Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
ICT WEEK, 17ICT WEEK, 17THTH
MAY 2016MAY 2016
Regulatory perspective in dealing with theRegulatory perspective in dealing ...
Aligning Business to ICTAligning Business to ICT
2
Nature of the InternetNature of the Internet
The Borderless Nature of the Internet
Source: GoogleSource: Google
Anonymity on the Internet drives the tendency towards abuse.
“On the Internet, nobody knows who really is on the other end...
Uses of the InternetUses of the Internet
Source: GoogleSource: Google
Source: GoogleSource: Google
Uses of the InternetUses of the Internet……
Source: GoogleSource: Google
Uses of the InternetUses of the Internet……
The Internet of Things (IoT)
Source: GoogleSource: Google
Uses of the InternetUses of the Internet……
The Internet of Things (IoT)
Source: GoogleSource: Google
Uses of the InternetUses of the Internet……
What is Cybersecurity?What is Cybersecurity?
• Cybersecurity = Information and Communications
Technology (ICT) Security.
•...
Types of Cyber CrimeTypes of Cyber Crime
• Hate messages propagated through the Internet,
computers, mobile phones, tablet...
Types of Cyber CrimeTypes of Cyber Crime......
• Distributed Denial of Service (DDoS)
Source: GoogleSource: Google
• Phishing Scams
Types of Cyber CrimeTypes of Cyber Crime......
Source: GoogleSource: Google
• Website Defacement
Types of Cyber CrimeTypes of Cyber Crime......
Source: GoogleSource: Google
• Espionage
Types of Cyber CrimeTypes of Cyber Crime......
Source: GoogleSource: Google
• Spam email
Types of Cyber CrimeTypes of Cyber Crime......
Source: GoogleSource: Google
• Malware
Types of Cyber CrimeTypes of Cyber Crime......
Source: GoogleSource: Google
• Brute force attacks
Types of Cyber CrimeTypes of Cyber Crime......
Source: GoogleSource: Google
19
38341
Total Abuses Reported
47% of Total Abuse 52.3% of Total Abuse 0.7% of Total Abuse
B
Overview of KenyaOverview of Kenya’s National Cybersecurity’s National Cybersecurity
- Legal Instruments- Legal Instruments
Kenya Information and CommunicationsKenya Information and Communications
Act of 1998 (KICA)Act of 1998 (KICA)
Section 83C ...
Kenya’s Cybersecurity Governance Structure
Establishment of the National KE-CIRT/CC
Mandate: To offer advice on Cybersecurity matters
nationally and to coordinate re...
Functions of the National KE-CIRT/CCFunctions of the National KE-CIRT/CC
Implementation of the National KE-CIRT/CCImplementation of the National KE-CIRT/CC
The Authority adopted a phased approach...
Implementation of the National KE-CIRT/CCImplementation of the National KE-CIRT/CC
• Phase 3: Involves the ability to secu...
The National KE-CIRT/CC collaborates with:
 Law enforcement agencies
 Central Bank of Kenya (CBK)
 Financial sector ind...
Overview of the National Public Key Infrastructure (NPKI)
Key: E-CSP: Electronic Certification Service Provider licensed b...
National Public Key Infrastructure (NPKI)
•The National Public Key Infrastructure (NPKI) project is
coordinated by the Min...
National Public Key Infrastructure (NPKI)
• The NPKI comprises of a Root Certification Authority (RCA)
which is managed by...
National Public Key Infrastructure (NPKI)
• The Kenya Information and Communications Act of 1998
mandates the Authority to...
Benefits of the NPKIBenefits of the NPKI
• Operates under the Kenyan law
• Ability to digitally sign electronic data and i...
Role of CA in growth of Dot KE ccTLDRole of CA in growth of Dot KE ccTLD
• The Dot KE country code Top-Level Domain (ccTLD...
Dot KE Domain Name Management FrameworkDot KE Domain Name Management Framework
Kenya has developed a national framework fo...
35
Capacity building and Awareness creation
The Authority’s National KE-CIRT/CC has facilitated:
Hosting of International...
How to report Cyber attacks to theHow to report Cyber attacks to the
National KE-CIRT/CCNational KE-CIRT/CC
•Web portal: h...
37
Incident Reporting Portal
Source: GoogleSource: Google
Upcoming SlideShare
Loading in …5
×

