<div dir="ltr">Sorry, here is the website for the Certifying Authority for Kenya's PKI <a href="http://www.govca.go.ke/#">http://www.govca.go.ke/#</a></div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature"><div dir="ltr"><div><div dir="ltr">______________________<br>Mwendwa Kivuva, Nairobi, Kenya<br><br>"There are some men who lift the age they inhabit, till all men walk on higher ground in that lifetime." - Maxwell Anderson<br><div><br></div></div></div></div></div></div>
<br><div class="gmail_quote">On 21 July 2015 at 16:56, Mwendwa Kivuva <span dir="ltr"><<a href="mailto:Kivuva@transworldafrica.com" target="_blank">Kivuva@transworldafrica.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div>Hosea Kandie and Fredick Wahome have raised very important points of institutional frameworks. I just wanted to share the National PKI website which has a tonne of information on what Kenya has done in that regard. <a href="http://www.ke-cirt.go.ke/index.php/services/national-pki/" target="_blank">http://www.ke-cirt.go.ke/index.php/services/national-pki/</a><br></div><div><br></div><div>Here is a copy paste from the home page:</div><div><br></div><div>Kenya’s National Public Key Infrastructure (NPKI)</div><div><br></div><div>The National Public Key Infrastructure (NPKI) project is coordinated by the Ministry of ICT in collaboration with the Communications Authority of Kenya (CA) and the ICT Authority (ICTA).</div><div><br></div><div>A Public Key Infrastructure (PKI) refers to a system for the creation, storage and distribution of digital certificates which are used to verify that a particular public key (online identity) belongs to a certain entity. A PKI is a technical infrastructure that comprises of a Root Certification Authority (RCA) and a Certification Authority (CA), referred to as an Electronic Certification Service Provider (E-CSP) in Kenya’s legal and regulatory framework. The PKI creates a framework for protecting communications and stored information from unauthorized access and disclosure by addressing the fundamentals of cyber security – confidentiality, integrity, authentication and non-repudiation. A PKI is key to the rollout of e-transaction services.</div><div><br></div><div>The Kenya Information and Communications Act, 1998, mandates the Communications Authority of Kenya (CA) to issue a license to a person operating an Electronic Certification Service. In this regard, the Communications Authority of Kenya (CA) has developed a licensing framework for Electronic Certification Service Providers (E-CSPs).</div><div><br></div><div>Kenya’s National PKI comprises of a Root Certification Authority (RCA), which is managed by the Communication Authority of Kenya (CA) as a regulatory function, and the Government Certification Authority (GCA), an E-CSP which is managed by the ICTA. The NPKI is instrumental towards the effectiveness of the licensing of Electronic Certification Service Providers (E-CSPs) by the Communications Authority since a licensed E-CSP must be accredited by the RCA for its digital certificates to be globally recognized and trusted.</div><div><br></div><div>The ICT Authority (ICTA), which is the body responsible for the management of the mainstream government ICT services, operates the GCA. Other interested stakeholders who may be issued with an E-CSP license on application include the banking Sector and the Academia.</div><div><br></div><div>The benefits of a National PKI include:</div><div>i. Locally available and cheaper digital certificates/signatures; and</div><div>ii. Operations and services that are within Kenyan law (jurisdiction), among others.</div></div><div class="gmail_extra"><span class=""><br clear="all"><div><div><div dir="ltr"><div><div dir="ltr">______________________<br>Mwendwa Kivuva, Nairobi, Kenya<br><br>"There are some men who lift the age they inhabit, till all men walk on higher ground in that lifetime." - Maxwell Anderson<br><div><br></div></div></div></div></div></div>
