On May 27th, the ISACA Kenya chapter hosted a half-day online conference that attracted over 90 professionals. The conference theme resonated with the current realities of the business environment. It was facilitated by industry subject matter experts as listed below and moderated by Boniface Asiligwa, the Chairman, Education Committee and Dorine Nalo, the She-Leads Tech liaison.
ISACA Kenya is a not-for-profit association of professionals in the IT-related industry that is affiliated with ISACA (formerly the Information Systems Audit and Control Association), the global nonprofit association focused on IT governance. ISACA, as many IT pros would know, is the body behind industry certifications such as COBIT.
Here is a summary of what transpired during the half-day online conference on a speaker by speaker basis:
Topic: Effective Return Planning
Speaker: Ken Kaberia, Head of Enterprise Risk, Safaricom Plc
The speaker presented a COVID-19 return to new normalcy based on the World Health Organization (WHO) pandemic response plan.
He highlighted what business leaders should look for in the coming weeks and that in the current business situation, there are three questions business leaders are asking, that is the depth of disruption, which is impact, the length of the disruption and the shape of the recovery.
The audience were taken through steps towards recovery from resolve to resilience and reimagination to reform. The speaker warned that rapid return comes with higher risks and a new reality. Participants were taken through an effective methodology of return: the AACT Planning Model.
The AACT model focuses in adopting the business to a new world, accelerating structural shifts, crafting stage-based return plans, workforce and customers and time-transitioning given the local environment that most businesses will be considering a stage-based return.
The speaker informed the audience that remote work may have important benefits beyond resilience to COVID-19. These benefits may include improved productivity, lower cost of production, improved talent access, and high employee’s satisfaction. He advised organizations to set up COVID-19 crisis management/nerve centres because new behaviours can evolve into the new normal for organizations
Topic: The ICT Regulator’s Role in Maintaining Enterprise Resilience During Systematic Disruption
Speaker: Mercy Wanjau, Acting Director-General Communications Authority of Kenya
The Acting DG stated that the regulator is concerned about the risks and disruptions during the pandemic and it was committed to helping the licensees remain resilient and also to protect consumers during these systemic disruptions.
She said that resilience is all about being able to overcome the unexpected while sustainability is about survival and the goal of resilience is to thrive.
Digital connectivity is our new reality that is currently being critically tested with the systemic disruption caused by the current pandemic and associated risks
The ADG further stated that digital connectivity drives every aspect of the Kenyan economy: creating jobs, increasing productivity and efficiency. From interconnected health systems to enhanced detection and response to the pandemic, to all levels of education going online, e-government, working from home, e-commerce for business sustainability, amongst others. Therefore, digital connectivity is our new reality that is currently being critically tested with the systemic disruption caused by the current pandemic and associated risks.
From the time when the first COVID-19 case was reported in Kenya, a total of 16,450,346 cyber threat events had been detected
She informed the audience that the Authority established the Kenya Computer Incidence Response Team – Coordination Centre (National KE-CIRT/CC) in 2012 as Kenya’s national trusted point of contact, coordination and response to cyber threats. It, therefore, operates 24/7 in managing cybersecurity in Kenya. She revealed that ever since week one of the pandemic in March this year, most institutions had embraced the work from home program. This in effect resulted in a lot of cyber-related attacks. From the time when the first COVID-19 case was reported in Kenya, a total of 16,450,346 cyber threat events had been detected.
In order to mitigate cyber risks and disruptions, she reiterated the need for cyber awareness through all channels of communication, a collaboration between local and international partners, and enhanced internal processes such as enhancement of incident handling, forensics investigation capabilities and upgrade of detection and analysis capabilities.
Topic: Cyber Security Strategies for Enterprise Resilience During Systemic Disruption
Speaker: Adam Lane, Deputy CEO, Public Affairs Huawei Kenya
The speaker explained Huawei’s strategy on smart devices, connectivity, computing, cloud and providing products and solutions for three customer groups i.e. the hundreds of millions of consumers, global carriers, global enterprises, governments and industries.
He reiterated that an intelligent world calls for global connectivity and mutual trust that will maintain global prosperity; that Huawei is committed to providing technology for all and technology for good that prioritizes development, enhances global collaboration, promotes innovation and ensures ubiquitous connectivity, digitization and AI. However, with this technology comes unprecedented challenges like cyber security.
Participants were taken through applications of digital technology in the anti-epidemic fight showing how 5G, AI, big data, cloud computing and other tech have been deployed to prevent contagion, treat patients, and shorten the crisis. The speaker demonstrated this showing how, in Kenya, Huawei’s provision of video conference systems has helped multiple Kenyan ministries improve their co-ordination and learning from overseas. The speaker also mentioned how, through the Ministry of ICT, they shared global experiences in how ICT can fight against COVID-19 through best practices. From the talk, it was clear that healthcare will not escape the ongoing industrial digitization and the importance of connectivity for homes, businesses and education. Governments should promote the construction of digital infrastructures.
The speaker informed the audience that emerging technologies drive digital growth while bringing new challenges to cybersecurity and privacy protection and that the World Economic Forum ranks cyber attacks as the third biggest threat to mankind, behind extreme weather and natural disasters. Participants learnt about Huawei’s cybersecurity journey from making cybersecurity and privacy protection the company’s top priorities through to the strategies and end-to-end systems that Huawei uses to build trust and high quality into every ICT infrastructure product and solution that it develops. Key issues highlighted included the focus on people, processes, standards, independent verifications, and supply chain engagement.
Topic: Rethinking IT Governance in a disruptive environment – How to re‐adjust your governance framework to be resilient and adaptable
Speaker: Mark Thomas, CGEIT, CRISC Escoute, LLC
From this speaker, it came out that with the growing complexity of today’s information and technology environments, having a proper governance framework that is tailored to your unique environment is key. That a tailored governance system requires a multitude of components, including processes, organizational structures, information flows, behaviours, etc.
These need to work together in a systemic way in any governance system which will synchronize the IT, business and assurance functions. Participants were taken through the flexibility of the COBIT 2019 framework and how to develop a tailored governance system using the design factors with a real-world case Study
Participants gained on how to determine an appropriate governance system for enterprise considering the current disruptive environment that involves. An appropriate governance system involves gaining an understanding of the drivers for adopting a governance program, Assembling the right stakeholders and verifying their support, educating stakeholders on enterprise governance over I&T, gaining full agreement on the design factor analysis and Consider cultural aspects of adopting an EGIT system