e-City as an e-Government Approach Security Issue.pdfe-City as an e-Government Approach: ... 10 key...
Transcript of e-City as an e-Government Approach Security Issue.pdfe-City as an e-Government Approach: ... 10 key...
![Page 1: e-City as an e-Government Approach Security Issue.pdfe-City as an e-Government Approach: ... 10 key steps to securing e-City ... Microsoft PowerPoint - e-goverment Security Issue.ppt](https://reader031.fdocuments.net/reader031/viewer/2022011802/5b4aacf97f8b9a691e8c53a0/html5/thumbnails/1.jpg)
ee--City as an eCity as an e--Government Approach:Government Approach:
IT Service and Information Security Management SystemsIT Service and Information Security Management SystemsBased on Based on BS7799 and BS15000BS7799 and BS15000
Houman Sadeghi KajiSpread Spectrum Communication System PhD. ,Spread Spectrum Communication System PhD. ,Cisco Certified Network Professional Security SpecialistCisco Certified Network Professional Security SpecialistBS7799 LABS7799 [email protected]@houmankaji.net
![Page 2: e-City as an e-Government Approach Security Issue.pdfe-City as an e-Government Approach: ... 10 key steps to securing e-City ... Microsoft PowerPoint - e-goverment Security Issue.ppt](https://reader031.fdocuments.net/reader031/viewer/2022011802/5b4aacf97f8b9a691e8c53a0/html5/thumbnails/2.jpg)
Topics:Topics:
ee--GovernmentGovernment and and ee--CityCityKey Challenges in the Transformation to Key Challenges in the Transformation to ee--CityCity as an as an ee--GovernmentGovernmentBS7799 BS7799 –– Information Security Management Information Security Management SystemSystem
![Page 3: e-City as an e-Government Approach Security Issue.pdfe-City as an e-Government Approach: ... 10 key steps to securing e-City ... Microsoft PowerPoint - e-goverment Security Issue.ppt](https://reader031.fdocuments.net/reader031/viewer/2022011802/5b4aacf97f8b9a691e8c53a0/html5/thumbnails/3.jpg)
ee--Government and eGovernment and e--City:City:Terms and DefinitionTerms and Definition
![Page 4: e-City as an e-Government Approach Security Issue.pdfe-City as an e-Government Approach: ... 10 key steps to securing e-City ... Microsoft PowerPoint - e-goverment Security Issue.ppt](https://reader031.fdocuments.net/reader031/viewer/2022011802/5b4aacf97f8b9a691e8c53a0/html5/thumbnails/4.jpg)
What is What is ee--Government?Government?
The application of ICT in interactions betweenGovernment and Citizens Government and BusinessesGovernment and EmployeesGovernment and Government
to simplify and improve democratic, government and business aspects of Governance.
Publish Interact Transact Integrate Transform
Information availableonline
Two-waycommunication
Transaction handledonline
Process,system and organisationalintegration
Entirely new services delivered cross-agency through a centralisedenterprise portal
![Page 5: e-City as an e-Government Approach Security Issue.pdfe-City as an e-Government Approach: ... 10 key steps to securing e-City ... Microsoft PowerPoint - e-goverment Security Issue.ppt](https://reader031.fdocuments.net/reader031/viewer/2022011802/5b4aacf97f8b9a691e8c53a0/html5/thumbnails/5.jpg)
A Revolution in Rising ExpectationsA Revolution in Rising Expectations
Citizens want the ease and convenience of 24x7 access and one-stop servicesBusinesses want same level of service as in the private sectorGovernments recognize the opportunity to– Provide new means of access to government
services– Introduce self-service models– Deliver personalized government services, tailored to
the needs of stakeholder groups
![Page 6: e-City as an e-Government Approach Security Issue.pdfe-City as an e-Government Approach: ... 10 key steps to securing e-City ... Microsoft PowerPoint - e-goverment Security Issue.ppt](https://reader031.fdocuments.net/reader031/viewer/2022011802/5b4aacf97f8b9a691e8c53a0/html5/thumbnails/6.jpg)
