<p dir="ltr">Stuart,</p>
<p dir="ltr">Your suggestion makes practical sense, before a core banking system is installed penetration testing is carried out, how often are audits carried out after? </p>
<p dir="ltr">As we seek to get legislation there needs to be a practical merger between prospective laws and practice to ensure that laws if passed will adequately prevent the vice.</p>
<p dir="ltr">Kind regards,</p>
<p dir="ltr">Rosemary Koech-Kimwatu<br>
Advocate</p>
<div class="gmail_quote">On Mar 9, 2017 19:09, "Stuart Houston via kictanet" <<a href="mailto:kictanet@lists.kictanet.or.ke">kictanet@lists.kictanet.or.ke</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Thanks Ali for sharing. Interesting, if not all too common story globally.<div><br><div>"A chain is only as strong as its weakest link" comes to mind. The weakest link being the human element in this case but could also be applicable to scale with lack of ratifying and enforcing regulation & agreements nationally and internationally; of which difficulties Gichuki has already mentioned. From my experience securing systems is the stronger (or at least easier to implement) part of the chain.<br></div><div><br></div><div>Can regulations particularly for government institutions and large financials be tightened up? For example, would not a mandatory, regular security audit by a reputable external firm be able to deter, if not bring to light such hacking sprees? </div><div><br></div></div><div class="gmail_extra"><div><div class="m_7362446941566229366gmail_signature"><div dir="ltr"><div dir="ltr"><div dir="ltr"><p style="font-family:myriadpro-regular,"myriad pro regular",myriadpro,"myriad pro",helvetica,arial,sans-serif;color:rgb(0,73,96);padding-bottom:20px"><span style="font-size:13.6364px;color:rgb(88,88,91)">Regards</span></p><div><span style="font-family:arial;font-size:14pt">Stuart Houston</span></div><div><span style="font-family:arial">IT consultant and project manager</span></div><div><span style="font-family:arial;font-size:12pt">Vimak </span></div><p style="font-family:myriadpro-regular,"myriad pro regular",myriadpro,"myriad pro",helvetica,arial,sans-serif;font-size:10pt;padding-bottom:20px;color:rgb(88,88,91)"><span style="font-size:10pt">Studio House, 5th Floor, Marcus Garvey Rd off Argwings Kodhek Rd </span><br></p><p style="font-family:myriadpro-regular,"myriad pro regular",myriadpro,"myriad pro",helvetica,arial,sans-serif;font-size:10pt;padding-bottom:20px;color:rgb(88,88,91)">+254 711 231726 | +254 731 993931 | <a href="mailto:info@vimak.co.ke" target="_blank">info@vimak.co.ke</a></p><p style="font-family:myriadpro-regular,"myriad pro regular",myriadpro,"myriad pro",helvetica,arial,sans-serif;font-size:10pt;color:rgb(88,88,91)">This e-mail and any attachments are confidential. They may contain privileged information and are intended for the named addressee(s) only. Unless expressly stated, opinions in this e-mail are those of the individual sender and not of Vimak. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you are not the intended recipient, please telephone or e-mail the sender and delete this message and any attachments immediately</p></div></div></div></div></div>
<br><div class="gmail_quote">On Thu, Mar 9, 2017 at 5:46 PM, Dorcas Muthoni via kictanet <span dir="ltr"><<a href="mailto:kictanet@lists.kictanet.or.ke" target="_blank">kictanet@lists.kictanet.or.ke</a><wbr>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="auto">Exactly Ali, time is now. </div><div class="gmail_extra"><br><div class="gmail_quote"><div><div class="m_7362446941566229366gmail-h5">On Mar 9, 2017 5:24 PM, "Ali Hussein via kictanet" <<a href="mailto:kictanet@lists.kictanet.or.ke" target="_blank">kictanet@lists.kictanet.or.ke</a><wbr>> wrote:<br type="attribution"></div></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div><div class="m_7362446941566229366gmail-h5"><div dir="auto"><div><span></span></div><div><div>An opportunity for the community to now insert itself and engage to enhance the bill?