New technologies continue to be exploited by malevolent users and the phenomenon is becoming intrinsically linked to organized crime on the Internet and internal malpractices that take advantage of weaknesses within information systems. Vulnerabilities in software applications are purposely sought after in order to create malware that will enable unauthorized access and modification, thus compromising integrity, availability and confidentiality of the ICT networks and systems. Other threats to information security include breaches of personal privacy, e-mail spam, industrial espionage, piracy, computer viruses, cyber terrorism and electronic warfare. Any of these can spread worldwide in an instant through information networks. With the increasing sophistication of malware, these threats cannot be overestimated and they could have awful consequences on the critical information infrastructure of any country. The Ministry of Information and Communications Technology and National Guidance is therefore providing strategic leadership in conjunction with its agencies to address security challenges that are envisaged in this era of technological advances.
In an effort to provide an appropriate legal framework to deal with cybercrime and provide for secure electronic transactions, Government developed and enacted a suite of cyber laws which include the Computer Misuse Act 2011, the Electronic signatures Act 2011 and the Electronic Transactions Act 2011. There is also the National Information Security Strategy (NISS) 2011, the National Information Security Framework (NISF) and the Communications Sector Computer Emergency Response Team (CERT).
The increased uptake of information systems in both the Public and Private Sectors that deal with citizens’ personal information has necessitated the need for a Data Protection and Privacy law to safeguard this data. The Ministry of ICT is currently developing the Data Protection and Privacy Act.
In FY2014/15, the sector achieved the following:
- In fulfillment of the Presidential Directive on Information Security, implementation of the National Information Security Framework has commenced by piloting with three MDAs. These are; National Social Security Fund (NSSF), Special Forces Command (SFC) and NITA-U;
- The National Information Security Advisory Group (NISAG) inaugurated. This constitutes both Private and Public sector representatives to advice on information security governance, risk remediation with the aim of generating a National Information Risk register;
- Two (2) Information Security conferences; ITU Child Online Protection 2014 and Information Systems Audit and Control Association Information Security conference were undertaken with an aim of promoting information security. (ISACA) East Africa
- Provided technical support to Ministry of Defence on the following; i) ICT Governance restructuring; ii) logistics business process review / mapping iii) Integrated Resource Management Information System (IRMIS) upgrade and disaster recovery establishment.
Further information about information security management in Uganda can be accessed at www.cert.ug.