<br></span><div><div class="h5"><div class="gmail_quote">On 21 July 2015 at 11:02, fredrick Wahome via Security <span dir="ltr"><<a href="mailto:security@lists.my.co.ke" target="_blank">security@lists.my.co.ke</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div class="gmail_default" style="font-family:verdana,sans-serif;color:rgb(11,83,148)">The fact that there is high internet penetration in Africa / Kenya where an average of one user for every five has access to affordable internet has created enabling environment for cyber-criminals. <br><br>By the nature of cyberspace where the perpetrators of cyber-crime remain ubiquitous. This necessitated a need for legislation to control crime, and to provide confidence and security in African cyberspace, leading to the drafting of the Africa Union Convention on Cybersecurity (AUCC). But some groups like CIPIT and civil society opposed the convention on the ground that it was prepared without their inputs. Their main argument is that the convention did not make enough provisions to protect privacy and freedom of speech. <br><br>Member States have to undertake necessary measures to encourage the establishment of institutions that exchange information on cyber threats and the evaluation of vulnerabilities such as Computer Emergency Response Team (CERT). Kenya has at least done something on this by establishing KE-CIRT at CA. There is also a masterplan and PKI in place thou there has been implementation challenges. We will note that most governments departments have not yet established cybersecurity departments and this leads to low / lack of budgetary allocation. <br><br></div><div class="gmail_default" style="font-family:verdana,sans-serif;color:rgb(11,83,148)">In summary Government bodies, policy networks, scholars, the media, technology experts and the people need to engage in a global conversation that will help demystify Cyber-crime and define what it constitutes of and how Cyber-criminals should be dealt with.<br><br>The role of the media (television, blogs, online news outlets and more) is critical in the process of educating the public and engaging in a conversation, as they will be the mediators and curators of information and discourse on the issue. Thus, a concise and sensible approach, devoid of fear-mongering and shock practices, should be followed. We all remember recently how media has mishandled cyber crime news without a very somber deep analysis<br><br>Since this is an international issue, governments and policy networks across the world have to come together and discuss openly on what is better for their citizens. Something like AUCC is a positive move by African states<br><br>Scholars and academics can provide valuable expertise on technological, psychological, ethical and other issues, while highlighting any misgivings by those involved in the process. At least Strathmore has tried on this<br><br>The people in their local communities, families and social networks should help and train each other to increase their peers’ level of Internet literacy and highlight the advantages of the web. A higher Internet literacy level can help people protect themselves even better by taking simple security measures, such as using anti-virus software and identifying potential risks or scams in their online financial transactions. More is needed from the technology community to provide awareness to end users even if through probono program. <br><br></div><div class="gmail_default" style="font-family:verdana,sans-serif;color:rgb(11,83,148)">The technology community needs a unity of purpose. Looking at programmers / developers, DBA, network admins, infosec there has been lack of proper coordination. Developers are working hard to prove that their products cant be broken. Infosec on the other hand are working so hard to prove to blue team / developers that they can break their products. At the end no one benefit from such a contest. Many technical conferences / seminars should be encouraged to enable sharing of information / knowledge in the local technology community. <br><br></div><div class="gmail_default" style="font-family:verdana,sans-serif;color:rgb(11,83,148)">Great day comrades. <br></div><div class="gmail_default" style="font-family:verdana,sans-serif;color:rgb(11,83,148)"><br></div><div class="gmail_default" style="font-family:verdana,sans-serif;color:rgb(11,83,148)"><br><br><br><br></div></div><div class="gmail_extra"><br><div class="gmail_quote"><div><div>On Tue, Jul 21, 2015 at 9:28 AM, Stephen Munguti via Security <span dir="ltr"><<a href="mailto:security@lists.my.co.ke" target="_blank">security@lists.my.co.ke</a>></span> wrote:<br></div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div><div dir="ltr"><div>Hello all,<br><br></div>I think most of our security concerns stem from internal users and this is the reason many banks and telecos refuse to part with this information, i could be wrong though<br></div></div></div><div class="gmail_extra"><div><div><br><div class="gmail_quote"><div><div>On Tue, Jul 21, 2015 at 8:58 AM, Grace Mutung'u (Bomu) via