On 7/5/11, ty <
tyruskam@gmail.com> wrote:
> Barrack, See inline,
>
> On Tue, Jul 5, 2011 at 8:22 PM, Barrack Otieno
> <
otieno.barrack@gmail.com>wrote:
>
>> Dear Listers,
>>
>> · With Cyber Security threats increasing at an alarming rate,
>> what strategies can we embrace as a nation to address and combat
>> the threats?
>>
>
> To start with, my biggest approach has been compliance. What do I mean? Some
> 3-4 years ago, we had a debate on Kictanet and Skunkworks as well about what
> measure companies and the Government should take to curb Cyberthreats which
> include but arent limited to Identity Theft, online and mobile money
> laundering, core infrastructure security etc etc. For starters, the biggest
> threat comes from none other than we humans. Any deployment carried out
> without a thoroughly thought out strategy will fail dismally in so many
> fronts.
> Personally I applaud the Govt for seeing the importance of having policies
> in place but my fear and worry has always been execution. The Kenya Police
> website hack is barely even the icing on the cake as to how far deep cyber
> crime can root itself. Even more sad is that in certain instances some
> corporate outfits boasting of offering Information Security awareness,
> assessments etc do a piecemeal job at it. This is akin to someone assessing
> your house and if he identifies that your door is the most vulnerable entry
> point and proceeds to recommend you to repaint your door!
>
> My opinion would be to raise awareness via such forums. Initially when
> skunkworks began, there was a very strong drive to hold talks over subjects
> such as this (I thank the mods for offering me an opportunity to present on
> one occasion). I would also encourage the Govt to see through the efforts in
> place to ensure that compliance and standards revolving around the fast
> growing world of IT are implemented and arent just white elephant projects.
>
> · What initiatives are needed to ensure there is sufficient
>> awareness and education on Cyber threats?
>>
> Lets take social networking as a case study. Most people hardly think twice
> when signing up or logging into any social network. The amount of
> information you give away is an all too familiar subject which most people
> either ignore or find too pedestrian to contemplate. Another front to think
> about it online/mobile transactions. Do you trust whoever you are providing
> your banking/credit card details? What level of compliance (ISO 27001/PCI
> DSS) are they adhering to? A third front is the latest boy in the yard,
> cloud computing. Do you feel safe relinquishing all your data to some cloud?
> Who else is accessing that cloud. Like I always say, Cyber crime is like a
> cancer, it slowly creeps and once manifested, the consequences are grave.
> Case in point, the recent Lulzsec saga and HB Gary's incident.
>
> On a technical level, I would advocate for Red Teaming (google is your
> friend) as a methodology to identify potential threats upto and including
> physical penetration etc. For those in security (CISA, CISSP, CEH etc etc
> etc), its time to stop with the mentality of "someone could break into
> this". go ahead and show your clients how horrible the world can be. If you
> are protecting against a static threat then security becomes a very easy
> task for anyone. But that's not the nature of things. We have dynamic
> threats which need continuous assessments, user training and awareness.
>
> I know the above goes against compliance. Saying you are compliant is
> equivalent to saying you have bread in your cupboard and claiming that no
> can break through into your house.
>
>
> Strictly my opinion and I welcome anyone else's
>
> -ty
>
>>
>>
>> the floor is open, feel free to continue commenting on previous threads.
>>
>> Best Regards
>> --
>> Barrack O. Otieno
>>
>>
+254721325277
>>
+254-20-2498789
>> Skype: barrack.otieno
>> _______________________________________________
>> Skunkworks mailing list
>>
Skunkworks@lists.my.co.ke
>>
http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks
>> ------------
>> Skunkworks Rules
>>
http://my.co.ke/phpbb/viewtopic.php?f=24&t=94
>> ------------
>> Other services @
http://my.co.ke
>>
>