<br><br><div><span><b>Ali Hussein</b></span></div><div><span><b>Principal</b></span></div><div><b style="background-color:rgba(255,255,255,0)">Hussein & Associates</b></div><div style="font-family:helvetica;font-size:medium"><a href="tel:0713%20601113" value="+254713601113" target="_blank">+254 0713 601113</a> </div><div style="font-family:helvetica;font-size:medium"><br></div><div><p style="margin:0in 0in 0pt"><span style="background-color:rgba(255,255,255,0)">Twitter: @AliHKassim</span></p><span style="background-color:rgba(255,255,255,0)"><font></font></span><p style="margin:0in 0in 0pt"><span style="background-color:rgba(255,255,255,0)">Skype: abu-jomo</span></p><p style="margin:0in 0in 0pt"><span style="background-color:rgba(255,255,255,0)">LinkedIn: <a href="http://ke.linkedin.com/in/alihkassim" target="_blank">http://ke.linkedin.c<wbr>om/in/alihkassim</a></span></p><font><br></font></div><div><span style="background-color:rgba(255,255,255,0)">"We are what we repeatedly do. Excellence, therefore, is not an act but a habit." ~ Aristotle</span></div><div><br></div><div><span><br></span></div>Sent from my iPad</div><div><br>On 9 Mar 2017, at 2:24 PM, kanini mutemi via kictanet <<a href="mailto:kictanet@lists.kictanet.or.ke" target="_blank">kictanet@lists.kictanet.or.ke</a><wbr>> wrote:<br><br></div><blockquote type="cite"><div><div dir="ltr"><div style="font-family:georgia,serif">Enlightening!<br><br></div><div style="font-family:georgia,serif">A quick reading of the now withdrawn Cyber Security and Protection Bill gave a sense that we're still looking at cyber crime with the same eyes that crafted the Penal Code. Simplistic. Retroactive. Without necessarily addressing the unique challenges these crimes present. Perhaps it's time that the government considers actual capacity building in this field (no not just benchmarking visits and one week courses). For them to regulate this area adequately, they must first understand it's ins and outs. <br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Mar 9, 2017 at 2:05 PM, Douglas Gichuki <span dir="ltr"><<a href="mailto:dgichuki@strathmore.edu" target="_blank">dgichuki@strathmore.edu</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">Cybercrime,<div><br></div><div>As Kanini Mutemi rightly observes Kenya does not possess the substantive, procedural (legally) institutional and capacity tools to effectively deal with transnational online criminal activity. </div><div><br></div><div>Cyber-crime (in the substantive forms enumerated in the various bills doing rounds) presents a simple conundrum for law: a more global law or a less global internet? What does this mean in practice? First, that we need a regional instrumen- and then multilateral global instrument that harmonizes substantive offences (ensuring the principle of double criminality) and substantive criminal procedure (Arrest Warrants and Evidence Sharing).</div><div><br></div><div> This later bit is consequential because extra territorial executive action is a violation of international law (Lotus- France v Turkey). It is also crucial to have data frameworks that allow flexibility for law enforcement (imagine judicial hurdles imposed every time inter state data transfers are sought by law enforcement).Further, traditional methods of law enforcement cooperation in the form of Mutual Legal Assistance Treaties (MLATS) are too cumbersome opaque and resource needy to deal with the agile needs of volatile data. </div><div><br></div><div>This is fundamental because technologies such as cloud computing and block chain make a nonsense of the Westphalian model of territory and jurisdiction.</div><div><br></div><div>regards,</div><div><br></div><div><br></div><div><br></div><div><div><br></div><div><br></div></div></div><div class="gmail_extra"><br clear="all"><div><div class="m_7362446941566229366gmail-m_-90043759017599940m_-1646255443384678859m_2101773063614417592gmail_signature"><div dir="ltr"><div><div dir="ltr"><img src="http://www.strathmore.edu/en/images/emails/dgichuki.jpg"><br></div></div></div></div></div>