Regulatory perspective in dealing with Cyber crime

Regulatory perspective in dealing with Cyber crime

Related Books

Free with a 30 day trial from Scribd

See all
  • Be the first to comment

  • Be the first to like this

Regulatory perspective in dealing with Cyber crime

  1. 1. ICT WEEK, 17ICT WEEK, 17THTH MAY 2016MAY 2016 Regulatory perspective in dealing with theRegulatory perspective in dealing with the cybercrime challengescybercrime challenges Joseph NzanoJoseph Nzano Ag. Assistant Manager, Cyber Security & E-CommerceAg. Assistant Manager, Cyber Security & E-Commerce
  2. 2. Aligning Business to ICTAligning Business to ICT 2
  3. 3. Nature of the InternetNature of the Internet The Borderless Nature of the Internet Source: GoogleSource: Google
  4. 4. Anonymity on the Internet drives the tendency towards abuse. “On the Internet, nobody knows who really is on the other end” Source: GoogleSource: Google Nature of the InternetNature of the Internet……
  5. 5. Uses of the InternetUses of the Internet Source: GoogleSource: Google
  6. 6. Source: GoogleSource: Google Uses of the InternetUses of the Internet……
  7. 7. Source: GoogleSource: Google Uses of the InternetUses of the Internet……
  8. 8. The Internet of Things (IoT) Source: GoogleSource: Google Uses of the InternetUses of the Internet……
  9. 9. The Internet of Things (IoT) Source: GoogleSource: Google Uses of the InternetUses of the Internet……
  10. 10. What is Cybersecurity?What is Cybersecurity? • Cybersecurity = Information and Communications Technology (ICT) Security. • The protection of computers, programs and data (Critical Internet Infrastructure) against unauthorized access and criminal use.
  11. 11. Types of Cyber CrimeTypes of Cyber Crime • Hate messages propagated through the Internet, computers, mobile phones, tablet PCs Source: GoogleSource: Google
  12. 12. Types of Cyber CrimeTypes of Cyber Crime...... • Distributed Denial of Service (DDoS) Source: GoogleSource: Google
  13. 13. • Phishing Scams Types of Cyber CrimeTypes of Cyber Crime...... Source: GoogleSource: Google
  14. 14. • Website Defacement Types of Cyber CrimeTypes of Cyber Crime...... Source: GoogleSource: Google
  15. 15. • Espionage Types of Cyber CrimeTypes of Cyber Crime...... Source: GoogleSource: Google
  16. 16. • Spam email Types of Cyber CrimeTypes of Cyber Crime...... Source: GoogleSource: Google
  17. 17. • Malware Types of Cyber CrimeTypes of Cyber Crime...... Source: GoogleSource: Google
  18. 18. • Brute force attacks Types of Cyber CrimeTypes of Cyber Crime...... Source: GoogleSource: Google
  19. 19. 19 38341 Total Abuses Reported 47% of Total Abuse 52.3% of Total Abuse 0.7% of Total Abuse B
  20. 20. Overview of KenyaOverview of Kenya’s National Cybersecurity’s National Cybersecurity - Legal Instruments- Legal Instruments
  21. 21. Kenya Information and CommunicationsKenya Information and Communications Act of 1998 (KICA)Act of 1998 (KICA) Section 83C of KICA: E-Transactions & Cybersecurity: •To promote and facilitate the efficient management of critical Internet Resources; and •Develop a framework for facilitating the investigation and prosecution of cybercrime offences •Facilitate electronic commerce and eliminate barriers to electronic commerce •Develop regulations with respect to Cybersecurity, E- Transactions, Electronic Certification and Domain Name Administration
  22. 22. Kenya’s Cybersecurity Governance Structure
  23. 23. Establishment of the National KE-CIRT/CC Mandate: To offer advice on Cybersecurity matters nationally and to coordinate response to cyber incidents in collaboration with relevant stakeholders. The National KE-CIRT/CC is also Kenya’s national trusted cybercrime management point of contact.
  24. 24. Functions of the National KE-CIRT/CCFunctions of the National KE-CIRT/CC
  25. 25. Implementation of the National KE-CIRT/CCImplementation of the National KE-CIRT/CC The Authority adopted a phased approach in the implementation of the National KE-CIRT/CC as follows: •Phase 1: Completed in October 2012 and officially launched by H. E. the President in June 2014. Involved provision of reactive National CIRT services. The reactive services include coordination and responses to Cybersecurity incidents, capacity building and awareness creation on Cybersecurity. •Phase 2: Involves both reactive services and proactive services. The proactive services include ability to detect cyber attacks before they happen. This is achieved through collaboration.
