Previous 16 / 56 Next
Normal view
51
2018

Computer Misuse and Cybercrimes

No. 5

(3) Prior to the sharing of information under
subsection (1), a party to an agreement shall review the
information and ascertain whether the information contains
personal details that may identify a specific person not
directly related to a threat that amounts to a computer and
cybercrime and remove such information.
(4) A person shall not, under this Part, share
information relating to the health status of another person
without the prior written consent of the person to whom the
information relates.
13. (1) The owner or person in control of a critical
information infrastructure shall annually submit a
compliance report on the critical information infrastructure
to the Committee in line with a critical infrastructure
framework in order to evaluate compliance.
(2) The Director, shall within a reasonable time before
an audit on a critical information infrastructure or at any
time there is an imminent threat in the nature of an attack
that amounts to a computer and cybercrime, notify the
owner or person in control of a critical information
infrastructure in writing —
(a) the date on which an audit is to be performed; and
(b) the particulars and contact details of the person
who is responsible for the overall management and
control of the audit.
(3) The Director shall monitor, evaluate and report on
the adequacy and effectiveness of any audit.
(4) The Director may request the owner or person in
control of a critical information infrastructure to provide
such additional information as may be necessary within a
specified period in order to evaluate the issues raised from
the audit.
(5) An owner or authorised person in control of a
critical information infrastructure commits an offence and
if convicted is liable to a fine not exceeding two hundred
thousand shillings or to term of imprisonment not
exceeding five years or both if the owner or authorized
person —
(a) fails to file a compliance report and fails to cooperate with an audit to be performed on a critical
information infrastructure in order to evaluate
compliance with the directives issued;

Auditing of
critical
information
infrastructures to
ensure
compliance.

Select target paragraph3

  • Uwazi is developed by uwazi

    in Kenya, Ecuador, Spain, Germany and USA.

  •  
  • ICT Policy Africa
  •  
  • Library
  • Login