<div>Good Morning,</div>
<div>Mwende, further to your point regarding having not experienced critical security threat, it is important for end users and information owners to understand that just because they have not been compromised, it does not necessarily mean that they are secure since this in security context is "Security by Obscurity".</div>
<div>It is important to understand that hackers write code with certain parameters of the target and thus when they execute such programs only applications that meet this criteria are compromised and thus the probabiity of them being victims is very slim.</div>
<div>In addition, before organisations can go on a spending spree on security programs, applications and human resource it is worthwhile for them to know that "Insiders" pose the greatest security threat to their Information. With this in mind, there is need for internal Access Control mechanism to be implemented to help eliminate this threat.</div>
<div> </div>
<div>As far as our current level of preparedness goes, a random analysis of existing web applications, networks and hosting companies, its evident that we have a lot of work ahead of us.</div>
<div>Case in point: </div>
<div>1. Recent "war drives" around Nairobi city center reveals that most wireless networks are unsecured which provides a very convinient entry point to most black hat hackers into the business network.</div>
<div>2. Most of the dynamic web applications have severe database security vulnerabillties. Using default security assesment methods, it is very easy to gain access to the underlying database data and structure.</div>
<div>3. Though its not considered as a "Critical" application, the "KICTANET database" stores passwords in clear text which is a violation of the database Confidentiality rule.</div>
<div> </div>
<div>To help protect our infrastructure and data, awareness is paramount as this sets the base on what security should be implemented and how.</div>
<div>Also important are policies, standards procedures to help govern the process.</div>
<div> </div>
<div>Evans</div>
<div> </div>
<div class="gmail_quote">On Mon, May 4, 2009 at 4:52 PM, mwende njiraini <span dir="ltr"><<a href="mailto:mwende.njiraini@gmail.com">mwende.njiraini@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid">
<div style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: justify"><span lang="EN-US"><font size="3"><font face="Times New Roman">Good morning!</font></font></span></div>
<div style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: justify"><span lang="EN-US"><font size="3"><font face="Times New Roman"></font></font></span> </div>
<div style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: justify"><span lang="EN-US"><font size="3"><font face="Times New Roman">Today we continue our discussions on cybersecurity specifically data and infrastructure security.<span> </span></font></font></span></div>
<p style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: justify"><span lang="EN-US"><font face="Times New Roman" size="3"> </font></span></p>
<p style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: justify"><span lang="EN-US"><font face="Times New Roman" size="3">It now not uncommon to hear about cyber terrorism, cyber crime, cyber attacks, Information Warfare, etc.<span> </span>Recent examples of cyber attacks in Estonia and Georgia show that the Internet offers an inexpensive and easy weapon of modern warfare.</font></span></p>
<p style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: justify"><span lang="EN-US"><font face="Times New Roman" size="3"> </font></span></p>
<p style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: justify"><span lang="EN-US"><font size="3"><font face="Times New Roman">Fortunately, we as a country may not have yet experienced critical security threats possibly because majority of users/organizations have access to ‘less than broadband speeds’ thus providing no incentive for meaningful exploits.<span> </span>This presents a situation where low usage and poor connectivity has acted as our “security”.<span> </span></font></font></span></p>
<p style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: justify"><span lang="EN-US"><font face="Times New Roman" size="3"> </font></span></p>
<p style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: justify"><span lang="EN-US"><font size="3"><font face="Times New Roman">However, with the growing use of the Internet, encouraged by the availability broadband connections locally, nationally (Fibre optic national project, operator networks) and internationally (TEAMS, SEACOM), the number of incidences of online security breaches are set to increase.</font></font></span></p>
<p style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: justify"><span lang="EN-US"><font face="Times New Roman" size="3"> </font></span></p>
<div style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: justify"><span lang="EN-US"><font face="Times New Roman" size="3"><span lang="EN-US"><span lang="EN-US"><font face="Times New Roman" size="3">Thank you Harry Delano (email 29<sup>th</sup> April) for raising the following important questions for our discussion today.</font></span></span></font></span></div>
<ul>
<li>
<div style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: justify"><span lang="EN-US"><font face="Times New Roman" size="3"><span lang="EN-US"><span lang="EN-US"></span></span>What is our level of cybersecurity preparedness (as government, operator, service providers, private sector organizations and educational institutions)?</font></span></div>
</li>
<li>
<div style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: justify"><span lang="EN-US"><font face="Times New Roman" size="3"><span></span>Have we made an assessment of our cybersecurity preparedness levels, to date, particularly with the impending landing of international submarine fibre optic cable? <span> </span></font></span></div>
</li>
<li>
<div style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: justify"><span lang="EN-US"><font face="Times New Roman" size="3"><span></span>What is needed to protect our data and infrastructure from increased threats and at what cost?</font></span></div>
</li></ul>
<div style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: justify"><span lang="EN-US"><font face="Times New Roman" size="3"></font></span> </div>
<div style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: justify"> </div>
<div style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: justify"><span lang="EN-US"><span lang="EN-US"><font face="Times New Roman" size="3"></font></span></span> </div>
<div style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: justify"><span lang="EN-US"><span lang="EN-US"><font face="Times New Roman" size="3">Regards</font></span></span></div>
<div style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: justify"><span lang="EN-US"><span lang="EN-US"><font face="Times New Roman" size="3">Mwende</font></span></span></div><br>_______________________________________________<br>kictanet mailing list<br>
<a href="mailto:kictanet@lists.kictanet.or.ke">kictanet@lists.kictanet.or.ke</a><br><a href="http://lists.kictanet.or.ke/mailman/listinfo/kictanet" target="_blank">http://lists.kictanet.or.ke/mailman/listinfo/kictanet</a><br>
<br>This message was sent to: <a href="mailto:ifani.kinos@gmail.com">ifani.kinos@gmail.com</a><br>Unsubscribe or change your options at <a href="http://lists.kictanet.or.ke/mailman/options/kictanet/ifani.kinos%40gmail.com" target="_blank">http://lists.kictanet.or.ke/mailman/options/kictanet/ifani.kinos%40gmail.com</a><br>
<br></blockquote></div><br>