skunkworks <span dir="ltr"><<a href="mailto:skunkworks@lists.my.co.ke" target="_blank">skunkworks@lists.my.co.ke</a>></span> wrote:<br></div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div><div dir="ltr"><p class="MsoNormal" style="background-image:initial;background-repeat:initial"><span style="line-height:115%;font-family:Arial,sans-serif">Dear Listers, </span></p><p class="MsoNormal" style="background-image:initial;background-repeat:initial"><span style="line-height:115%;font-family:Arial,sans-serif"><br></span></p><p class="MsoNormal" style="background-image:initial;background-repeat:initial"><span style="line-height:115%;font-family:Arial,sans-serif">Kenya has had its fair share of high
profile cyber threats, hacking etc, the latest being the alleged compromise of
the IFMIS system at NYS/Ministry of Devolution. The country and Africa at large is making efforts to assure
cyber-security. These include among others her involvement in the Africa Union
Convention on Cybercrime and a proposal for a Cybercrime law, an initiative led
by the Office of the Director of Public Prosecutions. Significant financial
resources have also been earmarked by government for security and cyber security
in particular. There are also partnerships between government and private
sector in deploying cybersecurity centres. </span></p>
<p class="MsoNormal" style="background-image:initial;background-repeat:initial"><span style="line-height:115%;font-family:Arial,sans-serif">The private sector has employed
practical measures to protect their businesses. However, businesses such as
mobile money providers and banks have been shy to divulge their cyber security
concerns to protect their interests. </span></p>
<p class="MsoNormal" style="background-image:initial;background-repeat:initial"><span style="line-height:115%;font-family:Arial,sans-serif">Civil society on the other hand has
raised concern about the line between protecting the cyber space and creating a
facilitative environment for innovators as well as protecting the rights of
users. </span></p>
<p class="MsoNormal" style="background-image:initial;background-repeat:initial"><span style="line-height:115%;font-family:Arial,sans-serif"> </span></p>
<p class="MsoNormal" style="background-image:initial;background-repeat:initial"><span style="line-height:115%;font-family:Arial,sans-serif">Are our efforts at deterring
cyber-crime the correct way to assure cyber security? Are fears about a
partnership between government and private sector and the general fears about
stifling innovation and human rights in the name of cybersecurity legitimate?
Are there other practical approaches that different stakeholders can take to
enhance cyber security? <span style="font-size:7.5pt"></span></span></p><p class="MsoNormal" style="background-image:initial;background-repeat:initial"><span style="line-height:115%;font-family:Arial,sans-serif"><br></span></p><p class="MsoNormal" style="background-image:initial;background-repeat:initial"><span style="line-height:115%;font-family:Arial,sans-serif">Over to you. </span></p><span><font color="#888888"><div><br></div>-- <br><div>Grace L.N. Mutung'u <br>Nairobi Kenya<br>Skype: gracebomu<br>Twitter: @Bomu<br><br><<a href="http://www.diplointernetgovernance.org/profile/GraceMutungu" target="_blank">http://www.diplointernetgovernance.org/profile/GraceMutungu</a>><br><br></div>
</font></span></div>
<br></div></div>_______________________________________________<br>
skunkworks mailing list<br>
<a href="mailto:skunkworks@lists.my.co.ke" target="_blank">skunkworks@lists.my.co.ke</a><br>
------------<br>
List info, subscribe/unsubscribe<br>
<a href="http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks" rel="noreferrer" target="_blank">http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks</a><br>
------------<br>
<br>
Skunkworks Rules<br>
<a href="http://my.co.ke/phpbb/viewtopic.php?f=24&t=94" rel="noreferrer" target="_blank">http://my.co.ke/phpbb/viewtopic.php?f=24&t=94</a><br>
------------<br>
Other services @ <a href="http://my.co.ke" rel="noreferrer" target="_blank">http://my.co.ke</a><span><font color="#888888"><br></font></span></blockquote></div></div></div><span><font color="#888888"><br><br clear="all"><br>-- <br><div><br>Best Regards,<br>Stephen Munguti.<br><br><span style="color:rgb(0,204,204);font-family:tahoma,sans-serif"><a href="tel:%2B254720425104" value="+254720425104" target="_blank">+254720425104</a></span><br></div>
</font></span></div>
<br>_______________________________________________<br>
