Geneva, Switzerland, 15-16 September 2014 Challenges and Successes in the Zambian ICT Security Sector Mainza Siamubayi Handongwe, Student Research Fellow,

Slides:

Advertisements

Similar presentations

Philippine Cybercrime Efforts

Advertisements

Legislation & ICT By Savannah Inkster. By Savannah Computer Laws 1.Data Protection ActData Protection Act 2.Computer Misuse ActComputer Misuse Act 3.Copyright,

STOP.THINK.CONNECT™ NATIONAL CYBERSECURITY AWARENESS CAMPAIGN SMALL BUSINESS PRESENTATION.

Forensic and Investigative Accounting Chapter 15 Cybercrime Management: Legal Issues © 2007 CCH. All Rights Reserved W. Peterson Ave. Chicago, IL.

Sri Lankan perspective in meeting the Cyber crime challenge

E-Security Background IT Infrastructure in Sikkim Current Status of Cyber Security& Cyber Crime in SIkkimCurrent Status of Cyber Security& Cyber Crime.

Eneken Tikk // EST. Importance of Legal Framework  Law takes the principle of territoriality as point of departure;  Cyber security tools and targets.

Page 1 Presented Insp. Amos Sylvester Trinidad and Tobago Police Service.

STATE OF CYBER SECURITY IN JAMAICA Hon. Julian Robinson Chairman Joint Select Committee on the Cybercrimes Act January 24, 2013.

Mumbai Cyber Lab A Joint Endeavor of Mumbai Police and NASSCOM Mumbai Cyber Lab A Joint Endeavor of Mumbai Police and NASSCOM Dr. Pradnya Saravade Dy.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

Are Large Scale Data Breaches Inevitable? Douglas E. Salane Center for Cybercrime Studies John Jay College of Criminal Justice Cyber Infrastructure Protection.

Cyberspace and the Police Mamoru TAKAHASHI Head of Computer Forensic Center, Hi-tech Crime Technology Division National Police Agency, Japan.

(Geneva, Switzerland, September 2014)

Geneva, Switzerland, September 2014 Overview of Kenya’s Cybersecurity Framework Michael K. Katundu Director, Information Technology Communications.

Computer Crimes and Abuses1 By: Saad Shwaileh. Computer Crimes and Abuses2 Outline Introduction. Computer crime and computer Abuse ? Types of Computer.

Security Issues on Campus: Government Initiatives Rodney J. Petersen University of Maryland Educause/Internet2 Security Task Force Copyright Rodney J.

Identification and Analysis of Cyber Crime (Repository of Cyber Crime and Cyber Laws) Knowledge Based System (KBS) Presentation By : Dr. Priyanka Sharma.

Creating Trust in Critical Network Infrastructures Canadian Case Study Michael Harrop.

Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.

COMPUTER CRIME AND TYPES OF CRIME Prepared by: NURUL FATIHAH BT ANAS.

Session 4.2: Creation of national ICT security infrastructure for developing countries National IP-based Networks Security Centres for Developing Countries.

IT Security Policy in Japan 23 September 2002 Office of IT Security Policy Ministry of Economy, Trade and Industry JAPAN.

What have you known about cybercrime? What do you want to know about cybercrime?

Cyber Crime & Security Raghunath M D BSNL Mobile Services,

1 Group-IB: Digital investigations and forensic Ilya Sachkov Group-IB

Cybersecurity and the Department of Justice Vincent A. Citro, Assistant United States Attorney July 9-10, 2014 Unclassified – For Public Use.

The ICT Sector in Zambia Presented by: Ministry of Communications and Transport Overview & Investment Perspective.

A Step Into The Computer Underground 1 “By Understanding The Enemy We Are Better Prepared To Defend Ourselves”

Self-Assessment and Formulation of a National Cyber security/ciip Strategy: culture of security.

The National Cyber Security Strategy and Action Plan A presentation by Ms. Antoinette Lucas-Andrews Director, International Affairs Ministry.

1 UNODC and CYBERCRIME December Cybersecurity   Constitutes the protection against all forms of cyber incidents by strengthening the safety.

Cybersecurity Governance in Ethiopia

OVERVIEW OF CYBER TERRORISM IN INDONESIA PRESENTED BY: SUPT. DRS. BOY RAFLI AMAR SPECIAL DETACHMENT 88 AT – INP ARF SEMINAR ON.

2011 East African Internet Governance Forum (EA – IGF) Rwanda Cyber briefing: Positive steps and challenges Didier Nkurikiyimfura IT Security Division.

