Presentation is loading. Please wait.

Presentation is loading. Please wait.

PRESENTATION DURING NEW STAFF INDUCTION ON THE INFORMATION TECHNOLOGY (IT) DEPARTMENT BY: MICHAEL K. KATUNDU, Director, Information Technology (IT)

Published byJuliana Rogers Modified over 8 years ago

Similar presentations

Presentation on theme: "PRESENTATION DURING NEW STAFF INDUCTION ON THE INFORMATION TECHNOLOGY (IT) DEPARTMENT BY: MICHAEL K. KATUNDU, Director, Information Technology (IT)"— Presentation transcript:

1 PRESENTATION DURING NEW STAFF INDUCTION ON THE INFORMATION TECHNOLOGY (IT) DEPARTMENT BY: MICHAEL K. KATUNDU, Director, Information Technology (IT)

2 Mandate of the IT Department 1. Align Information Technology (IT) systems to the Authority’s Strategy 2. Facilitate the development of the Electronic Commerce (E-Commerce) framework in Kenya 3. Conduct technical Research and Development (R&D) on new and emerging technologies and trends

3 ALIGN INFORMATION TECHNOLOGY (IT) SYSTEMS TO THE AUTHORITY’S STRATEGY

4 Align the Information Technology (IT) systems to the Authority’s Strategy Automation of the Authority’s systems and processes Management of the Authority’s IT systems Awareness creation and capacity building on IT issues (Internal and Regulatory) Advise on IT issues (Internal and Regulatory)

5 FACILITATE THE DEVELOPMENT OF THE ELECTRONIC COMMERCE FACILITATE THE DEVELOPMENT OF THE ELECTRONIC COMMERCE (E-COMMERCE) FRAMEWORK IN KENYA

6 Overview of Kenya’s National Cybersecurity Framework VISION 2030 ICT Sector Policy Kenya Information & Communications Act of 1998 National Cybersecurity Strategy National Computer Incident Response Team/Co-ordination Centre (National KE-CIRT/CC) National Public Key Infrastructure (NPKI)

7 Facilitate the development of the Electronic Commerce (E- Commerce) framework in Kenya 2.1.Coordination of the implementation of the national Cybersecurity framework 2.2.Coordination of the implementation of a framework for the administration and management of the dot KE country code Top Level Domain (ccTLD)

8 Coordination of the implementation of the national Cybersecurity framework i.What is Cybersecurity: Cybersecurity is also referred to as Information Technology (IT) security; It’s the protection of computers, networks, programs and data from unintended or unauthorized access, change or destruction.

9 Coordination of the implementation of the national Cybersecurity framework Coordination of the implementation of the national Cybersecurity framework (Cont’d) ii. Types of Cybersecurity incidents Hate messages propagated through the Internet/Computer; Distributed Denial of Service (DDOS); Phishing; Website Defacement; Espionage

10 The National Computer Incident Response Team - Coordination Centre (National KE-CIRT/CC) “Enhancing Internet Security in Kenya”

11 Implementation of the national Cybersecurity framework Implementation of the national Cybersecurity framework (Cont’d) The National Computer Incident Response Team-Coordination Centre (National KE-CIRT/CC) The Authority implemented the National KE-CIRT/CC in Oct. 2012 with the technical support of the ITU The Authority is currently liaising with the ITU to upgrade the services of the National KE-CIRT/CC The functions of the National KE-CIRT/CC are to: a)Coordinate technical response to cybersecurity incidents in Kenya in collaboration with the national, regional and international cybersecurity actors;

12 Implementation of the national Cybersecurity framework Implementation of the national Cybersecurity framework (Cont’d) The National Computer Incident Response Team-Coordination Centre (National KE-CIRT/CC) The Authority implemented the National KE-CIRT/CC in Oct. 2012 with the technical support of the ITU The Authority is currently liaising with the ITU to upgrade the services of the National KE-CIRT/CC The functions of the National KE-CIRT/CC are to: a)coordinate technical response to cybersecurity incidents in Kenya in collaboration with the national, regional and international cybersecurity actors;

13 The functions of the National KE-IRT/CC (Cont’d): b) To create awareness and build capacity on Cybersecurity in Kenya

14 Functions of the National KE-CIRT/CC: (c) Put in place Network Early Warning Systems (NEWS) in order to identify possible cybersecurity incidents in advance. (d) Collect, compile and disseminate national statistics on cybersecurity incidents.

