This archive report was first published on 17 July 2019.
As a retired military officer and principal deputy director of Security and Safety Services at the University of Nairobi, I have witnessed firsthand the importance of information security in today's digital age.
With the rise of social media, fake news, and the internet, it's surprising that many organisations still assume their information systems are secure.
But the reality is that sensitive information is being compromised every day, whether it's through hacking, social engineering, or simply careless talk.
So, how can organisations protect themselves from these threats? The first step is to assess their systems and identify potential vulnerabilities.
This involves classifying sensitive information, identifying potential adversaries, and understanding the threats to that information.
Once an organisation has a clear understanding of its vulnerabilities, it can take steps to mitigate those threats.
These steps include implementing technical controls such as firewalls and antivirus software, as well as operational security measures like access control and auditing.
But information security is not just about technology – it's also about people.
Organisations need to educate their employees about the importance of information security and provide them with the tools and training they need to protect sensitive information.
They also need to have a clear policy in place for handling sensitive information, including procedures for reporting and responding to security incidents.
And when it comes to responding to misinformation or bad publicity, organisations need to be proactive and transparent.
They need to have a team in place to monitor social media and the press, and to provide accurate information to the public in a timely manner.
By taking these steps, organisations can protect themselves from the threats of information security and maintain the trust of their customers and stakeholders.