<br><div class="gmail_quote"><div><div class="m_7362446941566229366gmail-m_-90043759017599940m_-1646255443384678859h5">On Thu, Mar 9, 2017 at 11:43 AM, kanini mutemi via kictanet <span dir="ltr"><<a href="mailto:kictanet@lists.kictanet.or.ke" target="_blank">kictanet@lists.kictanet.or.ke</a><wbr>></span> wrote:<br></div></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div><div class="m_7362446941566229366gmail-m_-90043759017599940m_-1646255443384678859h5"><div dir="ltr"><div style="font-family:georgia,serif">This reactionary approach is quite ridiculous. I bet you the prosecutors will have a hard time even proving the crime. Some wouldn't even know what malware is. Now start explaining Salami to them. <br><br></div><div style="font-family:georgia,serif">Well it's commendable CA seems to be doing something in this space <a href="http://www.nation.co.ke/news/Communication-Authority-open-centre-to-combat-cyber-crime/1056-3405682-5hjk2pz/index.html" target="_blank">http://www.nation.co.ke/news/C<wbr>ommunication-Authority-open-ce<wbr>ntre-to-combat-cyber-crime/105<wbr>6-3405682-5hjk2pz/index.html</a><br><br></div><div style="font-family:georgia,serif">However, why open a centre for the sole purpose of reporting and investigating claims? Proactivity would be a better approach. The irony is how the CIA has taken this 'precautionary approach' to the next level as seen with the wikileaks dump. <br></div><div style="font-family:georgia,serif"><br></div></div><div class="gmail_extra"><br><div class="gmail_quote"><div><div class="m_7362446941566229366gmail-m_-90043759017599940m_-1646255443384678859m_2101773063614417592h5">On Thu, Mar 9, 2017 at 7:26 AM, Mark Kipyegon via kictanet <span dir="ltr"><<a href="mailto:kictanet@lists.kictanet.or.ke" target="_blank">kictanet@lists.kictanet.or.ke</a><wbr>></span> wrote:<br></div></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div><div class="m_7362446941566229366gmail-m_-90043759017599940m_-1646255443384678859m_2101773063614417592h5">Even with the collusion claimed in the article, the failure of controls<br>
that should prevent unauthorised physical and remote access to systems<br>
is quite troubling.<br>
<span><br>
On 09/03/2017 06:18, <a href="mailto:kictanet-request@lists.kictanet.or.ke" target="_blank">kictanet-request@lists.kictane<wbr>t.or.ke</a> wrote:<br>
><br>
> Today we get a glimpse of the magnitude of cyber crime in the country.<br>
><br>
</span>> Kenya Revenue Authority, several blue-chip banks, a parastatal and a supermarket chain are some of the institutions penetrated by an international cybercrime syndicate that took off with hundreds of millions of shillings ? before they were all seized on Monday and Tuesday.<br>
<div class="m_7362446941566229366gmail-m_-90043759017599940m_-1646255443384678859m_2101773063614417592m_1295778270254123645HOEnZb"><div class="m_7362446941566229366gmail-m_-90043759017599940m_-1646255443384678859m_2101773063614417592m_1295778270254123645h5">><br>
> Read on:-<br>
><br>
> <a href="http://www.nation.co.ke/news/Police-bust-ring-of-hackers/1056-3842558-11h7q5xz/index.html" rel="noreferrer" target="_blank">http://www.nation.co.ke/news/P<wbr>olice-bust-ring-of-hackers/105<wbr>6-3842558-11h7q5xz/index.html</a><br>
><br>
><br>
<br>
</div></div><br></div></div>______________________________<wbr>_________________<br>
kictanet mailing list<br>
<a href="mailto:kictanet@lists.kictanet.or.ke" target="_blank">kictanet@lists.kictanet.or.ke</a><br>