15 The National KE-CIRT/CC operates as follows: i.Users report cybersecurity incidents to the National KE-CIRT/CC (via the website, email, telephone, a letter or by visiting) ii.The National KE-CIRT/CC conducts technical analysis iii.Respond to the cybersecurity incidents iv.Escalation of the cybersecurity incidents of criminal nature to the law enforcement (for investigation and possible prosecution) v.Providing Network Early Warning information (advisories) to stakeholders

16 National KE- CIRT/CC Implement National Cybersecurity Policies, Laws & Regulations Cybersecurity Awareness & Capacity Building at the National Level Technical Co-ordination & Response to Cybersecurity Incidents Early Warning & Technical Advisories Collect, collate and disseminate national statistics on cybersecurity incidents Development & Implementation of a National Public Key Infrastructure (NPKI) Research & Development (R&D) on Cybersecurity Establish Collaboration (National, Regional & International) on Cybersecurity Summary of the Functions of the National KE-CIRT/CC

17 National KE-CIRT/CC National Police Service (NPS) National Intelligence Service (NIS) Kenya Defence Forces (KDF) Directorate of Public Prosecutions (DPP) Mobile Telecom Operators & ISPs Financial Institutions Academia National, Regional & International CIRTs National KE-CIRT/CC Collaboration (Stakeholders)

18 The National Public Key Infrastructure (NPKI) “Enhancing Internet Security in Kenya”

19 The National PKI Anonymity on the Internet drives the tendency towards abuse. “On the Internet, nobody knows who really is on the other end”

20 The ICT Sector Policy of 2006 and the Kenya Information and Communications Act of 1998 mandate the Communications Authority of Kenya (CA) to license entities to provide Electronic Certification Service Provider (E-CSP) services. E-CSP entities issue digital certificates (virtual identities) to Internet users to enable them carry out safe and secure electronic transactions. The National PKI

21 The Ministry of ICT in collaboration with the Communications Authority of Kenya (CA) and the ICT Authority (ICTA) have implemented the National Public Key Infrastructure (NPKI). The National PKI

22 The NPKI comprises of two parts: The Root Certification Authority (RCA) A function of the Communications Authority of Kenya (CA) and is used as a regulatory tool in the licensing of Electronic Certification Service Providers (E-CSPs). The RCA accredits (endorses) the E- CSPs so that the digital certificates they issue are recognized by the law at the national level The Government-owned E-CSP ICT Authority (ICTA) will be licensed to operate the government- owned E-CSP to issue digital certificates (virtual identities) to Internet users using government services. This will be the first E- CSP licensee for the Communications Authority of Kenya (CA). The National PKI

23 REAL WORLDCYBERSPACE National Identity (ID) Card bearing an individual’s photo and finger print is used for identification. An Digital Certificate (virtual identity) bearing an individual’s public key is used for identification. A re-usable hand signature or signature-seal is used for authentication. A digital signature (virtual signature), using an asymmetric encryption method, is used for authentication. The signature is unique for each e-transaction. For example, if a document is changed, the digital signature also changes. The National PKI

24 Root Certification Authority (RCA) Technical Standards Development Awareness Creation & Capacity Building Licensing & Accreditation of E-CSPs Government-owned E-CSP Issue Digital Certificates Private-owned E-CSPs Issue Digital Certificates International Co-operation The National Public Key Infrastructure (NPKI) Key: E-CSP: Electronic Certification Service Provider licensed by the Communications Authority of Kenya (CA) to issue Digital Certificates (Internet IDs).

25 25 User Environment For Electronic Signatures Legal and Policy Issue Technical Specifications Accredit Certificate Authorities International Cooperation Root Certification Authority (RCA) Issue and manage E- CSP certificate; Audit E-CSP Develop and standardize Research and development Public awareness and Capacity Building Support for mutual recognition The National PKI

26 26 Auditing Unit Registration Authorities Directory Services Subscribers Government- owned E-CSP Generate & issue certificates Storage and management of Certificate revocation lists Act as agents of Certificate Authorities Logs, History and Integrity Checks The National PKI

27 Benefits of a NPKI Ability to digitally sign electronic data and information to ensure integrity of the data and non-repudiation Ability to encrypt electronic data and information to ensure confidentiality.

28 Implementation of a framework for the management of the dot KE country code Top Level Domain (ccTLD) i.What is a Domain Name System (DNS)? A system that maps IP addresses to EASY-TO-REMEMBER Domain Names (CA.GO.KE). Include ccTLDs (country identity) and gTLDs (generic). ii. What is a ccTLD? country code Top-Level Domain, and acts as an Internet Identity for a country or territory. Examples are: dot KE (Kenya), dot TZ (Tanzania), dot UK (United Kingdom), dot US (USA). iii.Licensing framework for dot KE ccTLD Kenya Network Information Centre (KENIC) started in 2002 under facilitation by CA The Law (KICA) requires that dot KE Registry and Registrars are licensed The Licensing framework is awaiting final approval by the Board

29 CONDUCT TECHNICAL RESEARCH AND DEVELOPMENT (R&D) ON NEW AND EMERGING TECHNOLOGIES AND TRENDS

30 Conduct technical Research and Development (R&D) on new and emerging technologies and trends Development of White papers on new and emerging technologies Research and Development (R&D) in Cybersecurity trends

31 Structure of the IT Department Director Information Technology (IT) Assistant Director Information Systems (IS) Manager Systems Development & Administration (SDA) Assistant Director E-Commerce (EC) Manager Technical Research & Development (TRD) Manager E-Security (ES)

32

Download ppt "PRESENTATION DURING NEW STAFF INDUCTION ON THE INFORMATION TECHNOLOGY (IT) DEPARTMENT BY: MICHAEL K. KATUNDU, Director, Information Technology (IT)"

Similar presentations

ICANN Plan for Enhancing Internet Security, Stability and Resiliency.

