Monthly Archives: May 2017

The 6 best password managers

Thanks to the continuous barrage of high-profile computer security scares and reports of cloud-scale government snooping, more of us Internet users are wising up about the security of our information. One of the smarter moves we can make to protect ourselves is to use a password manager. It’s one of the easiest too.

A password manager is an excellent first step in securing your online identity, helping you increase the strength of the passwords that protect your online accounts because it will remember those passwords for you. A password manager will generate a unique strong password for every account and application, without requiring you to memorize or write down these random strings of characters. These strong passwords help shield against traditional password attacks such as dictionary, rainbow tables, or brute-force attacks.

To read this article in full, please click here

Security certifications (Part 2): Total product certification


Common Criteria certificate ensure that there is no gap in data protection according to the solution's security profile.

According to the National Cyber Security Alliance, 556 million personal records are stolen every year, which means that 18 people experience the theft of their sensitive information every second. These statistics paint a bleak picture for businesses and consumers, but not all hope is lost. Armed with cutting-edge cybersecurity tools, everyone can protect themselves from data theft.

In part one of this two-part series, we discussed the most important aspects when it comes to choosing a cybersecurity solution: the certifications. These third-party accreditations help guide decision-making processes, informing businesses and consumers of which cryptographic engines are powerful and which solutions actually provide data protection.

I have “nothing to hide”! Why should I care about Government surveillance?

I f you don't have anything to hide, then why would you object if the police come to your home to search and take pictures of your documents without your permission?

Unfortunately for you as a consumer, the discussion regarding data protection is often focused on corporations and what they can do to prevent hackers from accessing mission-critical communications and intellectual property. The world needs a reawakening when it comes to personal data security, because right now, this issue is not taken seriously enough, and many people just don't understand that government surveillance programs are a massive infringement on privacy.

KUENDELEA KUKUA KWA UHALIFU MTANDAO – NANI WA KULAUMIWA?

Kumeendelea kukua kwa uhalifu mtandao maeneo mengi duniani – Huku baadhi wakitafsiri hili linatokana na wana usalama mtandao kuonekana kulemewa (Kuzidiwa) na wahalifu mtandao.

Hili limepingwa katika kikao kilicho kamilika mwishoni mwa wiki iliyopita, Nchini Afrika kusini ambapo binafsi nilishiriki na kuzungumza na wenzangu kuhusiana na namna sahihi ya uchunguzi wa makosa ya kimtandao – Kubwa nililozungumzia ilikua ni kuwa rudisha wenzangu kwenye mstari kwa kuwakumbusha juu ya taratibu tulizojiwekea na zinazo takiwa kufatwa na mataifa yote duniani.

Pamoja na mambo mengine, nilikumbusha umuhimu kuhakiki hatua zote za uchunguzi zinakua katika maandishi – Zaidi, nilicho zungumza pia kinaweza kupatikana katika Habari inayoweza kusomeka “HAPA”

Kuhusiana na ukuwaji wa uhalifu mtandao kila mmoja wetu amekiri hili halisababishwi na wana usalama mtandao  kuzidiwa nguvu – Lawama imeonekana kuelekezwa kwa mataifa mbali mbali pamoja na watumiaji wa mwisho “Users”.



Lawama kwa mataifa mbali mbali – Kila uhalifu mtandao unao jitokeza leo umekua ukitabiriwa kabla na mapendekezo kutolewa na wana usalama mtandao isipokua tu kwa matukio machache sana mfamo, Tukio la ModPOS.

Mataifa kupitia vitengo vyake vya kukabiliana na uhalifu mtandao vilipaswa kufatilia maangalizo na maelekezo yanayo tolewa bahati mbaya sana mataifa mengi yamekua hayatekelezi hili. Mara zote baada yatatizo lililotabiriwa na kutolewa ufafanuzi kujitokeza ndipo vitengo husika katika mataifa vitaonekana kutahadharisha wananchi wake kitu ambacho  wana usalama mtandao tumekubaliana hatua hii ya “Fire fighting” Kuangaika na tatizo baada ya kutokea ndio hasa sababu ya kuendelea kukua kwa uhalifu mtandao.

Tukio la hivi karibuni la uhalifu mtandao aina ya Ransomware ambao kimsingi umedumu kwa muda mrefu na maangalizo yalisha tolewa umetumika kama mfano – Atahri za uhalifu huu (WanaCry) inaweza kuonekana kwenye video hapa chini.


Mapendekezo:Tumekubaliana kimsingi ya kua lazima vitengo vyetu vya kukabiliana na uhalifu mtandao katika mataifa yetu kurudishwa kwenye mstari kwa kukumbushwa kuwa wana jukumu la kutoa tahadhari ya matukio ya kihalifu mtandao kabla haya jotokeza na si vinginevyo.

Pia, Tumekubaliana kimsingi kukuza ushirikiano wa kuhabarishana taarifa za kiitelijensia, kubadilishana uwezo na mbinu dhidi ya udhibiti wa uhalifu mtandao ambao bado ni tishio kubwa maeneo mengi duniani.

Lawama kwa watumiaji wa mwisho – Mataifa kadhaa yamekua na tabia ya kutahadharisha juu ya uhalifu mtandao, kupitia machapisho na taarifa mbali mbali ila watumiaji wa mwisho wameonekana kutofatilia taarifa hizi – Mfano uliotolewa ni takwimu ndogo zikionekana kwa watu wengi kufatilia taarifa zinazotolewa zenye mlengo wa kuzungumzia chagamoto za uhalifu mtandao na maeneo mengine ya muhimu.