<a href="https://lists.kictanet.or.ke/mailman/listinfo/kictanet" rel="noreferrer" target="_blank">https://lists.kictanet.or.ke/m<wbr>ailman/listinfo/kictanet</a><br>
Twitter: <a href="http://twitter.com/kictanet" rel="noreferrer" target="_blank">http://twitter.com/kictanet</a><br>
Facebook: <a href="https://www.facebook.com/KICTANet/" rel="noreferrer" target="_blank">https://www.facebook.com/KICTA<wbr>Net/</a><br>
<br>
Unsubscribe or change your options at <a href="https://lists.kictanet.or.ke/mailman/options/kictanet/kaninimutemi%40gmail.com" rel="noreferrer" target="_blank">https://lists.kictanet.or.ke/m<wbr>ailman/options/kictanet/kanini<wbr>mutemi%40gmail.com</a><br>
<br>
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.<br>
<br>
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.<span class="m_7362446941566229366gmail-m_-90043759017599940m_-1646255443384678859m_2101773063614417592HOEnZb"><font color="#888888"><br></font></span></blockquote></div><span class="m_7362446941566229366gmail-m_-90043759017599940m_-1646255443384678859m_2101773063614417592HOEnZb"><font color="#888888"><br><br clear="all"><br>-- <br><div class="m_7362446941566229366gmail-m_-90043759017599940m_-1646255443384678859m_2101773063614417592m_1295778270254123645gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div><span style="font-family:georgia,serif"><b>Mercy Mutemi, Advocate</b>. <br></span></div></div><div><span style="font-family:georgia,serif"><br></span></div><div><span style="font-family:georgia,serif"><b><i><br></i></b></span></div><br></div></div></div></div></div></div>
</font></span></div>
<br>______________________________<wbr>_________________<br>
kictanet mailing list<br>
<a href="mailto:kictanet@lists.kictanet.or.ke" target="_blank">kictanet@lists.kictanet.or.ke</a><br>
<a href="https://lists.kictanet.or.ke/mailman/listinfo/kictanet" rel="noreferrer" target="_blank">https://lists.kictanet.or.ke/m<wbr>ailman/listinfo/kictanet</a><br>
Twitter: <a href="http://twitter.com/kictanet" rel="noreferrer" target="_blank">http://twitter.com/kictanet</a><br>
Facebook: <a href="https://www.facebook.com/KICTANet/" rel="noreferrer" target="_blank">https://www.facebook.com/KICTA<wbr>Net/</a><br>
<br></div></div>
Unsubscribe or change your options at <a href="https://lists.kictanet.or.ke/mailman/options/kictanet/dgichuki%40strathmore.edu" rel="noreferrer" target="_blank">https://lists.kictanet.or.ke/m<wbr>ailman/options/kictanet/dgichu<wbr>ki%40strathmore.edu</a><span><br>
<br>
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.<br>
<br>
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.<br></span></blockquote></div><br></div>
<br>
<span><p align="justify">
</p></span><p><b>Note: </b>All emails sent from Strathmore University are subject to Strathmore’s Email Terms & Conditions. Please click <a href="http://www.strathmore.edu/en/email-policy" target="_blank">here</a> to read the policy.<br><b><br></b></p><p>"Visit our <a href="https://www.facebook.com/StrathmoreUniversity" target="_blank">Facebook </a>Page and <a href="https://twitter.com/StrathU" target="_blank">Twitter </a>Account".</p>
</blockquote></div><br><br clear="all"><br>-- <br><div class="m_7362446941566229366gmail-m_-90043759017599940m_-1646255443384678859gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div><span style="font-family:georgia,serif"><b>Mercy Mutemi, Advocate</b>. <br></span></div></div><div><span style="font-family:georgia,serif"><br></span></div><div><span style="font-family:georgia,serif"><b><i><br></i></b></span></div><br></div></div></div></div></div></div>
</div>