CustomerCustomer--facing Government facing Government Touches All StakeholdersTouches All Stakeholders
TraditionalBack-office
Users
Customer-facing
Government
Businesses
Citizens
OtherGovernments
Suppliers
GovernmentEmployees
![Page 7: e-City as an e-Government Approach Security Issue.pdfe-City as an e-Government Approach: ... 10 key steps to securing e-City ... Microsoft PowerPoint - e-goverment Security Issue.ppt](https://reader031.fdocuments.net/reader031/viewer/2022011802/5b4aacf97f8b9a691e8c53a0/html5/thumbnails/7.jpg)
Characteristics of Successful Characteristics of Successful ee--GovernmetnGovernmetn
Customer Access — Offer personalized access to services, 7x24High Value Transactions — Use technology to increase the efficiency and effectiveness of transactions with citizens, suppliers, and other stakeholdersCustomer Relationships — Implement solutions that enable governments to effectively manage relationshipswith their constituenciesEnd-to-End Intelligence — Implement solutions that deliver end-to-end intelligence through enterprise-wide integration
![Page 8: e-City as an e-Government Approach Security Issue.pdfe-City as an e-Government Approach: ... 10 key steps to securing e-City ... Microsoft PowerPoint - e-goverment Security Issue.ppt](https://reader031.fdocuments.net/reader031/viewer/2022011802/5b4aacf97f8b9a691e8c53a0/html5/thumbnails/8.jpg)
Characteristics of Successful Characteristics of Successful ee--GovernmentGovernment
Value chain…understand complete business processes, and automate the workflow and linkages across multiple role performers, to add value at each stepSingle Face of government…present a uniform and standardized user interface, and link related Governemtn functions in a manner optimized for customer convenienceSelf Service…empower the customers to do certain work themselves, improving accuracy and freeing up government resources
![Page 9: e-City as an e-Government Approach Security Issue.pdfe-City as an e-Government Approach: ... 10 key steps to securing e-City ... Microsoft PowerPoint - e-goverment Security Issue.ppt](https://reader031.fdocuments.net/reader031/viewer/2022011802/5b4aacf97f8b9a691e8c53a0/html5/thumbnails/9.jpg)
VisionVision
All residence of city regardless of his/her level of education should be able to use electronic services of City Municipality (CM) from any
where and any time using the technologies that suites him/her.
Muscat,OMAN
![Page 10: e-City as an e-Government Approach Security Issue.pdfe-City as an e-Government Approach: ... 10 key steps to securing e-City ... Microsoft PowerPoint - e-goverment Security Issue.ppt](https://reader031.fdocuments.net/reader031/viewer/2022011802/5b4aacf97f8b9a691e8c53a0/html5/thumbnails/10.jpg)
StrategyStrategy
Create mechanism to provide information outside the Municipality premises and working hoursProvide E services using different type of technologies Public should be able to pay electronically (E-Payment)Create awareness programs for Municipality Employees and the general publicCreate new rules and regulations to suit and supports E-services.Motivate the public to use E-services
![Page 11: e-City as an e-Government Approach Security Issue.pdfe-City as an e-Government Approach: ... 10 key steps to securing e-City ... Microsoft PowerPoint - e-goverment Security Issue.ppt](https://reader031.fdocuments.net/reader031/viewer/2022011802/5b4aacf97f8b9a691e8c53a0/html5/thumbnails/11.jpg)
The Terms of The Terms of ee--CityCity
The e-City is a step of e-Governmentthat means the City that protected by E Services provided by Government
sectors same as Municipolity.
