In order for any information security breach to have impact, the victim of such a breach must value their data and information. Once data and information is assigned a value (economic or social or reputation or other forms) and risks are computed based on those values, then that data and/or  information becomes an asset to be protected.

I stand to be corrected but I assume that most of the data and information that our police hold is on paper (those A3 size occurrence books (OBs) written in ink). In this case an information security breach that can impact the Police today would be the loss or or un-authorized access to the warehouse or container that holds those OBs.

Defacing their website today is therefore equivalent to covering the notice board in Vigilance house with a piece of paper .. .. .. value-wise .. zero .. "a fart in the wind" .. and life moves on un-perturbed. Some would say ignorance is bliss and such ignorance may have "saved" them for now BUT such ignorance eventually renders one irrelevant.


The question we should be asking are..

1. Does Kenya Police have a sustainable IT infrastructure and knowledge to manage the massive volume of information that they handle on a daily basis ?
   
2. Does the Kenya Police have a plan to digitize the data and information they hold or will the OBs continue to be used ?
3. When will the Kenya Police begin to capture, process and disburse information in electronic format ?
   

The answers to this questions and many others are the ones that will begin to create "value" for communication tools like a website or a server. Otherwise for now they are only concerned about where Itere's re-organization plans.