Digital identity theft remedial efforts case of uganda_ruyooka
-
Upload
ambrose-ruyookapmpcgeit-crisc -
Category
Technology
-
view
335 -
download
0
Transcript of Digital identity theft remedial efforts case of uganda_ruyooka
Identity Theft and Proposed Remedial Efforts: Case of Uganda
By:Ambrose Ruyooka, PMP®
Ag. Commissioner for Information Technology,Ministry of Information and Communications Technology (ICT), Uganda.
26th -27th August.2010 Uganda11
UNAFRI Launch of the African Centre for Cyber law and Crime Prevention (ACCP)
Presented at
BackgroundBackground• The way of carrying out business in the world The way of carrying out business in the world
today is changing at a very high speed with today is changing at a very high speed with new technologies taking a center stage.new technologies taking a center stage.
• Government of Uganda recognizes the role of Government of Uganda recognizes the role of ICT in fostering social economic development.ICT in fostering social economic development.
• ICT to be utilized to transform Govt of ICT to be utilized to transform Govt of Uganda(GoU) into the era of electronic Uganda(GoU) into the era of electronic Government (e-Government) to simplify Government (e-Government) to simplify procedures, bring transparency, accountability procedures, bring transparency, accountability & access to timely information.& access to timely information.
22
Digital IdentityDigital Identity
Identity refers to specifications of Identity refers to specifications of persons/entitiespersons/entities
The rights of individuals and entities to The rights of individuals and entities to control access to, and use of information control access to, and use of information about themselves which is created, about themselves which is created, presented and stored in a digital format.presented and stored in a digital format.
33
Digital IdentityDigital Identity
Forms:Forms: Email accounts IDs and PasswordsEmail accounts IDs and Passwords Online banking user IDOnline banking user ID Mobile Money PINMobile Money PIN ATM PINATM PIN
(user ID, email, login, username)(user ID, email, login, username) Social Security NumberSocial Security Number
44
Identity TheftIdentity Theft deliberate appropriation of someone deliberate appropriation of someone
else's identity (without that person's else's identity (without that person's permission) for criminal purposespermission) for criminal purposes
someone pretends to be someone elsesomeone pretends to be someone else assumes that person's identity,assumes that person's identity,
typically in order to access resources typically in order to access resources or obtain credit and other benefits in or obtain credit and other benefits in that person‘sthat person‘s
55
Identity theft: Proposed remedial Identity theft: Proposed remedial responsesresponses
66
Identity theft: Remedial effortsIdentity theft: Remedial efforts
Gov’t of Uganda has a systematic Gov’t of Uganda has a systematic agenda for developing a policy, agenda for developing a policy, legal and regulatory frameworklegal and regulatory framework
A number of initiatives being taken A number of initiatives being taken in a multipronged approachin a multipronged approach
77
Policy frameworkPolicy framework
Draft National IT PolicyDraft National IT Policy Identifies enhancing Information Security as Identifies enhancing Information Security as
one of the key Policy objectivesone of the key Policy objectives National e-Government implementation National e-Government implementation
frameworkframework Information security as a pillar to delivery of Information security as a pillar to delivery of
e-servicese-services National Information Security Strategy National Information Security Strategy
being developedbeing developed
88
Legal frameworkLegal framework
GoU is in the process of enacting GoU is in the process of enacting “Cyber laws” based on the following “Cyber laws” based on the following benchmarks; benchmarks; UNICTRAL model law on e-commerce (1996) UNICTRAL model law on e-commerce (1996) UNICTRAL model law on e-signature (2001)UNICTRAL model law on e-signature (2001) United Nations convention on the use of electronic United Nations convention on the use of electronic
communication in international contracts (2005)communication in international contracts (2005) The council of Europe's convention on cyber crimes ( The council of Europe's convention on cyber crimes (
2001)2001) EAC harmonized framework for Cyber Laws (2009)EAC harmonized framework for Cyber Laws (2009)
99
Legal frameworkLegal framework
The “Cyber Bills” currently before The “Cyber Bills” currently before Parliament include:Parliament include: Electronic Transactions BillElectronic Transactions Bill Electronic Signatures BillElectronic Signatures Bill Computer Misuse BillComputer Misuse Bill
The Computer Misuse Bill has been passed by The Computer Misuse Bill has been passed by Parliament and awaits assent by H.E The Parliament and awaits assent by H.E The PresidentPresident
1010
Legal frameworkLegal framework
Electronic Transactions BillElectronic Transactions Bill The object of the Bill is The object of the Bill is
to make provision for the use, security, facilitation to make provision for the use, security, facilitation and regulation of electronic communications and and regulation of electronic communications and transactions; transactions;
to encourage the use of e-Government service to encourage the use of e-Government service and to provide for related matters.and to provide for related matters.
1111
Legal frameworkLegal framework
Electronic Signatures BillElectronic Signatures Bill The object of the Bill :The object of the Bill :
make provision for and regulate the use of make provision for and regulate the use of electronic signatures,electronic signatures,
criminalization or unauthorized access and criminalization or unauthorized access and modification of electronic signatures,modification of electronic signatures,
determination of minimum requirements for determination of minimum requirements for functional equivalence of electronic signatures,functional equivalence of electronic signatures,
provision for admissibility and evidential weight provision for admissibility and evidential weight of electronic communications.of electronic communications.
1212
Legal frameworkLegal framework
Computer Misuse BillComputer Misuse Bill The object of the Bill isThe object of the Bill is
to make provision for the safety and security of to make provision for the safety and security of electronic transactions and information systems;electronic transactions and information systems;
to prevent unlawful access, abuse or misuse of to prevent unlawful access, abuse or misuse of information systems, including computers, andinformation systems, including computers, and
to make provision for securing the conduct of to make provision for securing the conduct of electronic transactions in a trustworthy electronic electronic transactions in a trustworthy electronic environment and to provide for other related environment and to provide for other related matters.matters.
1313
Institutional FrameworkInstitutional Framework Ministry of ICT
Coordinate all efforts for policy development Chair the Multi-stakeholder National ICT
Security Working Group Uganda Communications Commission
Regulates the Communications environment and ensures compliance
National IT Authority Uganda Sets security standards and guidelines for IT
deployment and utilization and for both Public and Private entities
Host to the proposed Computer Incident Response Team (CIRT)
1414
Identity Theft: Conclusion Identity Theft: Conclusion
1515
Awareness, Awareness, and Awareness