Thank you Barrack for your response.

Its a shame that none of our universities (correction is welcome) and tertiary institutions including our police academies have Cyber Crime as a core element in the curriculum. I laughed at a statement made by the police commissioner on the Kenya Police defacement and he said that any one with information that could lead to the apprehension of the perpetrators should visit the nearest police station. So I asked myself, go and report What exactly?
There isnt a clear way to handle electronic evidence in the first place. Am willing to bet there wasnt an incidence report and threat mitigation policy to that effect as well. Do we have Govt forensic officers who can deal with such cases? 

In the same breath, Social Engineering being the oldest hack in the book, is still very well alive today. I dont know if banking staff or any other high risk personnel are trained on distinguishing legit and con artists. 

As the Govt pushes to improve what id term as physical security, I would implore them to bear in mind the unseen and uncanny ugly head of cyber terrorism. With the move to concentrate all public information to one holding tank, it begs the question what tangible measures have been put in place. And I dont think its only the Govt that should be put to question. Even private holdings, they too are notoriously known to cut corners and compromise on guarding against cyber crimes by hiding behind the blatant excuse that such threats are simply illusions and only happen in America etc etc 

-tyrus.

On Tue, Jul 5, 2011 at 10:41 PM, Barrack Otieno <otieno.barrack@gmail.com> wrote:
Thanks Ty, for the comprehensive response, you rightly mention the
fact that there are many strategies but execution is the problem, I
recently heard  an interesting speech by his excellency the president
at the military academy in Lanet where he urged the academy to equip
itself against emerging threats through enhanced curricula ,  I
assumed emerging threats  include Cybercrime, what is the role of
Universities and academic institutions in combating Cybercrime in view
of the recent collaborative efforts between KU, Egerton and our
uniformed forces?

On 7/5/11, ty <tyruskam@gmail.com> wrote:
> Barrack, See inline,
>
> On Tue, Jul 5, 2011 at 8:22 PM, Barrack Otieno
> <otieno.barrack@gmail.com>wrote:
>
>> Dear Listers,
>>
>> ·         With Cyber Security threats increasing at an alarming rate,
>> what strategies can we embrace as a nation to address and combat
>> the threats?
>>
>
> To start with, my biggest approach has been compliance. What do I mean? Some
> 3-4 years ago, we had a debate on Kictanet and Skunkworks as well about what
> measure companies and the Government should take to curb Cyberthreats which
> include but arent limited to Identity Theft, online and mobile money
> laundering, core infrastructure security etc etc. For starters, the biggest
> threat comes from none other than we humans. Any deployment carried out
> without a thoroughly thought out strategy will fail dismally in so many
> fronts.
> Personally I applaud the Govt for seeing the importance of having policies
> in place but my fear and worry has always been execution. The Kenya Police
> website hack is barely even the icing on the cake as to how far deep cyber
> crime can root itself. Even more sad is that in certain instances some
> corporate outfits boasting of offering Information Security awareness,
> assessments etc do a piecemeal job at it. This is akin to someone assessing
> your house and if he identifies that your door is the most vulnerable entry
> point and proceeds to recommend you to repaint your door!
>
> My opinion would be to raise awareness via such forums. Initially when
> skunkworks began, there was a very strong drive to hold talks over subjects
> such as this (I thank the mods for offering me an opportunity to present on
> one occasion). I would also encourage the Govt to see through the efforts in
> place to ensure that compliance and standards revolving around the fast
> growing world of IT are implemented and arent just white elephant projects.
>
> ·         What initiatives are needed to ensure there is sufficient
>> awareness and education on Cyber threats?
>>
> Lets take social networking as a case study. Most people hardly think twice
> when signing up or logging into any social network. The amount of
> information you give away is an all too familiar subject which most people
> either ignore or find too pedestrian to contemplate. Another front to think
> about it online/mobile transactions. Do you trust whoever you are providing
> your banking/credit card details? What level of compliance (ISO 27001/PCI
> DSS) are they adhering to? A third front is the latest boy in the yard,
> cloud computing. Do you feel safe relinquishing all your data to some cloud?
> Who else is accessing that cloud. Like I always say, Cyber crime is like a
> cancer, it slowly creeps and once manifested, the consequences are grave.
> Case in point, the recent Lulzsec saga and HB Gary's incident.
>
> On a technical level, I would advocate for Red Teaming (google is your
> friend) as a methodology to identify potential threats upto and including
> physical penetration etc. For those in security (CISA, CISSP, CEH etc etc
> etc), its time to stop with the mentality of "someone could break into
> this". go ahead and show your clients how horrible the world can be. If you
> are protecting against a static threat then security becomes a very easy
> task for anyone. But that's not the nature of things. We have dynamic
> threats which need continuous assessments, user training and awareness.
>
> I know the above goes against compliance. Saying you are compliant is
> equivalent to saying you have bread in your cupboard and claiming that no
> can break through into your house.
>
>
> Strictly my opinion and I welcome anyone else's
>
> -ty
>
>>
>>
>> the floor is open, feel free to continue commenting on previous threads.
>>
>> Best Regards
>> --
>> Barrack O. Otieno
>>
>> +254721325277
>> +254-20-2498789
>> Skype: barrack.otieno
>> _______________________________________________
>> Skunkworks mailing list
>> Skunkworks@lists.my.co.ke
>> http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks
>> ------------
>> Skunkworks Rules
>> http://my.co.ke/phpbb/viewtopic.php?f=24&t=94
>> ------------
>> Other services @ http://my.co.ke
>>
>

--
Sent from my mobile device

Barrack O. Otieno
Afriregister Ltd (Kenya)
www.afrire <http://www.afriregister.com>gister.bi,
www.afriregister.com<http://www.afriergister.com>
<http://www.afriregister.com>ICANN accredited registrar
+254721325277
+254-20-2498789
Skype: barrack.otieno
_______________________________________________
Skunkworks mailing list
Skunkworks@lists.my.co.ke
http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks
------------
Skunkworks Rules
http://my.co.ke/phpbb/viewtopic.php?f=24&t=94
------------
Other services @ http://my.co.ke