Compliance should be first a strategy of the organization. Then external bodies can direct the enforcement or assist to implement the same. Inshort someone is sleeping on the job. R D ----- Reply message ----- From: "Dan Wanjohi" <nadwanjohi@gmail.com> To: "Skunkworks Mailing List" <skunkworks@lists.my.co.ke> Subject: [Skunkworks] AGPO - Secure Connection Date: Fri, Apr 25, 2014 08:56 Agreed, should at least be via HTTPS, Unfortunately enforcement of governing frameworks such as PCI is at its lowest. Maybe KE-CERT should have the mandate of also ensuring security compliance.. On Wed, Apr 23, 2014 at 1:11 PM, Patrick Kariuki <patrick.kariuki@gmail.com> wrote: Shouldn't financial and personal information(Username, Passwords, Bank account details, PIN numbers and copies of ID number) travelling across the internet to a go.ke site be secured? AGPO site(http://www.agpo.go.ke/) is well done but lacks that critical bit. _______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://orion.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke -- ......................................................... No pressure.....No diamonds!!!