Discussion: Shaping Kenya’s Cybersecurity Ecosystem

Stay happy,
Mutheu.

On Fri, Aug 16, 2024 at 12:46 PM Adam Lane <[email protected]> wrote:

> Dear Mutheu
>
>
>
> The Common Criteria (CC) should be considered and ISO27001 & 27017 & 27018
> & 27701.
>
>
>
> Then there are some specific ones, like in the networks space, there is
> the Network Equipment Security Assurance Scheme/Security Assurance
> Specifications (NESAS/SCAS) and in the cloud space there is the CSA Cloud
> Controls Matrix (CCM).
>
>
>
> There are also others in various domains like payment card standards,
> health informatics standards etc.
>
>
>
> Regards
>
> Adam
>
>
>
>
>
> *From:* A Mutheu <[email protected]>
> *Sent:* Friday, 16 August 2024 12:43
> *To:* Kenya’s premier ICT Policy engagement platform <
> [email protected]>
> *Cc:* Adam Lane <[email protected]>
> *Subject:* Re: [kictanet] Re: Discussion: Shaping Kenya’s Cybersecurity
> Ecosystem
>
>
>
> Dear Adam,
>
> Thanks for your insights, are there any specific standards from your
> experience in the sector you think should be considered? If so, do you have
> suggestions as regards specific international standards that can be
> studied, and then localized, if deemed relevant.
>
> Stay happy,
>
> Mutheu.
>
>
>
>
>
> On Thu, Aug 15, 2024 at 12:55 PM Adam Lane via KICTANet <
> [email protected]> wrote:
>
> Hi David
>
> In my engagements with policy makers I emphasize the need for the
> government to intentionally identify relevant cybersecurity standards
> (either international, local or international ones that are localized) and
> then implement them within government and encourage the rest of the
> industry in the country to also adopt and implement. These standards are a
> good benchmark to define “secure” (though one must never accept reaching a
> standard as the end goal and not get complacent) and can be specific to
> certain areas (such as cloud, telcom networks, software etc) or be about
> certain processes and can be tested and certified against. This can grow
> the cybersecurity ecosystem (labs, certifiers, standards consultants etc)
> and support talent training and development as well.
>
>
>
> Such standards may not need to be legally required necessarily, but this
> would be a discussion worth having.
>
>
>
> Adam
>
>
>
> *From:* David Indeje via KICTANet <[email protected]>
> *Sent:* Thursday, 15 August 2024 08:38
> *To:* Adam Lane <[email protected]>
> *Cc:* David Indeje <[email protected]>
> *Subject:* [kictanet] Re: Discussion: Shaping Kenya’s Cybersecurity
> Ecosystem
>
>
>
> Dear Listers,
>
>
>
> *Day 3:*
>
>
>
> The CMCA has profound implications for businesses, individuals, and the
> digital economy in Kenya. Its effectiveness in balancing innovation with
> cybersecurity, addressing emerging technologies, and protecting individual
> rights is a subject of ongoing debate. Today, we encourage discussion on
> the challenges and opportunities presented by the CMCA and explore
> potential solutions to enhance its effectiveness in shaping a secure and
> vibrant digital future for Kenya.
>
>
>
> *Section 5: Impact on Businesses and Individuals.*
>
> 1. How has the CMCA impacted businesses in Kenya in terms of
> cybersecurity practices and investments?
> 2. Do you believe the CMCA adequately protects the rights of
> individuals in the digital space?
> 3. Have there been any unintended consequences of the CMCA on
> businesses or individuals?
> 4. How has the CMCA affected the digital economy in Kenya?
>
> *Section 6: An analysis of the effectiveness of the CMCA to embrace
> emerging technologies and the cyberthreats they pose therein.*
>
> 1. How does the CMCA balance the need for innovation with
> cybersecurity?
> 2. Does the Act create an environment conducive to technological
> advancement or are there any provisions that stifle innovation?
> 3. How well does the CMCA address emerging technologies such as
> artificial intelligence, blockchain, Internet of Things (IoT), quantum
> computing and cryptocurrency? What can be done to enhance its ability to
> address these lacunas (if any).
> 4. How can the legal framework provided by the CMCA be enhanced to
> regulate the use of emerging technologies, while protecting individual
> digital rights?
>
> *Section 7: General Questions.*
>
> 1. Are there any legal uncertainties or ambiguities in the Act that
> hinder its effectiveness?
> 2. What are the capacity-building needs of law enforcement and the
> judiciary in addressing cybercrimes related to emerging technologies?
> 3. Is the country’s cybersecurity infrastructure sufficiently robust
> to address the challenges posed by emerging technologies?
> 4. Any other relevant comment that you may wish to include as regards
> the CMCA?
>
>
>
>
>
>
>
>
> —
>
> *Kind Regards,*
>
> *David Indeje*
>
> *@**K**ICT**A**Net* <www.kictanet.or.ke/>* Communications *
> _____________________________________
>
> +254 (0) 711 385 945 | +254 (0) 734 024 856
>
> KICTANet portals
>
> Connect With Us <linktr.ee/Kictanet>
>
> ______________________________________
>
>
>
>