International Telecommunication Union Geneva, 9(pm)-10 February 2009 BEST PRACTICES FOR ORGANIZING NATIONAL CYBERSECURITY EFFORTS James Ennis US Department.

AUB Department of Electrical and Computer Engineering Imad H. Elhajj American University of Beirut Electrical and Computer Engineering

The information contained in this document is confidential, for internal use only, and may not be distributed outside Ministry of Transport and Communications.

Training on “Albanian and Italian experience in investigation and prosecution of Cybercrime” General Prosecutor Office, Tirana 10 June 2014 VQA Ivano GABRIELLI.

Computer Misuse By: Alex Meadows Michael Read. How can you misuse a computer? Accessing data stored electronically Copying software without permission.

EU activities against cyber crime Radomír Janský Unit - Fight against Organised Crime Directorate-General Justice, Freedom and Security (DG JLS) European.

What are they? What do they have to with me?. Introduction  You may not know exactly what it is, but chances are you have encountered one at some point.

Information Systems Unit 3.

Shaun McGorry Executive Briefing July 30, 2009 Identity Theft.

IT Security in Nepal: Issues and challenges Rajan R. Pant ITSERT-NP.

Cybercrimes and the laws to suppress such crimes in Oman: Success and Challenges Dr. Muhammad Masum Billah College of Law, Sultan Qaboos University.

DATA PROTECTION 2003 THEORY AND PRACTICE OF HANDLING WITH THE COMPUTER CRIME IN THE REPUBLIC OF MACEDONIA Belgrad.

Geneva, Switzerland, September 2014 Session 1 – ICT infrastructure development, new security threats and counter-measures Patrick Mwesigwa, Director/Technology,

ICT Legislation  Copyright, Designs and Patents Act (1988);  Computer Misuse Act (1990);  Health and Safety at Work Act (1974);  EU Health and Safety.

Garda Bureau of Fraud Investigation Computer Crime Investigation Unit Sgt Paul Johnstone LLB MLitt An Garda Síochána Cybercrime and Cyber Risks Credit.

Regional Telecommunications Workshop on FMRANS 2015 Presentation.

Cyber Crime in China: Current Situation and Countermeasures He Xing Cyber Crime Investigation Division Ministry of Public Security, China.

M O N T E N E G R O Negotiating Team for the Accession of Montenegro to the European Union Working Group for Chapter 10 – Information society and media.

Cyber laws and white collar CRIME, a ura perspective ; is uganda ready for the challenge? BY The Commissioner tax investigations department UGANDA REVENUE.

Securing Information Systems

Dr. Maria Chr. Alvanou Criminologist-Terrorism Expert Rome 20/10/2016

National Workshop on Cyber Crimes and Cyber Laws

Seminar On Cyber Crime Submitted To: Submitted By:

Securing Information Systems

8 Building Blocks of National Cyber Strategies

AFRICAN UNION- 23RD-27TH July 2018 PRESENTER: Mr. Nawa J.T Samatebele

(Geneva, Switzerland, September 2014)

Preventing Information Technology Crimes

Computer Misuse Act 1990 GCSE ICT.

Challenges and Successes in the Zambian ICT Security Sector

UNODC and CYBERCRIME October 2009.

Introduction to Digital Forensics

SECURITY AND RISK MANAGEMENT CONSULTANT

Presentation transcript:

Geneva, Switzerland, September 2014 Challenges and Successes in the Zambian ICT Security Sector Mainza Siamubayi Handongwe, Student Research Fellow, Information and Communications University ITU Workshop on “ICT Security Standardization for Developing Countries” (Geneva, Switzerland, September 2014)

Geneva, Switzerland, September Introduction Zambia has made so much progress in the ICT sector Over the years, we have seen the following major developments; Three mobile telecommunication companies Online services (e-commerce, e- learning, etc) Web hosting Internet Service Provision

Geneva, Switzerland, September Introduction cont' This has lead to exposure to several information security risks including; Website defacement Debit card stealing and cloning Financial losses due to debit card cloning Phishing Internet bundle and mobile credit stealing Denial of Service Wireless network hacking

Geneva, Switzerland, September Introduction cont' This, in most cases, has adversely affected socio-economic activities especially where cyber security preparedness is lacking

Geneva, Switzerland, September Challenges Zambia, like many developing countries, is faced with several challenges in the ICT sector These include; Inadequate policies to curb cyber crime Inadequate qualified personnel to fight cyber crime Inadequate ICT infrastructure to prevent and investigate cyber crime Inadequate sensitization on cyber crime