ICANN Plan for Enhancing Internet Security, Stability and Resiliency.
© Copyright 1998-2001 International Telecommunication Union (ITU). All Rights Reserved page - 1 Alexander NTOKO Project Manager, ITU Electronic Commerce.

© Copyright International Telecommunication Union (ITU). All Rights Reserved page - 1 Alexander NTOKO Project Manager, ITU Electronic Commerce.
1 ASEAN Regional Forum Meeting 28 – 30 April 2010 Bandar Seri Begawan, Brunei CERT-Ins Initiative on International Information Security Dr A S Kamble Director.

1 ASEAN Regional Forum Meeting 28 – 30 April 2010 Bandar Seri Begawan, Brunei CERT-Ins Initiative on International Information Security Dr A S Kamble Director.
Steps towards E-Government in Syria

Steps towards E-Government in Syria
© 1998-2003 ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 1 Building Confidence in E-government Services ITU-T Workshop on.

© ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 1 Building Confidence in E-government Services ITU-T Workshop on.
© 1998-2003 ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 1 Seminar on Standardization and ICT Development for the Information.

© ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 1 Seminar on Standardization and ICT Development for the Information.
Launching Egyptian Root CA and Inaugurating E-Signature Dr. Sherif Hazem Nour El-Din Information Security Systems Consultant Root CA Manager, ITIDA.

Launching Egyptian Root CA and Inaugurating E-Signature Dr. Sherif Hazem Nour El-Din Information Security Systems Consultant Root CA Manager, ITIDA.
Supporting National e-Health Roadmaps WHO-ITU-WB joint effort WSIS C7 e-Health Facilitation Meeting 13 th May 2010 Hani Eskandar ICT Applications, ITU.

Supporting National e-Health Roadmaps WHO-ITU-WB joint effort WSIS C7 e-Health Facilitation Meeting 13 th May 2010 Hani Eskandar ICT Applications, ITU.
Tanzania Communications Regulatory Authority - TCRA Response to Cyber incidences in Tanzania: Where are we? Presented at Cyber Security Mini Conference.

Tanzania Communications Regulatory Authority - TCRA Response to Cyber incidences in Tanzania: Where are we? Presented at Cyber Security Mini Conference.
© 1998-2004 ITU Telecommunication Development Bureau (BDT) – E-Strategies Unit.. Page - 1 Building Trust and Security for E-government Dubai, United Arab.

© ITU Telecommunication Development Bureau (BDT) – E-Strategies Unit.. Page - 1 Building Trust and Security for E-government Dubai, United Arab.
1st Expert Group Meeting (EGM) on Electronic Trade-ECO Cooperation on Trade Facilitation 23-25 May 2012, Kish Island, I.R.IRAN.

1st Expert Group Meeting (EGM) on Electronic Trade-ECO Cooperation on Trade Facilitation May 2012, Kish Island, I.R.IRAN.
Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.

Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.
ESign-Online Digital Signature Service February 2015 Controller of Certifying Authorities Department of Electronics and Information Technology Ministry.

ESign-Online Digital Signature Service February 2015 Controller of Certifying Authorities Department of Electronics and Information Technology Ministry.
Respecting Privacy in Global Networks/ Guernsey, Wednesday 11 th April,2007 1 Paula Ortiz López Spanish Data Protection Agency.

Respecting Privacy in Global Networks/ Guernsey, Wednesday 11 th April, Paula Ortiz López Spanish Data Protection Agency.
Legal Issues on PKI & qualified electronic certificates. THIBAULT VERBIEST Attorney-at-law at the Brussels and Paris Bar Professor at the Universities.

Legal Issues on PKI & qualified electronic certificates. THIBAULT VERBIEST Attorney-at-law at the Brussels and Paris Bar Professor at the Universities.
6/1/20151 Digital Signature and Public Key Infrastructure Course:COSC513-01 Instructor:Professor Anvari Student ID:106845 Name:Xin Wen Date:11/25/00.

6/1/20151 Digital Signature and Public Key Infrastructure Course:COSC Instructor:Professor Anvari Student ID: Name:Xin Wen Date:11/25/00.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.

Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.
Security Controls – What Works

Security Controls – What Works
Figure 1: SDR / MExE Download Framework SDR Framework Network Server Gateway MExE Download + Verification Using MExE Repository (Java sandbox) MExE Applet.

Figure 1: SDR / MExE Download Framework SDR Framework Network Server Gateway MExE Download + Verification Using MExE Repository (Java sandbox) MExE Applet.

Similar presentations

Ads by Google