How safe is your information in the technology era? The truth is we leave our data everywhere. Government offices, mobile telephony companies, the Internet, in companies we have worked for, name it, and it’s likely that we will have left a trail of ourselves.

In answering to data security needs, the government is already developing a Cyber Security Master plan, aimed at establishing a regulatory and policy framework in information security.

The project, run through the Ministry of Information and Communications, commenced in August 2011 and will ensure the confidentiality, Integrity, availability and non-repudiation of online data.

It’s projected that once implemented the policies and regulations will instill confidence in the online transactions, which have been lagging behind in the country. It is also meant to aide security apparatus prosecute cases of online crime.

Through a USTDA grant of US$580,000, the contractor Booz Allen Hamilton is expected to have the master plan ready in the next four months.

Once ready, the master plan will be presented to the various stakeholders for review and possible implementation.


The Kenya Data Protection and Freedom of Information bills, currently undergoing internal review and stakeholder consultation will compliment the Cyber strategies once they are enacted.

The cyber strategies and solutions are supposed to keep pace with a fast-changing world, where governments are not just supposed to protect assets, but also enable them to take the full advantage of the vast opportunities that the ecosystem of cyberspace now offers.

The contractor, Booz Allen Hamilton shall perform a review of regulatory and policy issues, as related to cybersecurity for Kenya. This should include a discussion of any regulations, which are required to implement and enforce the National Cybersecurity Master Plan. This review should cover national, regional (e.g. East-African Community), and international policies and laws. After the review, the Contractor shall identify and develop any policy or legal gaps, and draft proposed regulations, policies and laws for any matters and issues, not addressed by existing regulations, policies and laws. This will provide the groundwork for developing the Cybersecurity Policy and Legal Framework.

The Contractor shall also develop the Cybersecurity Policy and Legal Framework, which shall address, at minimum, areas such as international cybersecurity cooperation, cyber crime, privacy and e-signature.  As part of the Cybersecurity Policy and Legal Framework, the Contractor shall develop and include a cybersecurity Policy, which mandates and describes the responsibilities of the government agencies’ and the private sector, to secure their critical cyber assets and protect citizens’/clients’ data.