Security mailing list<br>
<a href="mailto:Security@lists.my.co.ke" target="_blank">Security@lists.my.co.ke</a><br>
<a href="http://lists.my.co.ke/cgi-bin/mailman/listinfo/security" rel="noreferrer" target="_blank">http://lists.my.co.ke/cgi-bin/mailman/listinfo/security</a><br></blockquote></div><br><br clear="all"><br>-- <br><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><span style="font-family:comic sans ms,sans-serif;color:rgb(102,0,0)"><br><br><br><br><span style="font-family:arial,helvetica,sans-serif"><b>-------------------------------------</b><br><b>Kind Regards</b></span></span><span style="font-family:arial,helvetica,sans-serif"><b>;</b><br><br><b style="color:rgb(102,0,0)">Fredrick Wahome Ndung'u<br>Team Leader<br>Secunets Technologies Ltd<br>Website: <a href="http://www.secunets.com" target="_blank">www.secunets.com</a><br>Cell: <span style="color:rgb(11,83,148)">+254725264890</span><br>Email: <a href="mailto:fred@secunets.com" target="_blank">fred@secunets.com</a><br></b><b><span style="color:rgb(102,0,0)">Facebook: <span style="color:rgb(11,83,148)">secunetstech</span></span></b><b style="color:rgb(102,0,0)"><br></b><b><span style="color:rgb(102,0,0)">Twitter: <span style="color:rgb(11,83,148)">@secunets</span></span></b><b style="color:rgb(102,0,0)"><br>Skype: <span style="color:rgb(11,83,148)">secunets.technologies</span><br>Experts in: </b><span style="color:rgb(102,0,0)"></span><span><span style="color:rgb(102,0,0)"><span style="color:rgb(11,83,148)">Domain Registration, Web Hosting</span></span><span style="color:rgb(102,0,0)"><span style="color:rgb(11,83,148)">,</span></span><b style="color:rgb(102,0,0)"><span style="color:rgb(11,83,148)"> </span></b></span><span><span style="color:rgb(102,0,0)"><span style="color:rgb(11,83,148)"><span><span style="color:rgb(102,0,0)"><span style="color:rgb(11,83,148)"><span>Open Source Solutions,</span></span></span></span> </span></span></span><span style="color:rgb(11,83,148)"><span>Information Security & Training, </span></span></span><span style="color:rgb(102,0,0)"><span style="font-family:arial,helvetica,sans-serif"><span style="color:rgb(11,83,148)"><span><span><span>Digital Forensic Investigations</span></span>, </span></span></span></span><span style="color:rgb(102,0,0)"><span style="font-family:arial,helvetica,sans-serif"><span style="color:rgb(11,83,148)">Web 2.0 Applications & I.C.T </span></span><span style="font-family:comic sans ms,sans-serif"><span style="font-family:arial,helvetica,sans-serif"><span style="color:rgb(11,83,148)">Consultancy.</span></span></span></span><b style="color:rgb(102,0,0)"><span style="font-family:comic sans ms,sans-serif"><br><br style="font-family:comic sans ms,sans-serif"></span></b><div style="text-align:center"><b style="color:rgb(102,0,0)">"<span style="color:rgb(11,83,148)"><font size="4"><i>Secure Business Technology</i></font></span>"</b><br></div><br><br>------------------------------------------------------------------------------------------------------------------------------------------------<br><div style="text-align:center"><span style="font-family:comic sans ms,sans-serif"><b style="color:rgb(102,0,0)">SECUNETS TECHNOLOGIES DISCLAIMER:</b></span><br></div><br><span style="color:rgb(11,83,148)">This email message and any file(s) transmitted with it is intended solely for the individual or entity to whom it is addressed and may contain confidential and/or legally privileged information which confidentiality and/or privilege is not lost or waived by reason of mistaken transmission. If you have received this message by error you are not authorized to view disseminate distribute or copy the message without the written consent of Secunets Technologies and are requested to contact the sender by telephone or e-mail and destroy the original. Although Secunets Technologies takes all reasonable precautions to ensure that this message and any file transmitted with it is virus free, Secunets Technologies accepts no liability for any damage that may be caused by any virus transmitted by this email. </span><br><br></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div>
</div>
<br>_______________________________________________<br>
Security mailing list<br>
<a href="mailto:Security@lists.my.co.ke" target="_blank">Security@lists.my.co.ke</a><br>
<a href="http://lists.my.co.ke/cgi-bin/mailman/listinfo/security" rel="noreferrer" target="_blank">http://lists.my.co.ke/cgi-bin/mailman/listinfo/security</a><br></blockquote></div><br></div></div></div>
</blockquote></div><br></div>