The Kenya Bureau of Standards (KEBS) has approved 40 new standards to enhance information and cyber security and safeguard consumer privacy. The new standards outline various methods for securing corporate information by an individual or managers charged with the responsibility of ensuring institutional data is safe.
“Consumers are increasingly adopting digital technology, the data generated creates both an opportunity for enterprises to improve customer engagement and a responsibility to keep it safe. The new guidelines provide a robust system to fight against cyber security threats, breach of privacy and other information security measures to ensure that Confidentiality, Integrity and Authenticity (CIA) of information is maintained during the creation, usage, storage and transfer of information,” says Lt Col (Rtd.) Bernard Njiraini, Managing Director, KEBS.
The standards also set down a framework for ensuring privacy in Information and Communication Technology (ICT) systems that store and process Personally Identifiable Information (PII).
Technology threats have been placed in the top 5 societal and economic risks by likelihood and scale of impact, according to the World Economic Forum Report 2017. The public sector continues to dominate as the primary target of cyberattacks followed by the financial services. Globally, 40% of SMEs that experience data breach due to cyber security attacks are likely to close within a year.
Below is a list of the approved standards
1. KS ISO/IEC 27007:2020 Information security, cybersecurity and privacy protection — Guidelines for information security management systems auditing
2. KS ISO/IEC TS 27008:2019 Information technology — Security techniques — Guidelines for the assessment of information security controls
3. KS ISO/IEC 27009:2020 Information security, cybersecurity and privacy protection — Sector-specific application of ISO/IEC 27001 — Requirements
4. KS ISO/IEC 27050-1:2019 Information technology — Electronic discovery — Part 1: Overview and concepts
5. KS ISO/IEC 27050-3:2020 Information technology — Electronic discovery — Part 3: Code of practice for electronic discovery
6. KS ISO/IEC 27018:2019 Information technology — Security techniques — Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors
7. KS ISO/IEC 14888-3:2018 Information technology — Security techniques — Digital signatures with appendix — Part 3: Discrete logarithm-based mechanisms
8. KS ISO/IEC 24760-1:2019 IT Security and Privacy — A framework for identity management — Part 1: Terminology and concepts
9. KS ISO/IEC 30111:2019 Information technology — Security techniques — Vulnerability handling processes
10. KS ISO/IEC 9798-2:2019 IT Security techniques — Entity authentication — Part 2: Mechanisms using authenticated encryption
11. KS ISO/IEC 19772:2020 Information security — Authenticated encryption
12. KS ISO/IEC 18032:2020 Information security — Prime number generation
13. KS ISO/IEC 13888-1:2020 Information security — Non-repudiation — Part 1: General
14. KS ISO/IEC 13888-3:2020 Information security — Non-repudiation — Part 3: Mechanisms using asymmetric techniques
15. KS ISO/IEC 11770-5:2020 Information security — Key management — Part 5: Group key management
16. KS ISO/IEC 29192-2:2019 Information security — Lightweight cryptography — Part 2: Block ciphers
17. KS ISO/IEC 18013-2:2020 Personal identification — ISO-compliant driving licence — Part 2: Machine-readable technologies
18. KS ISO/IEC 29184:2020 Information technology — Online privacy notices and consent
19. KS ISO/IEC 22624:2020 Information technology — Security techniques — Privacy architecture framework
20. KS ISO/IEC 23188:2020 Information technology — Cloud computing — Edge computing landscape
21. KS ISO/IEC 23613:2020 Information technology — Cloud computing — Cloud service metering elements and billing modes
22. KS ISO/IEC 23951:2020 Information technology — Cloud computing — Guidance for using the cloud SLA metric model
23. KS ISO/IEC 19086-4:2019 Cloud computing — Service level agreement (SLA) framework — Part 4: Components of security and of protection of PII
24. KS ISO/IEC TS 19608:2018 Guidance for developing security and privacy functional requirements based on ISO/IEC 15408
25. KS ISO/IEC 19896-2:2018 Information technology — security techniques — Competence requirements for information security testers and evaluators — Part 2: Knowledge, skills and effectiveness requirements for ISO/IEC 19790 testers
26. KS ISO/IEC 19896-3:2018 Information technology — security techniques — Competence requirements for information security testers and evaluators — Part 3: Knowledge, skills and effectiveness requirements for ISO/IEC 15408 evaluators (First Edition)
27. KS ISO/IEC TS 20540:2018 Information technology — Security techniques — Testing cryptographic modules in their operational New environment
28. KS ISO/IEC 20889:2018 Privacy enhancing data de-identification terminology and classification of techniques
29. KS ISO/IEC 21878:2018 Information technology — Security techniques — Security guidelines for design and implementation of virtualized servers
30. KS ISO/IEC 27034-3:2018 Information technology — Application security — Part 3: Application security management process
31. KS ISO/IEC 27034-7:2018 Information technology — Application security — Part 7: Assurance prediction framework
32. KS ISO/IEC TS 27034-5-1:2018 Information technology — Application security — Part 5-1: Protocols and application security controls data structure, XML schemas
33. KS ISO/IEC 27050-2:2018 Information technology — Electronic discovery — Part 2: Guidance for governance and management of electronic discovery
34. KS ISO/IEC 29101:2018 Information technology — Security techniques — Privacy architecture framework
35. KS ISO/IEC 19086-2:2018 Cloud computing — Service level agreement (SLA) framework — Part 2: Metric model
36. KS ISO/IEC TR 22678:2019 Cloud computing — Guidance for policy development
37. KS ISO/IEC TR 23186:2018 Cloud computing — Framework of trust for processing of multi-sourced data
38. KS ISO/IEC 20924:2018 Internet of Things — Vocabulary
39. KS ISO/IEC 30140-3:2018 Underwater acoustic sensor network (UWASN) — Part 3: Entities, interface and Interoperability
40. KS ISO/IEC 30140-1:2018 Information technology — Underwater acoustic sensor network (UWASN)