kictanet.or.ke> wrote:
> This is interesting. We have been conditioned to believe that more and more
> data is needed from us to usher us into the brave new world. And the use of
> good old maths to solve shiny new computing problems- We would be
> interested to hear more.... Thank you for this perspective
>
> Il mercoledì 11 luglio 2018, John Paul Karijo <johnpaulem at gmail.com> ha
> scritto:
>
>> I was in a multidisciplinary conference a few weeks ago and this
>> presenter
>> was working on a mathematical formula that would allow us to measure the
>> optimum level at which to give up privacy in order for meaningful use to
>> be
>> viable on the data that is accessed.
>>
>> A kind of a sweet spot where the data collected from users is sufficient
>> for analysis, for computation, for analytics... enough for A.I and
>> ubiquitous computing and yet not to the level where it is personally
>> identifiable or can be used for unwarranted or unsolicited or harmful
>> targeting.
>>
>> He is still working on this - I will go look up his name and share later
>> tomorrow.
>>
>> He said something interesting though - that coders didn't know how to do
>> this Math...and didn't consult mathematicians (speaking of needing each
>> other)
>>
>> My reservations though is that even if this did come to fruition in the
>> long run it would become similar to other mathematical formulae such as
>> the
>> one used to calculate speed limits on roads... which totally doesn't make
>> sense in this era... but which we still apply religiously.
>>
>> With kind regards
>>
>>
>> Jeipea
>>
>> Believe in yourself then you can change your world
>>
>> ____________________________________________
>> Skype: john.paul.em
>> Cell: +254735586956
>>
>>
>> On Wed, Jul 11, 2018 at 9:21 PM Grace Bomu via kictanet <
>> kictanet at lists.kictanet.or.ke> wrote:
>>
>>> @ Machuhi, Wahengas may need to be recalled to modify 'hakuna siri ya
>>> watu wawili' to the smartphone era.
>>>
>>> Il mercoledì 11 luglio 2018, Grace Bomu <nmutungu at gmail.com> ha scritto:
>>>
>>>> @John, while it is important to understand these distinctions, we
>>>> should
>>>> also be alive to the pervasiveness of data harvesting in every aspect
>>>> of
>>>> our lives. We ought therefore to see stakeholders beyond the
>>>> traditional
>>>> players such as techies, law enforcement and government.
>>>> @Muraya, Collins, thank you for the reality check examples.I n last
>>>> year's KIGF, a big debate during the fireside chat was whether privavcy
>>>> is
>>>> dead? The call to engage with the Data Protection Bill may be a first
>>>> step
>>>> in ensuring that those who collect data protect it. We shall heed it
>>>> @Mercy.
>>>>
>>>>
>>>> Il mercoledì 11 luglio 2018, K Machuhi via kictanet <
>>>> kictanet at lists.kictanet.or.ke> ha scritto:
>>>>
>>>>> Haha.. Muraya's 'steal' deserves its own thread. privacy is what you
>>>>> have never told your smartphone.
>>>>>
>>>>> On Wed, 11 Jul 2018, 19:41 S.M. Muraya via kictanet, <
>>>>> kictanet at lists.kictanet.or.ke> wrote:
>>>>>
>>>>>> Stolen >> "every app on your phone is allowed un-monitored access to
>>>>>> everything and that with your full consent.."
>>>>>>
>>>>>> On Wed, Jul 11, 2018 at 9:46 AM Admin CampusCiti via kictanet <
>>>>>> kictanet at lists.kictanet.or.ke> wrote:
>>>>>>
>>>>>>> Grace and all
>>>>>>>
>>>>>>> This is a pertinent issue in 2018. First let me address this in the
>>>>>>> context of Policy and Legislation.