![Page 12: e-City as an e-Government Approach Security Issue.pdfe-City as an e-Government Approach: ... 10 key steps to securing e-City ... Microsoft PowerPoint - e-goverment Security Issue.ppt](https://reader031.fdocuments.net/reader031/viewer/2022011802/5b4aacf97f8b9a691e8c53a0/html5/thumbnails/12.jpg)
Key Challenges in the Transformation toKey Challenges in the Transformation toee--City as an eCity as an e--Government stepGovernment step
![Page 13: e-City as an e-Government Approach Security Issue.pdfe-City as an e-Government Approach: ... 10 key steps to securing e-City ... Microsoft PowerPoint - e-goverment Security Issue.ppt](https://reader031.fdocuments.net/reader031/viewer/2022011802/5b4aacf97f8b9a691e8c53a0/html5/thumbnails/13.jpg)
Fundamental Differences Between Fundamental Differences Between MunicipolityMunicipolity and Private Sectorand Private Sector
Sovereignty — Municipolities are unique in their sovereign role over citizensPrivacy/Security — privacy and security are directly tied to public trustResponsibility to Serve All — Municipolitiescannot select their “customers”Distribution of value — Municipolities are subject to different business models Incentives and organization — checks and balances
![Page 14: e-City as an e-Government Approach Security Issue.pdfe-City as an e-Government Approach: ... 10 key steps to securing e-City ... Microsoft PowerPoint - e-goverment Security Issue.ppt](https://reader031.fdocuments.net/reader031/viewer/2022011802/5b4aacf97f8b9a691e8c53a0/html5/thumbnails/14.jpg)
Three Interdependent Building Blocks of Three Interdependent Building Blocks of ee--CityCity
Infrastructure
Policy
Applications
![Page 15: e-City as an e-Government Approach Security Issue.pdfe-City as an e-Government Approach: ... 10 key steps to securing e-City ... Microsoft PowerPoint - e-goverment Security Issue.ppt](https://reader031.fdocuments.net/reader031/viewer/2022011802/5b4aacf97f8b9a691e8c53a0/html5/thumbnails/15.jpg)
Defining WebDefining Web--Enabled Applications That ...Enabled Applications That ...
Meet the needs of – Citizens– Businesses– Suppliers– Employees– Other Municipolities
Deliver maximum value through integrated end-to-end solutionsInfrastructure
Policy
Applications
![Page 16: e-City as an e-Government Approach Security Issue.pdfe-City as an e-Government Approach: ... 10 key steps to securing e-City ... Microsoft PowerPoint - e-goverment Security Issue.ppt](https://reader031.fdocuments.net/reader031/viewer/2022011802/5b4aacf97f8b9a691e8c53a0/html5/thumbnails/16.jpg)
Establishing Policies to Support Establishing Policies to Support ee--CityCity
Based on shared vision of common enterprise-wide solution
Data architecture/ownershipPrivacySecurityStandardsRecords management and archivingOthers...
Infrastructure
Policy
Applications
![Page 17: e-City as an e-Government Approach Security Issue.pdfe-City as an e-Government Approach: ... 10 key steps to securing e-City ... Microsoft PowerPoint - e-goverment Security Issue.ppt](https://reader031.fdocuments.net/reader031/viewer/2022011802/5b4aacf97f8b9a691e8c53a0/html5/thumbnails/17.jpg)
Creating Creating ee--City Infrastructure...City Infrastructure...
Consisting of...PortalsEnterprise Application IntegrationSecurityNetwork CapacityElectronic Payment ServicesDigital ArchivesHelp DeskOthers...
Infrastructure
Policy
Applications
![Page 18: e-City as an e-Government Approach Security Issue.pdfe-City as an e-Government Approach: ... 10 key steps to securing e-City ... Microsoft PowerPoint - e-goverment Security Issue.ppt](https://reader031.fdocuments.net/reader031/viewer/2022011802/5b4aacf97f8b9a691e8c53a0/html5/thumbnails/18.jpg)
BS7799BS7799
Information Security Management SystemInformation Security Management SystemBest PracticeBest Practice
![Page 19: e-City as an e-Government Approach Security Issue.pdfe-City as an e-Government Approach: ... 10 key steps to securing e-City ... Microsoft PowerPoint - e-goverment Security Issue.ppt](https://reader031.fdocuments.net/reader031/viewer/2022011802/5b4aacf97f8b9a691e8c53a0/html5/thumbnails/19.jpg)
ee--City Evolution:City Evolution:Today: Multiple Points of AccessToday: Multiple Points of Access
Taxation
Environ-mental
Resources
Motor Vehicles Human
Services
Health
Other Services
...
