Escolar Documentos
Profissional Documentos
Cultura Documentos
10 February 2015
Contents
Background
4
IT Organization & Governance Structure
11
ICT Policy Organization
12
13
14
E-mail Policy
16
Internet Policy
18
ICT Policy
Introduction
Background What is an ICT Policy?
ICT Policy
Introduction
Background
The National Drought Management Authority (NDMA) is a statutory body established under
the State Corporations Act (Cap 446) of the Laws of Kenya through Legal Notice Number
171 of November 24, 2011.
NDMAs Vision
To be a world-class authority in drought management and climate change adaptation
NDMAs mission statement
To provide leadership and coordination of Kenyas management of drought risks and
adaptation to climate change.
The NDMAs strategic plan identifies six strategic objectives which will contribute towards
its goal of enhanced drought resilience and climate change adaptation. These strategic
objectives are:
To reduce drought vulnerability and enhance adaptation to climate change.
To provide drought and climate information to facilitate concerted action by relevant
stakeholders.
To protect the livelihoods of vulnerable households during drought.
To ensure coordination of action by government and other stakeholders.
To develop and apply knowledge management approaches that generate evidence for
decision-making and practice.
To strengthen institutional capacity.
ICT function must align itself to these objectives by ensuring Availability, Confidentiality &
Integrity of drought related data and information.
4
ICT Policy
Introduction
Background..Why this policy?
The IT department has developed this ICT Policy document that establishes a framework for
secure utilization of information technology (IT) resources through a suite of appropriate
policies, standards, procedures and guidelines
In developing the ICT Policy, the following have been taken into consideration:
Review of existing processes and incorporation of feedback arising from discussions with
Heads of Departments and Senior Management;
Compliance to the ISO 27001, the best practice and standard code of practice that
provides default guidelines on the types of security controls that should be implemented to
safeguard information assets; and
Implementation of the Control Objectives for Information and related Technology (COBIT),
the framework for implementing IT governance that the NDMA has adopted
For the Policies to be effective on implementation, they shall be supported and ratified by the
NDMA Board.
Purpose of the Policy:
i.Integrate Information
operations.
Security
best
practices
into
the
NDMAs
day-to-day
business
ICT Policy
Introduction
Background..Why this policy?
ICT Policy
Introduction
Background---What are your Roles?
ICT Policy
Introduction
Background..What are your Roles?
3. IT Function/ Department
Shall:
i.Establish and review information security policies guided by the IT
Steering Committee
ii.Facilitate and co-ordinate the necessary countermeasures
departments; report and evaluate changes to the policies
with
architecture,
v.Ensure that all staff are aware of ICT policies relevant to them
vi.Assess the requirements for IT equipment, both hardware and software
vii.Help in procurement
maintenance thereof
of
the
right
IT
equipment,
software
and
ICT Policy
Introduction
Background..What are your Roles?
4. Users:
Are classified into either Internal or External users.
The Internal Users of the NDMA systems (staff) are those who use ICT to support them in the
discharge of their daily duties.
External Users includes consultants, and distributors, among others, who are facilitated to
have specific access to resources over a defined, relatively shorter period of time as
compared to internal users.
All users shall:
i.Comply with all ICT policies and supporting guidance applicable to the performance of their
job functions
ii.Ensure they understand their information security responsibilities
5. Internal Audit and Risk Management Department
Shall review
i.Compliance with the organization's ICT policies
ii.The adequacy of the ICT policies
ICT Policy
10
ICT Policy
11
ICT Policy
12
ICT Policy
13
ICT Policy
14
ICT Policy
E-mail policy
4. E-mail Policy
Purpose & Scope :
E-mail access is provided to staff for the purpose of increasing overall productivity within
NDMA and therefore should be used primarily for business activities. The purpose of this
policy is to ensure that all staff use e-mail services in a proper and lawful manner.
Key Areas Covered:
Email Guidelines: That the Authority shall have standard email addresses for all employees
which will be firstname.sirname@ndma.go.ke and designation@ndma.go.ke
Prohibited use of E-mail: That it is strictly prohibited to send or forward emails containing
defamatory, offensive, racist, discriminatory on the basis of race, gender, nationality or
ethnic origin, age, marital status, sexual orientation, religion, or disability etc.
Sending E-mail: E-mail shall only be used for business purposes, using terms which are
consistent with other forms of business communication.
Receiving E-mail: Incoming e-mail shall be treated with the utmost care due to its inherent
Information Security risks. The opening of e-mail with file attachments is not permitted
unless such attachments have already been scanned for possible viruses or other malicious
code
Deleting E-mail: That data retention periods for e-mail shall be established to meet legal and
business requirements and must be adhered to by all staff
15
ICT Policy
E-mail policy
4. E-mail Policy Cont.
.
Key Areas Covered:
Email Security: The encryption of e-mail is not necessary in most situations. However,
confidential messages shall be secured using appropriate technology.
All staff can access their email accounts when outside NDMA. To safeguard NDMAs data
observe the following:
i.
ii. Make sure no one is overlooking your screen as you access the data
iii. Dont save to the public computer
Passwords are the best defense against unauthorized use of a staffs e-mail account. Staff
members shall therefore observe the password guidelines to ensure optimum security of
their passwords.
Email accounts not used for 90 days will be deactivated and possibly deleted
16
ICT Policy
Internet policy
5. Internet Policy
of the Internet Usage Policy is to protect the interests of the NDMA without
use of the Internet service that is intended for the greater benefit of staff
NDMA at large. These standards are designed to ensure that the Internet is
and responsible manner.
17
ICT Policy
Internet policy
5. Internet Policy Cont..
Antivirus Scanning- checks for viruses, worms, Trojans, etc on all incoming and
outgoing traffic.
ICT Policy
That Users are responsible for maintaining the security of their passwords.
ii. That Users are responsible for all activities performed with their account and
therefore must not allow others to perform any activity with their usernames.
Similarly, users must not perform any activity with the usernames belonging to other
users.
iii. That your username or variations of the username should not be embedded in your
password.
iv. That you shall not send a password through email or include it in a non-encrypted
stored document.
v. Do not hint at the format of your password.
vi. Do not use common acronym/words or reverse words as part of your password.
vii. Do not use names of people or places as part of your password.
viii.Do not use parts of numbers easily remembered such as phone numbers, your date
of birth.
19
ICT Policy
20
Q&A
Thank You