>>>>>>>
>>>>>>> 1. In the absence of solid Policy and laws regarding Data Security
>>>>>>> we
>>>>>>> are really groping in the dark. I appreciate that there are various
>>>>>>> initiatives ongoing to remedy this situation. From a personal data
>>>>>>> security
>>>>>>> there’s always the issue of who is accessing my data - this needs to
>>>>>>> be
>>>>>>> viewed from a personal security angle i.e hackers, unauthorized use
>>>>>>> of data
>>>>>>> by corporates, unsolicited communication using data mining tools,
>>>>>>> government subpoenas etc.
>>>>>>>
>>>>>>> 2. From a Corporate perspective the above is relevant but from a
>>>>>>> body
>>>>>>> corporate perspective. This becomes more important considering the
>>>>>>> magnitude of data some corporates hold and the potential liabilities
>>>>>>> and
>>>>>>> losses that can arise through data breaches. For example it is
>>>>>>> alleged that
>>>>>>> Kenyan banks lost Kshs.30 billion in the last 3 years.
>>>>>>>
>>>>>>> https://www.standardmedia.co.ke/business/article/
>>>>>>> 2001232241/how-kenyan-banks-lost-sh30-billion-in-two-
>>>>>>> years-to-tech-savvy-criminals
>>>>>>>
>>>>>>> 3. From a government perspective it takes on a National Security
>>>>>>> perspective. As the proliferation of Cloud Computing becomes
>>>>>>> standard
>>>>>>> operating procedure for most organizations governments are starting
>>>>>>> to ask
>>>>>>> pertinent questions about control, access to data etc. One critical
>>>>>>> issue
>>>>>>> that is now a major block is the one about Data Sovereignty. In a
>>>>>>> nutshell
>>>>>>> the issues around Data Sovereignty can be encapsulated in one
>>>>>>> sentence.
>>>>>>>
>>>>>>> *Data sovereignty* comes into play when an organisation's *data* is
>>>>>>> stored outside of their country and is subject to the laws of the
>>>>>>> country
>>>>>>> in which the *data* resides. The main concern with *data sovereignty*
>>>>>>> is
>>>>>>> maintaining privacy regulations and keeping foreign countries from
>>>>>>> being
>>>>>>> able to subpoena *data*.
>>>>>>>
>>>>>>> Bottom line I’d urge us to expedite the building of both hard
>>>>>>> (roads,
>>>>>>> bridges, fiber etc) and soft (enabling policy, laws and regulations
>>>>>>> etc)
>>>>>>> infrastructure. Soft Infrastructure is not going in tandem with hard
>>>>>>> Infrastructure. Data Security is a key component of this. Without
>>>>>>> this in
>>>>>>> place we cannot expect Tier 4 Data Centre operators to even think
>>>>>>> about
>>>>>>> investing in Kenya.
>>>>>>>
>>>>>>> *Ali Hussein*
>>>>>>>
>>>>>>> +254 0713 601113
>>>>>>>
>>>>>>> Twitter: @AliHKassim
>>>>>>>
>>>>>>> Skype: abu-jomo
>>>>>>>
>>>>>>> LinkedIn: http://ke.linkedin.com/in/alihkassim
>>>>>>> <http://ke.linkedin.com/in/alihkassim>
>>>>>>>
>>>>>>> Blog: www.alyhussein.com
>>>>>>>
>>>>>>> "Discovery consists in seeing what everyone else has seen and
>>>>>>> thinking what no one else has thought".  ~ Albert Szent-Györgyi
>>>>>>>
>>>>>>> Sent from my iPad
>>>>>>>
>>>>>>> On 11 Jul 2018, at 7:52 AM, Grace Bomu via kictanet <
>>>>>>> kictanet at lists.kictanet.or.ke> wrote:
>>>>>>>
>>>>>>> Listers,
>>>>>>> Thank you to all who contributed to yesterday's topic. The thread is
>>>>>>> still open for those who may have further thoughts on content
>>>>>>> regulation.
>>>>>>> Welcome to Day 2 of online pre KIGF debates where out topic today is
>>>>>>> Strengthening
>>>>>>> Data Security in the Context of Emerging Trends. We shall look at
>>>>>>> cybersecurity in the context of data.