</div></blockquote><blockquote type="cite"><div><span>______________________________<wbr>_________________</span><br><span>kictanet mailing list</span><br><span><a href="mailto:kictanet@lists.kictanet.or.ke" target="_blank">kictanet@lists.kictanet.or.ke</a></span><br><span><a href="https://lists.kictanet.or.ke/mailman/listinfo/kictanet" target="_blank">https://lists.kictanet.or.ke/m<wbr>ailman/listinfo/kictanet</a></span><br><span>Twitter: <a href="http://twitter.com/kictanet" target="_blank">http://twitter.com/kictanet</a></span><br><span>Facebook: <a href="https://www.facebook.com/KICTANet/" target="_blank">https://www.facebook.com/KICTA<wbr>Net/</a></span><br><span></span><br><span>Unsubscribe or change your options at <a href="https://lists.kictanet.or.ke/mailman/options/kictanet/info%40alyhussein.com" target="_blank">https://lists.kictanet.or.ke/m<wbr>ailman/options/kictanet/info%4<wbr>0alyhussein.com</a></span><br><span></span><br><span>The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.</span><br><span></span><br><span>KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.</span></div></blockquote></div></div><br>______________________________<wbr>_________________<br>
kictanet mailing list<br>
<a href="mailto:kictanet@lists.kictanet.or.ke" target="_blank">kictanet@lists.kictanet.or.ke</a><br>
<a href="https://lists.kictanet.or.ke/mailman/listinfo/kictanet" rel="noreferrer" target="_blank">https://lists.kictanet.or.ke/m<wbr>ailman/listinfo/kictanet</a><br>
Twitter: <a href="http://twitter.com/kictanet" rel="noreferrer" target="_blank">http://twitter.com/kictanet</a><br>
Facebook: <a href="https://www.facebook.com/KICTANet/" rel="noreferrer" target="_blank">https://www.facebook.com/KICTA<wbr>Net/</a><br>
<br></div></div>
Unsubscribe or change your options at <a href="https://lists.kictanet.or.ke/mailman/options/kictanet/dmuthoni%40gmail.com" rel="noreferrer" target="_blank">https://lists.kictanet.or.ke/m<wbr>ailman/options/kictanet/dmutho<wbr>ni%40gmail.com</a><span class="m_7362446941566229366gmail-"><br>
<br>
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.<br>
<br>
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.<br></span></blockquote></div></div>
<br>______________________________<wbr>_________________<br>
kictanet mailing list<br>
<a href="mailto:kictanet@lists.kictanet.or.ke" target="_blank">kictanet@lists.kictanet.or.ke</a><br>
<a href="https://lists.kictanet.or.ke/mailman/listinfo/kictanet" rel="noreferrer" target="_blank">https://lists.kictanet.or.ke/m<wbr>ailman/listinfo/kictanet</a><br>
Twitter: <a href="http://twitter.com/kictanet" rel="noreferrer" target="_blank">http://twitter.com/kictanet</a><br>
Facebook: <a href="https://www.facebook.com/KICTANet/" rel="noreferrer" target="_blank">https://www.facebook.com/KICTA<wbr>Net/</a><br>
<br>
Unsubscribe or change your options at <a href="https://lists.kictanet.or.ke/mailman/options/kictanet/shouston%40vimak.co.ke" rel="noreferrer" target="_blank">https://lists.kictanet.or.ke/m<wbr>ailman/options/kictanet/shoust<wbr>on%40vimak.co.ke</a><br>
<br>
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.<br>
<br>
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.<br></blockquote></div><br></div></div>
<br>______________________________<wbr>_________________<br>
kictanet mailing list<br>
<a href="mailto:kictanet@lists.kictanet.or.ke">kictanet@lists.kictanet.or.ke</a><br>
<a href="https://lists.kictanet.or.ke/mailman/listinfo/kictanet" rel="noreferrer" target="_blank">https://lists.kictanet.or.ke/<wbr>mailman/listinfo/kictanet</a><br>
Twitter: <a href="http://twitter.com/kictanet" rel="noreferrer" target="_blank">http://twitter.com/kictanet</a><br>
Facebook: <a href="https://www.facebook.com/KICTANet/" rel="noreferrer" target="_blank">https://www.facebook.com/<wbr>KICTANet/</a><br>
<br>
Unsubscribe or change your options at <a href="https://lists.kictanet.or.ke/mailman/options/kictanet/chemukoechk%40gmail.com" rel="noreferrer" target="_blank">https://lists.kictanet.or.ke/<wbr>mailman/options/kictanet/<wbr>chemukoechk%40gmail.com</a><br>
<br>
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.<br>
<br>
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.<br></blockquote></div>