My thoughts: It's well thought out and inherits from a variety of other global benchmarks. Save for the legal interpretation, I think it's a good start.

However, it is quite silent on emerging threats and trends such as;

- Authority to use defensive measures over and above passive protection of your digital assets- Mitigation of a threat is limited to the threat itself as harming the I.S in itself isn't allowed in this provision. (Think Cyber Warfare)

- Disclosure principles: - elicit disclosure of timely, and accurate information about risks and events that a reasonable investor would consider important to an investment decision. This isn't covered anywhere and currently such disclosures are treated with hostility as opposed to meaningful conversation.

Otherwise, a way better informed bill as opposed to the "other one"

-tyrus

On Wed, Jul 13, 2016 at 2:16 PM, Tony White via Security <security@lists.my.co.ke> wrote:
I have read through the bill, and - although I am not a lawyer - it
looks like it has been well thought out and makes sense (unlike
*another* recent bill!).

My main concern, with this (or any other) bill, is where it may be
open to abuse, intimidation, and/or corruption.  I hope those with
'legal' minds may discover the specific areas which may be open to
abuse, and where further clarification within the bill may address
those concerns.

Specifically, related to those whose work involves the provision,
and/or testing of the security of systems to guard against possible
cybercrimes.  I would like to see a section where specific exemption
is allowed where permission by a person in authority over a computer
system or telecommunications network is given to a specific person or
organisation to conduct testing of a system's security - commonly
referred to as 'penetration testing' or 'pentest'

My initial thoughts.

Tony


On 13/07/2016, Walubengo J via kictanet <kictanet@lists.kictanet.or.ke> wrote:
> Listers,
> I know we have just come from an intensive 2week review of the ICT
> Policy.But PS Itemere says there is more work need on the Cybercrime Bill
> @http://www.mygov.go.ke/?p=11234
>
>
> Plse send your views on the Cyber Crime Bill and spread the word.
> @ Mose- could u put this up on Jadili as well?@ Skunkworks - Someone forward
> to these hackers as well. I seem to have been kicked off their list at one
> point.
> walu.


--
Tony White

_______________________________________________
Security mailing list
Security@lists.my.co.ke
http://lists.my.co.ke/cgi-bin/mailman/listinfo/security