>>>>>>>
>>>>>>> Barely a few weeks ago, social media was awash with memes of Wazir
>>>>>>> Boniface Chacha, the young man alleged to have conned MPs after
>>>>>>> getting
>>>>>>> access to their phone data. Later when this was used as a
>>>>>>> justification in
>>>>>>> debates for the Cybercrime Act, some wondered whether the political
>>>>>>> process
>>>>>>> had used the  Chacha saga to justify the quick passage of a law
>>>>>>> creating
>>>>>>> offences.
>>>>>>>
>>>>>>> But beyond "small data" in our personal possession, many SMEs ,
>>>>>>> corporations, institutions, societies and other bodies are holding
>>>>>>> significant amounts of data.
>>>>>>> In this community, the wider issue of cyber security has been a
>>>>>>> recurring theme in KIGF. It is generally agreed that the best
>>>>>>> approach is a
>>>>>>> multi-pronged one that includes the law, good practices, effective
>>>>>>> mitigation and response to incidences at multiple levels, creation
>>>>>>> of
>>>>>>> awareness and technical solutions among others. Having gotten a new
>>>>>>> law in
>>>>>>> the form of the Cybercrimes Act, are we assured of data security?
>>>>>>> Are our existing mechanisms for mitigation and response to
>>>>>>> incidences
>>>>>>> adequate for emerging threats?
>>>>>>> Do we have positive cases or good practices to imitate?
>>>>>>> What challenges that remain and how can we address them?
>>>>>>>
>>>>>>> Welcome to the discussion.
>>>>>>>
>>>>>>> --
>>>>>>> Grace Mutung'u
>>>>>>> Skype: gracebomu
>>>>>>> @Bomu
>>>>>>> PGP ID : 0x33A3450F
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> kictanet mailing list
>>>>>>> kictanet at lists.kictanet.or.ke
>>>>>>> https://lists.kictanet.or.ke/mailman/listinfo/kictanet
>>>>>>> Twitter: http://twitter.com/kictanet
>>>>>>> Facebook: https://www.facebook.com/KICTANet/
>>>>>>> Domain Registration sponsored by www.eacdirectory.co.ke
>>>>>>>
>>>>>>> Unsubscribe or change your options at https://lists.kictanet.or.ke/
>>>>>>> mailman/options/kictanet/info%40campusciti.com
>>>>>>>
>>>>>>> The Kenya ICT Action Network (KICTANet) is a multi-stakeholder
>>>>>>> platform for people and institutions interested and involved in ICT
>>>>>>> policy
>>>>>>> and regulation. The network aims to act as a catalyst for reform in
>>>>>>> the ICT
>>>>>>> sector in support of the national aim of ICT enabled growth and
>>>>>>> development.
>>>>>>>
>>>>>>> KICTANetiquette : Adhere to the same standards of acceptable
>>>>>>> behaviors online that you follow in real life: respect people's times
>>>>>>> and
>>>>>>> bandwidth, share knowledge, don't flame or abuse or personalize,
>>>>>>> respect
>>>>>>> privacy, do not spam, do not market your wares or qualifications.
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> kictanet mailing list
>>>>>>> kictanet at lists.kictanet.or.ke
>>>>>>> https://lists.kictanet.or.ke/mailman/listinfo/kictanet
>>>>>>> Twitter: http://twitter.com/kictanet
>>>>>>> Facebook: https://www.facebook.com/KICTANet/
>>>>>>> Domain Registration sponsored by www.eacdirectory.co.ke
>>>>>>>
>>>>>>> Unsubscribe or change your options at https://lists.kictanet.or.ke/
>>>>>>> mailman/options/kictanet/murigi.muraya%40gmail.com
>>>>>>>
>>>>>>> The Kenya ICT Action Network (KICTANet) is a multi-stakeholder
>>>>>>> platform for people and institutions interested and involved in ICT
>>>>>>> policy
>>>>>>> and regulation. The network aims to act as a catalyst for reform in
>>>>>>> the ICT
>>>>>>> sector in support of the national aim of ICT enabled growth and
>>>>>>> development.
