Assessing the Current Status of Information Security Policies Among Saccos in Kenya

In 2013, Communication Authority of Kenya (CAK) recorded cyber-attacks amounting to Sh5.4 million loses. In April 2016, Bandari Savings and Credit Cooperative Society lost Sh5 million through fraudulent ATM withdrawals (Nation Newspapers, April 8, 2016). These examples demonstrate weaknesses that may exist from security breaches and incidents caused by people, processes, and technology. Ministry of ICT and CAK are lacking specific Information Security Models tailored towards SACCOS in Kenya. The study therefore sought to assess the current status of information security policies among SACCOS in Kenya. The study adopted descriptive research design. The unit of observation was 135 SACCOS registered with SACCO Societies Regulatory Authority (SASRA) while the unit of analysis was 270 ICT personnel working in the 135 targeted SACCOS. The study targeted the SACCOS heads of IT department. The study used Nassiuma (2000) formula to get a sample of 85 respondents. Purposive sampling was further used in selecting study participants in every SACCOS who were considered to be knowledgeable of the variables under study. The study utilized questionnaire as the survey instrument to collect both quantitative and qualitative data. The study adopted descriptive statistics. Descriptive data was presented by use of frequency tables. The study established that in all the SACCOS studied, information security policy is used. However, there are still challenges on how information security breaches and incidents can be contained based on the results of the study and therefore calls for further research in academic research. The findings of the study indicate that SACCOS were able to validate that the enhanced information security model using an integrated approach worked as planned and reported to auditors, managers and executives that incident response programs are robust and reliable. If security controls didn’t work as planned, they will need to fix them. The actions and resources needed should be included in in the report to executives in the SACCOS sector in KenyaKeywords: SACCOS, Management controls, Information Security Policies, Risk assessmentDOI: 10.7176/EJBM/11-27-09 Publication date:September 30th 201

Security Investigation on Remote Access Methods of Virtual Private Network

Remote access is one of the prevalent business trends in today2019;s computing pervasive business environments. The ease of access to internal private networks over the internet by telecommuter devices has given birth too many security threats to the endpoint devices. The application client software and data at rest on the endpoint of remote access methods such as: Tunneling, Portal, Desktop Applications and Direct Access do not offer protection for the communication between the VPN gateway and internal resources. This paper, therefore investigate the security pitfalls of remote access for establishing virtual private network methods. To address these challenges, a remote access method to secure endpoint communication is proposed. The study adopted investigative research design by use of empirical review on the security aspect of the current state VPN Remote Access methods. This necessitates the review of the research article on the current state and related works which leads to critiques and offer proposed solution to remote access endpoint VPN. The scope of this study is limited to secure virtual private network endpoint data communication. In this paper, an investigation of these access technologies given

Dynamic TCP pacing for Delay Intolerant Cloud Communications

Paper presented at the 4th Strathmore International Mathematics Conference (SIMC 2017), 19 - 23 June 2017, Strathmore University, Nairobi, Kenya.In the recent years, many organizations have turned to cloud technology to support their information technology services. The cloud servers are therefore increasingly holding huge and sensitive information belonging to diverse groups of individuals and companies. Additionally, some organizations employ the cloud to provide them with online backup services. One of the most outstanding requirements for cloud customers is availability – the customers must be able to access their information and other resources stored in the cloud any time and from anywhere on the globe. This means that there should be efficient network design such that any delays are averted. The connection between the customer and the cloud can therefore be regarded as delay intolerant. Network congestions often lead to delays and packet losses. Transmission control protocol employs four congestion control algorithms– slow start, congestion avoidance, fast retransmit and fast recovery, all of which fail to meet the requirements of delay intolerance. Transmission control protocol pacing has been suggested as a possible solution to delays and packet dropping in computer networks. However, the current pacing is static in nature, meaning that constant pauses are introduced between packet transmissions to prevent bursty transmissions which can lead to delays at the receiver buffers. This paper therefore presents a dynamic pacing where the delay period is hinged on the prevailing network conditions. This dynamic pacing algorithm was designed and implemented in Spyder using Python programming language. It employed probe signals to gather network intelligence such as the applicable round trip times of the network. Thereafter, this network intelligence was employed to tailor the paces to these network conditions. The results obtained showed that this algorithm introduced longer paces when more packets are transmitted and shorter paces when few packets are transmitted. In so doing, this new algorithm gives enough time for large packets to be delivered and smaller paces when few packets are sent. The analysis was done in terms of bandwidth utilization efficiency, round trip times and congestion window size adjustments. The congestion window – time graphs and throughput – time graphs showed that the developed dynamic pacing algorithm adjusted quickly to network congestions hence ensuring that the network is efficiently utilized by averting delays.Jaramogi Oginga Odinga University of Science & Technology, Bondo – Kenya

Security evaluation for Instant Messaging encryption algorithms

Paper presented at the 4th Strathmore International Mathematics Conference (SIMC 2017), 19 - 23 June 2017, Strathmore University, Nairobi, Kenya.Instant messaging applications such as Whats App, Facebook Messenger, Telegram and Skype provide a convenient means of passing information among company employees. Fueled by the bring your own device (BYOD) trend, organizations are allowing employees to access crucial information. The security flaws in such tools can create fear among the users leading to their slow uptake due to the leakage of organization sensitive information and attacks such as BEARST and POODLE. The rationale of this study provides a security evaluation of the current state-of- art on instant messaging encryption algorithm. The study deployed a survey approach as the master plan to throw light on the algorithms and their cons such as; Text secure, can encrypt chat messages but can also allow users to exchange unencrypted SMS and MMS messages with people who did not have Text Secure; Double ratchet algorithm, combines public key infrastructure in its operation, hence bringing in the challenges of key management; Off-the- record messaging, an extra symmetric key is derived during authenticated key exchanges that can be used for secure communication, hence also suffers from the key management constraints of public key infrastructure; Perfect forward secrecy intended to prevent the compromise of a long-term secret key from affecting the confidentiality of past conversations. However, forward secrecy cannot defend against a successful cryptanalysis of the underlying ciphers being used, since a cryptanalysis consists of finding a way to decrypt an encrypted message without the key, and forward secrecy only protects keys, not the ciphers themselves and Transport Layer Security / Secure Socket Layer algorithms however, have been shown to be easily compromised, for example exploiting initialization Vector chaining in Cipher Block Chaining weakness using a known plaintext attack and algorithm flaws in SSL v3. These security weakness in the current instant messaging encryption algorithms necessitates the development of port-based algorithm For protecting the information both in transit and at the endpoint. In this work, a security evaluation of these encryption algorithms given