Kenya Cyber Security Report 2015
The reality however, not all organisations are ready to
invest millions of shillings to implement cybersecurity
controls. Most organisations we have come across are not
ready to spend millions of shillings to ensure compliance
with these global standards. Nevertheless, it is imperative
that the confidentiality, integrity and accountability of
their information assets is protected.
In order to assist such organisations, we have developed
these minimum baseline controls which when
implemented by business operating in the sub-Saharan
region will significantly reduce cyber-related security
incidences, enable IT security proactively monitor activities
on their key ICT infrastructure, provide the assurance that
business operations will resume in the appropriate time in
case of an attack or disruption etc.
The Framework
The Serianu Cybersecurity baseline controls are
intended to address only the implementation and
management of cybersecurity practices associated with
information technology and operational consideration for
organisations operating in Sub-Saharan Africa.
Serianu Cyber Security Framework
is not intended to replace other
cybersecurity-related activities,
programs, processes, or approaches
that organisations operating
in sub-Saharan African have
implemented.
These controls are designed to be flexible enough to
be used both by SME and sub-Saharan Africa based
organisations with mature cybersecurity and risk
management programs and by those with less-developed
programs. Each organisation will choose if, how, and
where it will use the Framework based on its own
operating environment. Choosing to implement the
Framework does not imply that an existing cybersecurity
and risk management approach is ineffective or needs to
be replaced. Rather, it means that the organisation wishes
to take advantage of the benefits that the Serianu Cyber
Security Framework offers. This framework is closed tied to
globally acceptable standards including COBIT, ISO 27001,
SANS 20 Controls, and NIST.
This section highlights Serianu’s 14 baseline controls.
We have also matched the top threats and risks activities
observed in the year 2015 as per the Kenya Cyber Security
report to these controls.
45