>>>>>>>
>>>>>>> KICTANetiquette : Adhere to the same standards of acceptable
>>>>>>> behaviors online that you follow in real life: respect people's times
>>>>>>> and
>>>>>>> bandwidth, share knowledge, don't flame or abuse or personalize,
>>>>>>> respect
>>>>>>> privacy, do not spam, do not market your wares or qualifications.
>>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> SMM
>>>>>>
>>>>>> *"Better a patient person than a warrior, one with self-control than
>>>>>> one who takes a city." Prov 16:32*
>>>>>> _______________________________________________
>>>>>> kictanet mailing list
>>>>>> kictanet at lists.kictanet.or.ke
>>>>>> https://lists.kictanet.or.ke/mailman/listinfo/kictanet
>>>>>> Twitter: http://twitter.com/kictanet
>>>>>> Facebook: https://www.facebook.com/KICTANet/
>>>>>> Domain Registration sponsored by www.eacdirectory.co.ke
>>>>>>
>>>>>> Unsubscribe or change your options at https://lists.kictanet.or.ke/
>>>>>> mailman/options/kictanet/kmachuhi%40gmail.com
>>>>>>
>>>>>> The Kenya ICT Action Network (KICTANet) is a multi-stakeholder
>>>>>> platform for people and institutions interested and involved in ICT
>>>>>> policy
>>>>>> and regulation. The network aims to act as a catalyst for reform in
>>>>>> the ICT
>>>>>> sector in support of the national aim of ICT enabled growth and
>>>>>> development.
>>>>>>
>>>>>> KICTANetiquette : Adhere to the same standards of acceptable
>>>>>> behaviors
>>>>>> online that you follow in real life: respect people's times and
>>>>>> bandwidth,
>>>>>> share knowledge, don't flame or abuse or personalize, respect privacy,
>>>>>> do
>>>>>> not spam, do not market your wares or qualifications.
>>>>>>
>>>>>
>>>>
>>>> --
>>>> Grace Mutung'u
>>>> Skype: gracebomu
>>>> @Bomu
>>>> PGP ID : 0x33A3450F
>>>>
>>>>
>>>>
>>>
>>> --
>>> Grace Mutung'u
>>> Skype: gracebomu
>>> @Bomu
>>> PGP ID : 0x33A3450F
>>>
>>>
>>> _______________________________________________
>>> kictanet mailing list
>>> kictanet at lists.kictanet.or.ke
>>> https://lists.kictanet.or.ke/mailman/listinfo/kictanet
>>> Twitter: http://twitter.com/kictanet
>>> Facebook: https://www.facebook.com/KICTANet/
>>> Domain Registration sponsored by www.eacdirectory.co.ke
>>>
>>> Unsubscribe or change your options at https://lists.kictanet.or.ke/
>>> mailman/options/kictanet/johnpaulem%40gmail.com
>>>
>>> The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform
>>> for people and institutions interested and involved in ICT policy and
>>> regulation. The network aims to act as a catalyst for reform in the ICT
>>> sector in support of the national aim of ICT enabled growth and
>>> development.
>>>
>>> KICTANetiquette : Adhere to the same standards of acceptable behaviors
>>> online that you follow in real life: respect people's times and
>>> bandwidth,
>>> share knowledge, don't flame or abuse or personalize, respect privacy,
>>> do
>>> not spam, do not market your wares or qualifications.
>>>
>>
>
> --
> Grace Mutung'u
> Skype: gracebomu
> @Bomu
> PGP ID : 0x33A3450F
>


-- 
Barrack O. Otieno
+254721325277
+254733206359
Skype: barrack.otieno
PGP ID: 0x2611D86A




More information about the KICTANet mailing list