Geneva, Switzerland, September Inadequate policies to curb cyber crime Zambia had no specific legislation towards address cyber crime until 2004 Computer Crime and Misuse Act number 13 of 2004 enacted following defacement of State House website in 1999 Though it criminalizes some cyber crimes, the act still does not prohibit other major cyber crimes

Geneva, Switzerland, September Inadequate policies to curb cyber crime cont' Offence LegislationPenalty Unauthorised accessLegislatedFifty thousand penalty units or 2-5yrs imprisonment or both Unauthorised modifications LegislatedFifty thousand penalty units or up to 3yrs imprisonment or both Denial of ServiceLegislatedFive thousand penalty units or up to 10 yrs imprisonment or both Unsolicited s (Spam) Not fully legislated. Crime if causes damage to computer system Unauthorised Interception LegislatedTwo thousand penalty units or up to 5yrs imprisonment or both

Geneva, Switzerland, September Inadequate policies to curb cyber crime cont' Offence LegislationPenalty PornographyChild pornography legislated, adult access to online pornography without downloading to hard drive not clearly legislated Not less than 15yrs imprisonment or fine Manufacture of hardware and software for furthering cybercrime Not legislated Computer-related FraudNot specifically legislated Computer-related Forgery Not legislated. e-CommerceNot legislated Identity TheftNot legislated

Geneva, Switzerland, September Inadequate policies to curb cyber crime cont' Act imposes lighter sentences for crimes that would require hefty ones The National ICT Policy of 2007 indicates government's commitment to promote safety in electronic frontier (Lupiya, 2009)

Geneva, Switzerland, September Inadequate policies to curb cyber crime cont' However, the policy does not give mandate to relevant government departments and private sector to combat some cyber crime

Geneva, Switzerland, September Inadequate qualified personnel to fight cyber crime 'According to an ICT industry skills survey, there were three hundred (300) people with graduate qualifications in ICTs in 2008'- S. Habeenzu Lack of ICT Staff structure (rural areas) Most network and systems administrators lack cyber security skills This could be attributed to limited number of institutions offering cyber security training

Geneva, Switzerland, September Inadequate qualified personnel to fight cyber crime cont' The cost of training and certification is also limiting This makes networks/systems that are managed by such personnel vulnerable to attacks Investigation of such incidences becomes difficult due to lack of computer forensic skills

Geneva, Switzerland, September ICT Staff Per Institution InstitutionICT Staff Cyber Security Skilled CBU401 UNZA253 NRDC21 ZCA-Monze10 ZCA-Mpika00 ICU53 Nkhrumah College20 Rusangu Univeristy40 Cooperative College20 Evelyn Hone College30

Geneva, Switzerland, September ICT staff per institution and those with cyber security skills ICT Staff Per Institution

Geneva, Switzerland, September Inadequate ICT infrastructure to prevent and investigate cyber crime Prevention and investigation of cyber crime requires specialized hardware and software These include firewalls, intrusion detection systems, forensic software etc These usually call for huge investments

Geneva, Switzerland, September Inadequate ICT infrastructure to prevent and investigate cyber crime cont' This tends to be the limiting factor for most government and private institutions

Geneva, Switzerland, September Inadequate sensitization on cyber crime The fight against cyber crime would be fruitless without involvement of ICT end users Information sharing with citizens on cyber crime and counter measures was not done in the past, hence the ‘information gap'

Geneva, Switzerland, September Inadequate sensitization on cyber crime cont' The Zambia Information Communication Technology Authority (ZICTA) is currently sensitizing citizens on online child protection However, ZICTA's efforts are not adequate considering the the huge task to be undertaken

Geneva, Switzerland, September Successes-Govt and Private Sector Establishment of the Zambia Information Communication Authority (ZICTA) to regulate ICT in Zambia Government has set up the first ever Computer Forensic Laboratory based at the Zambia Police Headquarters A number of police officers have been trained in Information Security and Computer Forensics The Zambian government has partnered with several local and international organizations (including ITU) in the fight against cyber crime

Conclusions and Recommendations  Formulate policies that will mandate relevant departments to prevent and investigate cyber crime, and prosecute perpetrators of such crimes  Invest more in systems that prevent and help investigate cyber crime  Ensure that private institutions invest in systems that guarantee security to users or clients  Train and/or recruit more personnel in cyber security  Establish Computer Incident Response Teams at all levels in govt structures and the private sector  Sensitize citizens on cyber crime and counter measures, and encourage reporting of cyber crimes Geneva, Switzerland, September

Geneva, Switzerland, September Bibliography HABEENZU S. (2010), Zambia ICT Sector Performance Review 2009/2010 LUPIYA S. (2009), Cyber Crime and the Law in Zambia