Wesley,<br>You are very right. The problem is even deeper than stated by the article. In my view, it should be seen in three perspectives:<br>1. Information Security<br>2. Cybersecurity<br>3. Critical Information Infrastructure Protection<br><br>Each of those areas require very extensive actions if we as a country and the users are to gain confidence in the use of ICTs.<br><br>But first we need to start creating awareness about these issues.<br>Remember the case of cyber attacks on ESTONIA? What about BOTNETS which continue to grow daily? Do we have a KENCERT? What about the now common problem of IDENTITY THEFT<br><br>We need very strong advocacy in these matters so that ICT users are aware of the security risks they face.<br><br>John<br><br><b><i>wesley kiriinya <kiriinya2000@yahoo.com></i></b> wrote:<blockquote class="replbq" style="border-left: 2px solid rgb(16, 16, 255); margin-left: 5px; padding-left: 5px;"> Some of the best security experts are the hackers
and crackers themselves-the certifications (if they have them) aren't the base of their skills. The ability to detect and correct security exploits and security holes is largely a matter of experience and ingenuity. Security exploits and holes can be very many and can cross a wide range of devices (basically anything that can be programmed and can connect to a network is lethal nowadays) e.g. I could write a virus or worm than lies dormant on a host portable device until it's plugged into a computer, the virus then creeps into the systems collecting some few info and it returns into the portable device. This device can be mine or anyone else (which I might have sent via bluetooth), the worm can detect the anti virus in the system and when it was last updated and abort if necessary, This is just a quick thought in my mind and one can easily see how it can become far more complex.<br><br>- Someone intruding a system doesn't have to cause damage to it.<br>- There is a
psychology that motivates these people to intrude one system and not another, I hope there is a certification that talks about that. Just because the systems of company X haven't been intruded yet doesn't mean they are secure.<br>- Intrusion can happen from almost anywhere in the world. Someone can be sitting in the middle of L.Victoria with a nice satelitte connection, do the job, damp the laptop in the lake (, catch some fish) and go home.<br><br>I definitely wouldn't compare to a doctor.<br><br><b><i>waudo siganga <emailsignet@mailcan.com></i></b> wrote:<blockquote class="replbq" style="border-left: 2px solid rgb(16, 16, 255); margin-left: 5px; padding-left: 5px;"> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Re: [kictanet] Experts: Kenyan businesses unprepared for security attacks</title> <div>IT Security can also be enhanced if we promote the idea of IT experts operating in a legal and regulatory
environment. An IT Practioners Management Act would go a long way in ensuring acceptable qualifications, licensing, disciplining, continuous professional development (including periodic training in security). When a doctor is to operate on me I expect him to be licenced; I should have the same expectation of an "IT expert" who wants to operate on my company systems/data.</div><div>Waudo</div><pre>On Tue, 29 Apr 2008 03:44:57 -0700 (PDT), "Rebecca Wanjiku" <rebeccawanjiku@yahoo.com> said:<br></pre><blockquote class="QuoteMessage" type="cite"><h1 class="title">Experts: Kenyan businesses unprepared for security attacks</h1><div>The switch to more computerized information and processes has led to increased productivity and profits for many Kenyan companies, but information security has been neglected, according to IT experts in the country.</div><div>Many companies in Kenya adopt high-tech hardware and software, but very few are fully investing in information
security and frequent audits to identify vulnerabilities, according to John Gichuki, an information security and forensic auditor. </div><div><a href="http://computerworld.co.ke/articles/2008/04/28/experts-kenyan-businesses-unprepared-security-attacks">http://computerworld.co.ke/articles/2008/04/28/experts-kenyan-businesses-unprepared-security-attacks</a></div><br><br>Tel. 254 720 318 925<br><br>blog:http://beckyit.blogspot.com/<div></div><hr size="1">Be a better friend, newshound, and know-it-all with Yahoo! Mobile. <a href="http://us.rd.yahoo.com/evt=51733/*http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ">Try it now.</a> </blockquote> <pre>-- <br> waudo siganga<br> emailsignet@mailcan.com<br></pre> _______________________________________________<br>kictanet mailing list<br>kictanet@lists.kictanet.or.ke<br>http://lists.kictanet.or.ke/mailman/listinfo/kictanet<br><br>This message was sent to: kiriinya2000@yahoo.com<br>Unsubscribe or change your
options at http://lists.kictanet.or.ke/mailman/options/kictanet/kiriinya2000%40yahoo.com<br></blockquote><br><div> </div><hr size="1">Be a better friend, newshound, and know-it-all with Yahoo! Mobile. <a href="http://us.rd.yahoo.com/evt=51733/*http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ%20"> Try it now.</a>_______________________________________________<br>kictanet mailing list<br>kictanet@lists.kictanet.or.ke<br>http://lists.kictanet.or.ke/mailman/listinfo/kictanet<br><br>This message was sent to: ngethe.kariuki2007@yahoo.co.uk<br>Unsubscribe or change your options at http://lists.kictanet.or.ke/mailman/options/kictanet/ngethe.kariuki2007%40yahoo.co.uk<br></blockquote><br><p>
<hr size=1>
Sent from <a
href="http://us.rd.yahoo.com/mailuk/taglines/isp/control/*http://us.rd.yahoo.com/evt=52418/*http://uk.docs.yahoo.com/nowyoucan.html" target=_blank>Yahoo! Mail</a>.
<br>
A Smarter Email.