  26. 26. Implementation of the National KE-CIRT/CCImplementation of the National KE-CIRT/CC • Phase 3: Involves the ability to secure and analyze evidence as well as conduct research and development. Implementation was finalized in January 2016 with the deployment of a Digital Forensics Centre (DFC) and undertook training for the technical and law enforcement officers from the various government agencies on digital forensic techniques. The DFC will enable the National KE- CIRT/CC conduct Cybersecurity research and development including vulnerability analysis and malware reverse engineering, among others.
  27. 27. The National KE-CIRT/CC collaborates with:  Law enforcement agencies  Central Bank of Kenya (CBK)  Financial sector industry association (KBA)  Telecommunication industry association  Academia  Public utility companies (KPLC, KPA, Nairobi Water and Sewerage Company, among others) and  Critical infrastructure service providers (SEACOM, TEAMS and EASSY), among others. 27 Collaboration in cybercrime management at the National Level
  28. 28. Overview of the National Public Key Infrastructure (NPKI) Key: E-CSP: Electronic Certification Service Provider licensed by the Communications Authority of Kenya (CA) to issue Digital Certificates (Virtual IDs).
  29. 29. National Public Key Infrastructure (NPKI) •The National Public Key Infrastructure (NPKI) project is coordinated by the Ministry of ICT in collaboration with the Communications Authority of Kenya (CA) and the ICT Authority (ICTA). •A Public Key Infrastructure (PKI) refers to a system for the creation, storage and distribution of digital certificates which are used to verify that a particular public key (online identity) belongs to a certain entity.
  30. 30. National Public Key Infrastructure (NPKI) • The NPKI comprises of a Root Certification Authority (RCA) which is managed by the Communications Authority of Kenya as a regulatory function and the Government Certification Authority (GCA), referred to as an Electronic Certification Service Provider (E-CSP) which is managed by the ICTA. • The NPKI creates a framework for protecting communications and stored information from unauthorized access and disclosure by addressing the fundamentals of cyber security - confidentiality, integrity, authentication and non- repudiation.
  31. 31. National Public Key Infrastructure (NPKI) • The Kenya Information and Communications Act of 1998 mandates the Authority to issue licences to persons operating an Electronic Certification Service. • In this regard, the Authority has developed a licensing framework for Electronic Certification Service Providers (E-CSPs).
  32. 32. Benefits of the NPKIBenefits of the NPKI • Operates under the Kenyan law • Ability to digitally sign electronic data and information to ensure integrity of the data and non-repudiation. • Ability to encrypt electronic data and information to ensure confidentiality.
  33. 33. Role of CA in growth of Dot KE ccTLDRole of CA in growth of Dot KE ccTLD • The Dot KE country code Top-Level Domain (ccTLD) is Kenya’s unique and authentic identity on the Internet. • In line with government efforts to embrace e-Transaction services, there is need to support the adoption and growth of the Dot KE ccTLD by promoting its usage as the default domain name of choice for Kenyans. This will not only ensure growth of the Dot KE name space but also: • Enhance the level of data protection given that the Dot KE name space is under Kenyan jurisdiction. • Reduce capital flight given that the annual Dot KE domain name fees remain local.
  34. 34. Dot KE Domain Name Management FrameworkDot KE Domain Name Management Framework Kenya has developed a national framework for the administration of the Dot KE country code top-level domain (ccTLD) through the following: •KICA •Regulations •Licensing Framework o Dot KE Domain Name Registry Service Provider Licence o Dot KE Sub-domain Name Registrar Service Provider Licence
  35. 35. 35 Capacity building and Awareness creation The Authority’s National KE-CIRT/CC has facilitated: Hosting of International & Regional conferences/workshops on Cybersecurity County Forums (Kikao Kikuu) Child Online Protection
  36. 36. How to report Cyber attacks to theHow to report Cyber attacks to the National KE-CIRT/CCNational KE-CIRT/CC •Web portal: http://www.ke-cirt.go.ke; •Email: incidents@ke-cirt.go.ke; •Visit the Authority’s National KE-CIRT/CC located at the CA Centre along Waiyaki Way. •Telephone hotlines: +254-703-042700; +254-730-172700 •Via a letter addressed to: The Director-General Communications Authority of Kenya (CA) CA Centre, Waiyaki Way P.O. Box 14448 NAIROBI 00800
  37. 37. 37 Incident Reporting Portal
  38. 38. Source: GoogleSource: Google

    Be the first to comment

    Login to see the comments

Regulatory perspective in dealing with Cyber crime

Views

Total views

232

On Slideshare

0

From embeds

0

Number of embeds

3

Actions

Downloads

12

Shares

0

Comments

0

Likes

0

×