Mmoja wa wazungumzaji alieleza, Unapoweka taarifa mbili moja inayo husisha taarifa ya tahadhari ya jambo muhimu na nyingine kuelezea taarifa ya msanii mkubwa kupaikana na tukio lolote basi wengi wataonekana kufatilia zaidi taarifa ya msanii na kuacha taarifa yenye tahadhari juu ya usalama wao katika mtandao ambao kimsingi una hatari kubwa sana hasa kwa kipindi hiki ambapo kila kitu kimeunganishwa kimtandao.

Aidha, kumekua na mjadala ulio onekana kuwatetea watumiaji mtandao “Users” ambao ulieleza lugha ngumu inayo tumiwa na wafikisha taarifa hizi unaopelekea watumiaji kutoelewa nao unasababisha kukua kwa changamoto ya watumiaji kutozingatia wanacho ambiwa.

Mapendekezo:ELimu ya uelewa (Awareness program) imeshauriwa kutiliwa mkazo na kila taifa ila pia elimu hii lazima ifate misingi saba tuliyo jiwekea mwa 2015, ambapo tulikubaliana kimsingi  ya kua inapaswa kua ya namna nzuri na rahisi kwa kila mtumiaji kuelewa kirahisi – Kitu ambacho mataifa mengi bado yameonekana kutofanyia kazi hili.

Binafsi, Juu ya hili niliwasilisha kwenye wizara yetu (Nchini Tanzania) ya mawasiliano kupitia kikao ambacho nilizungumza na watendaji katika wizara.

PICHA: Kikao cha mapema mwaka huu ambapo nilizungumza na Watendaji Wizara ya Mawasiliano


Pia nimepata fursa ya kuwa na mazungumzo marefu na Mbwana, Ivo Vegter, ambaye ni mwandishi wa vitabu vya usalama mtandao ambavyo baadhi yake nimekua nikivisoma sana pamoja na kutoa wito kwa wawekezaji katika sekta ya usalama mtandao kuwekeza nchini – Tayari kumekua na muitikio kwenye hili.

Aidha, Nimezuru Jukwaa la Deloitte, Mahali nilipo wahi kufanyia kazi Nimefurahishwa na hatua ya Deloitte kuanzisha kitengo maalum kitakacho kabiliana na uhalifu mtandao.

Tukio la tofauti lililojiri katika vikao vilivyo isha ni kutoa fursa ka kujumuika nasi kwa vijana wa umri mdogo waliozidi 30 ili kuonyesha uwezo wao katika kusaidia kupambana na uhalifu mtandao – Hatua hii imenifurahisha zaidi kwani kuwekeza kwenye vijana wadogo wenye uwezo ni jambo ambalo hata nchini Tanzania tayari nimesha lishauri.

Itakumbukwa vijana wengi wadogo wamekua wakionekana kusababisha halifu kubwa za kimtandao zilizo gharimu Nchi kubwa duniani –  Rejea tukio la TalkTalk la Nchini uingereza lililo sababishwa na kijana wa miaka 16.

Kwa ujumla kulikua na mijadala mingi na mirefu iliyo ambatana na kuonyeshana gunduzi mpya katika sekta ya usalama mtandao huku vikao vidodgo vidogo vya pembeni baina ya wanausalama mtandao vikitumiwa kujadili maswala mbali mbali hasa katika kukuza mashirikiano na kubadilishana uzoefu na usaidizi katika maeneo mengi katika kukabiliana na uhalifu mtandao.


Kesho (Jumanne 22 – May -2017) , Nchi ya Kenya napo kutakua na mkutano wa mwaka wa usalama mtandao ambapo nimepewa Heshma kubwa ya kuongoza mkutano huo – Udhibiti – Utambuzi na utayari wa kukabiliana na uhalifu mtandao ndio maeneo makuu yanayo tegemewa kujadiliwa.


Does Data Residency Reduce Cloud Risks?

Countries are establishing data residency regulation to protect private and classified data generated from their citizen by mandating storing this information within that country (the country of origin). The theory is that the laws of the country in which the data is stored apply to that data. Large cloud providers such as Amazon, Microsoft, Salesforce are opening cloud data centers outside their home countries (Cloud Data Center Expansion Race) to satisfy these laws. The question is “Does Data Residency Reduce Cloud risks?

Security certifications (part 1): What are the differences?

 

Data security is one the most important aspects of digital business in today's IT ecosystem, as organizations continue to experience breach after breach. Unfortunately - like other technological solutions - enterprises, individuals and other entities are often confused by, uncertain of or misunderstand technobabble, system specifications and certificates. After all, the average consumers and business leaders have more things to worry about than learning all the lingo involved in the tech and cybersecurity spaces.

Government backdoor: The basics of the plan to bypass encryption


The government want the ability to conduct surveillance on encrypted communications.

No matter how much law firms invest in data loss prevention and information protection, the government wants to be able to access private, personal and corporate data whenever it wants. The Washington Post reported that for months now, federal law enforcement agencies and other government organizations have been arguing over whether tech companies should give the government access to a secret backdoor on computers, mobile devices and other systems. This would allow federal agencies and law enforcement to bypass encryption protocols, which gives those organizations insight into emails, phone calls, text messages and other communications.