ICTA is a State Corporation under the Ministry of Information Communication and Technology which enforces ICT standards in Government and enhance the supervision of its electronic communication under the national message, “One Government, One Voice”. ICTA has a specific mandate to promote ICT literacy and capacity.
The ICT sector is linked to economic growth, with specific contributions to competitiveness, poverty reduction and productivity. Information security (InfoSec) is the practice of defending information from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction.
Organizations through technology collect, process, store and transmit a lot of data, some of which is confidential information about employees, customers, products, research and financial status. This information must be protected , otherwise governments, public and private institutions risk suffering widespread and irreparable financial & reputational damage.
County governments, Ministries, Departments and Agencies (MDAs) need to be equipped with skills and resources to address the issue of information security. In particular the Division of Performance Contracting at the Ministry of Devolution and Planning while providing the performance contracting guidelines requires that
“allMDAsare also required to put in place an Information Security Management System (ISMS) that ensures that access to information is appropriately authorized, safeguard the accuracy and completeness of information and processing methods and ensure that authorized users have access to information when they require it.”
The University of Nairobi, through C4DLab, supported by the ICT Authority (ICTA), is offering leadership in improving the capacity of Kenyans in the area of Information Security.
This training will prove that the attendee has a good knowledge and understanding of the wide range of subject areas that make up information security and its management. Aspects in the training will include technical risks and corresponding management controls, risk and its management, security standards, people and physical security as well as business continuity.
Upon successful completion of the course, attendees should expect to gain knowledge and understanding in the following areas:
- Knowledge of the concepts relating to information security and its management (confidentiality, integrity, availability, vulnerability, threats, risks, countermeasures, etc)
- Appreciation of the current national policy and legal structure that impact upon information security management;
- Awareness of developments of the national and international standards, frameworks and organizations which facilitate the management of information security;
- Understanding of the current business and common technical environments in which information security management has to operate;
- A deep understanding of the relevant technical aspects of information security such as attacks, intrusion detection, mobile money security and Hacking USB devices
- Knowledge of the categorization, operation and effectiveness of controls of different types and characteristics (examples will include computer forensics investigations
IT Professionals in government and private sector interested in learning more about Information Security. The following job titles fit very well in this course:
- Information security professionals
- IT Security Managers
- Cloud Security Professionals
- IT Architects and Administrators
- Risk Assessment Professionals
- Database and Web Developers
- Security Auditors and Compliance Managers
- Network and System Administrator
- Government & Intelligence Agencies interested in real world IT attack and defense
- Technology Risk Assessment Professionals
- Digital Forensics Investigators
- Individuals involved in implementation, testing, security hardening of mobile devices
Prof. Timothy Waema, Program Leader
Prof. Timothy Mwololo Waema is a Professor of Information Systems in the School of Computing and Informatics in the University of Nairobi, Kenya. He has extensive ICT4D research and consultancy experience in many aspects of ICTs and development spanning over more than 25 years. He holds a PhD in Strategic Management of Information Systems from University of Cambridge (UK) and a Honours Degree in Electrical and Electronic Engineering from University of Bath (UK). Prof. Waema has published widely in journals, conference proceedings and in books in information systems and ICTs for development. He has edited two books, one on electronic governance and the another on ICTs and poverty. He sits on editorial boards of several peer reviewed journals and is a Professional Member of the Association for Computing Machinery (ACM).
Dr. Tonny Omwansa, Program Supervisor/Trainer
Dr. Omwansa holds a PhD in Information Systems and lecturers at the School of Computing & Informatics, University of Nairobi. He is author of “Money, Real Quick: Kenya’s disruptive mobile money innovation”.
He has conducted extensive research and consulted widely in information systems and published numerous reports and academic papers in the areas of innovative technologies, adoption and impact of technology, use of airtime transfers, mobile banking, virtual currencies among others. He is a recipient of the prestigious Bellagio Fellowship from the Rockefeller Foundation where he worked on the book on mobile money.
He is currently a consultant on financial inclusion at MIT, coordinating a Pan-African innovation program. He is the current coordinator of the C4DLab, the University of Nairobi’s innovation and incubation lab. He is member of ACM, ISACA and IEEE. He is the current Vice Chair of the IEEE – Kenya Chapter.
Dr. Chris Chepken, Trainer
Christopher is an IT career professional, a lecturer and a researcher at the School of Computing and Informatics, University of Nairobi, with over 10 years of experience in Software development and ICT Training in Kenya and South Africa. He holds a PhD in Computer Science from the University of Cape Town, South Africa. He also has a Master of Science (Applied Computer Science), where he worked on a project to find out how mobile text (SMS) can be encrypted and a Bachelor of Science (Computer Science), both from the University of Nairobi.
Christopher has worked on a number of projects which include an ongoing one on Mobile Phone-Based Personal Health Record System for Resource Constrained Environment. The objective of this project is to contextualize Personal Health Records in the developing world. The key contribution for Christopher was implementing encryption algorithms and the general security design of the medical records.
He has published a number of papers both in peer reviewed journals and international conferences. Currently, Christopher the Coordinator for the School of Computing and Informatics MSc. programmes and the Silensec academy based at the School of Computing and Informatics.
Mr.Evans Kahuthu, Trainer
Evans Kahuthu is an Information Security Specialist with over 10 years’ experience in the IT industry. He works as an Independent Contractor with the ICT Authority in the area of Information Security.
In this capacity, he has spearheaded the development of the National Cyber Security Master Plan and Strategy and the establishment of the National Public Key Infrastructure. From 2001 until June 2009, he worked as the Web and Application Development coordinator at the California State University, San Bernardino where he was in charge of over 150 websites and database applications. Security and accessibility of these applications was his core job function. In addition, Kahuthu was a member of the IT team that was tasked with Security Awareness and Training at the California State University. This team was the author of the Web Security Policies for the California State University. Between September 2006 and December 2008, he was a part time Lecturer at the California State University, San Bernardino College of Business and Public Administration where he taught database security and e-commerce.
Kahuthu is a Certified Information System Security Professional (CISSP) and a member of International Information Systems Security Certification Consortium (ISC) 2, and the Open Web Application Security Project (OWASP).
Topics to be Covered
|Fundamentals of Information Security and its managements||
|National agenda on Information Security||
|Internal Best Practices on Information Security||
|Threats and Attacks||
|Preventing and Detecting Attacks||
|Hackers techniques and control||
|Computer Forensic and Incident handling||
The training will be offered in form of lecturers, tutorial and exercises. The classes will address both theoretical essentials and hands-on aspects as well as real-life attack scenarios. There will be significant emphasis on student’s individualized involvement.
The training is offered in three different options as described below.
|Option||Time Frame||Benefits||Cost per person|
||To be discussed with client|
Courses in 2016
|Full time||8th – 10th||28th -30th November 2016|
For inquiries, please contact:
Phone: +254 723 030 134
Email : firstname.lastname@example.org