Compliance should be first a strategy of the organization. Then external bodies can direct the enforcement or assist to implement the same.

Inshort someone is sleeping on the job.

----- Reply message -----
From: "Dan Wanjohi" <nadwanjohi@gmail.com>
To: "Skunkworks Mailing List" <skunkworks@lists.my.co.ke>
Subject: [Skunkworks] AGPO - Secure Connection
Date: Fri, Apr 25, 2014 08:56

Agreed, should at least be via HTTPS,

Unfortunately enforcement of governing frameworks such as PCI is at its lowest. Maybe KE-CERT should have the mandate of also ensuring security compliance..

On Wed, Apr 23, 2014 at 1:11 PM, Patrick Kariuki <patrick.kariuki@gmail.com> wrote:

Shouldn't financial and personal information(Username, Passwords, Bank
account details, PIN numbers and copies of ID number) travelling
across the internet to a go.ke site be secured?

AGPO site(http://www.agpo.go.ke/) is well done but lacks that critical bit.
_______________________________________________
skunkworks mailing list
skunkworks@lists.my.co.ke
------------
List info, subscribe/unsubscribe
http://orion.my.co.ke/cgi-bin/mailman/listinfo/skunkworks
------------

Skunkworks Rules
http://my.co.ke/phpbb/viewtopic.php?f=24&t=94
------------
Other services @ http://my.co.ke

.........................................................
No pressure.....No diamonds!!!