POLICY AND IMPLEMENTATION ISSUES FOR INFORMATION SECURITY EDUCATION IN DEVELOPING NATIONS

The increasing ubiquitous of the ICT has changed the way the society operates. When used effectively, ICT has provided people not only with access to information but also opportunities to participate in the global economy. Unfortunately, dissemination of ICT presents a wide range of social and ethical issues like online safety and security, misuse of information etc. It is important that users are equipped with appropriate knowledge and skills to operate their devices securely. Therefore, countries should address the issue of Information Security to minimize the risk and bring it to acceptable level while still exploiting the opportunities offered by ICT.

An in-depth analysis has shown that effective implementation of information security and especially education is not adhering to paper based requests from government policies and strategies. The lack of cyber laws/regulations, shortage of ICT security skills and poorly secured networks are just some of the challenges affecting policy development and implementation. There is an urgent need for action within all key stakeholders to promote and adopt a proactive approach towards responsible and safe use of ICT: providing security education environment at sufficient high level is thereby key for further improvement.

The issue of securing the cyberspace is important to all nations including developing and least developed countries because cyber insecurity has international ramifications. An attack on one vector could affect the rest of the cyberspace. The fact that criminals can commit crime anonymously with minimum effort, and minimum risk of being caught makes cybercrime the favourable tool for many criminals and also a great concern to all. North-South collaboration and support is needed in promoting cyber-security and especially maintaining the concept of solidarity in information security education. Failure to act now means that we are allowing cyber criminals to take over our networks for their use.

The current situations in cyber-security in Kenya, Rwanda and Nepal are presented and models of clever low cost implementation for awareness and educational purposes are shared. The term cyber-wellness (in regard to legislation/regulations, national curriculum, and other educational initiatives) is defined and analysed in the three countries. Furthermore, cyber-wellness is compared with advanced countries to identify the gaps. Literature analysis, questionnaire field research and workshop discussions have identified relevant gaps, but also hope: effective implementation models on strong education and solidarity will assist policy makers and other stakeholders in developing and integrating ICT security in curricula at all stages.

This paper discusses current ICT security policy implementation issues in education and how this can be improved by sharing knowledge and successful implementation models.

The research and development is made in the frame of the “Information Security Education and Solidarity Initiative” (ISES), a project sponsored by UNESCO Participation Programme submitted through Technical Committee No. 3 “Education” of the International Federation on Information Processing (IFIP).