CitizenBusiness
Government
Citizen Business
Government
Business CitizenBusiness
Citizen
![Page 20: e-City as an e-Government Approach Security Issue.pdfe-City as an e-Government Approach: ... 10 key steps to securing e-City ... Microsoft PowerPoint - e-goverment Security Issue.ppt](https://reader031.fdocuments.net/reader031/viewer/2022011802/5b4aacf97f8b9a691e8c53a0/html5/thumbnails/20.jpg)
Information/Data management Information/Data management requirementsrequirements
CollectionGathering data on citizens, businesses and other entities.
StorageGathered data is stored for processing.
ProcessingProcessing takes place at server level.
CommunicationData collection and processing require a lot of G2C and G2B communication to happen.
Each stage above carries security risks which need to be managed!!
![Page 21: e-City as an e-Government Approach Security Issue.pdfe-City as an e-Government Approach: ... 10 key steps to securing e-City ... Microsoft PowerPoint - e-goverment Security Issue.ppt](https://reader031.fdocuments.net/reader031/viewer/2022011802/5b4aacf97f8b9a691e8c53a0/html5/thumbnails/21.jpg)
What is information security?What is information security?
Legal Framework
People Procedures Policy Technology
Information Security
Confidentiality Integrity
Availability Authentication
Non-repudiationInformation security is about preserving of confidentiality, integrity and availability of information.BS 7799/ISO 17799
![Page 22: e-City as an e-Government Approach Security Issue.pdfe-City as an e-Government Approach: ... 10 key steps to securing e-City ... Microsoft PowerPoint - e-goverment Security Issue.ppt](https://reader031.fdocuments.net/reader031/viewer/2022011802/5b4aacf97f8b9a691e8c53a0/html5/thumbnails/22.jpg)
Information Security Information Security -- StructureStructure
Information security
Administrativesecurity IT - security
EDP - security Communication security
75% 25%
![Page 23: e-City as an e-Government Approach Security Issue.pdfe-City as an e-Government Approach: ... 10 key steps to securing e-City ... Microsoft PowerPoint - e-goverment Security Issue.ppt](https://reader031.fdocuments.net/reader031/viewer/2022011802/5b4aacf97f8b9a691e8c53a0/html5/thumbnails/23.jpg)
Why is information security an issue for Why is information security an issue for ee--City?City?
Dependency on information systemsHigh degree of information sharingIncrease use of remote accessChallenges of controlling informationLaws relating to information securityDealing with highly sensitive citizen’s and business dataNational securityConsequences of security breach can be detrimental
![Page 24: e-City as an e-Government Approach Security Issue.pdfe-City as an e-Government Approach: ... 10 key steps to securing e-City ... Microsoft PowerPoint - e-goverment Security Issue.ppt](https://reader031.fdocuments.net/reader031/viewer/2022011802/5b4aacf97f8b9a691e8c53a0/html5/thumbnails/24.jpg)
Threats to information security in Threats to information security in ee--City environmentCity environment
Active attacksPassive attacksViruses, trojan horses, wormsSocial EngineeringWireless NetworkingPeoplePowerFire,flood, etc…
Temporary staff
InternetThief
Hacker
Wireless connections
Dial-in connections
![Page 25: e-City as an e-Government Approach Security Issue.pdfe-City as an e-Government Approach: ... 10 key steps to securing e-City ... Microsoft PowerPoint - e-goverment Security Issue.ppt](https://reader031.fdocuments.net/reader031/viewer/2022011802/5b4aacf97f8b9a691e8c53a0/html5/thumbnails/25.jpg)
NumberNumber ofof Cases in Cases in yearyear 20012001DublinDublin MunicipolityMunicipolity
Types of Incidents
[ Total = 150 cases ]
12
34
38
66
0 10 20 30 40 50 60 70
other (Hack,DDoS, etc.)
Virus / worm /trojan
Port Scan&Probe
Spam mail
![Page 26: e-City as an e-Government Approach Security Issue.pdfe-City as an e-Government Approach: ... 10 key steps to securing e-City ... Microsoft PowerPoint - e-goverment Security Issue.ppt](https://reader031.fdocuments.net/reader031/viewer/2022011802/5b4aacf97f8b9a691e8c53a0/html5/thumbnails/26.jpg)
NumberNumber ofof Cases in Cases in yearyear 20022002DublinDublin MunicipolityMunicipolity
27
55
90
183
0 50 100 150 200
other (Hack,DDoS, etc.)
Virus / worm/ trojan
PortScan&Probe
Spam mail
Types of Incidents
[ Total = 355 cases ]
![Page 27: e-City as an e-Government Approach Security Issue.pdfe-City as an e-Government Approach: ... 10 key steps to securing e-City ... Microsoft PowerPoint - e-goverment Security Issue.ppt](https://reader031.fdocuments.net/reader031/viewer/2022011802/5b4aacf97f8b9a691e8c53a0/html5/thumbnails/27.jpg)
Main Information Security IssuesMain Information Security Issues
Only 40% of organizations are confident they would detect a systems attack. (A.9)40% of organizations do not investigate information security incidents. (A.6)Critical business systems are increasingly interrupted - over 75% of organizations experienced unexpected unavailability. (A.8)Business continuity plans exist in only 53% of organizations. (A.11)Only 41% of organizations are concerned about internal attacks on systems, despite overwhelming evidence of the high number of attacks from within organizations. (A.6 , A.7)Less than 50% of organizations have information security training and awareness programs. (A.6.2)
![Page 28: e-City as an e-Government Approach Security Issue.pdfe-City as an e-Government Approach: ... 10 key steps to securing e-City ... Microsoft PowerPoint - e-goverment Security Issue.ppt](https://reader031.fdocuments.net/reader031/viewer/2022011802/5b4aacf97f8b9a691e8c53a0/html5/thumbnails/28.jpg)
ISO 17799:2000 defines this as the ISO 17799:2000 defines this as the preservation of:preservation of:
Confidentiality– Ensuring that information is accessible only to those
authorized to have accessIntegrity– Safeguarding the accuracy and completeness of
information and processing methodsAvailability– Ensuring that authorized users have access to
information and associated assets when required
![Page 29: e-City as an e-Government Approach Security Issue.pdfe-City as an e-Government Approach: ... 10 key steps to securing e-City ... Microsoft PowerPoint - e-goverment Security Issue.ppt](https://reader031.fdocuments.net/reader031/viewer/2022011802/5b4aacf97f8b9a691e8c53a0/html5/thumbnails/29.jpg)
Control Objectives and ControlsControl Objectives and Controls
BS 7799-2 ISO 17799 contains: – 10 control clauses, 36 control objectives, and 127
controls“Not all of the guidance and controls in this code of practice may be applicable. Furthermore, additional controls not included in this document may be required.”“They are either based on essential legislative requirements or considered to be common best practice for information security.”“…guiding principles providing a good starting point for implementing information security.”
![Page 30: e-City as an e-Government Approach Security Issue.pdfe-City as an e-Government Approach: ... 10 key steps to securing e-City ... Microsoft PowerPoint - e-goverment Security Issue.ppt](https://reader031.fdocuments.net/reader031/viewer/2022011802/5b4aacf97f8b9a691e8c53a0/html5/thumbnails/30.jpg)
BS 7799 BS 7799 ––10 Domains of Information 10 Domains of Information ManagementManagement
Access control
Asset classificationand control
Security policyOrganizational
security
Personnel security
Physical and environmental
securityCommunications and operationsmanagement
Systems development &
maintenance
Business continuitymanagement
Compliance
Information
Integrity Confidentiality
Availability
![Page 31: e-City as an e-Government Approach Security Issue.pdfe-City as an e-Government Approach: ... 10 key steps to securing e-City ... Microsoft PowerPoint - e-goverment Security Issue.ppt](https://reader031.fdocuments.net/reader031/viewer/2022011802/5b4aacf97f8b9a691e8c53a0/html5/thumbnails/31.jpg)
BS 7799 BS 7799 ––10 Domains of Information 10 Domains of Information Management Management (Cont.)(Cont.)
TECHNOLOGY PROTECTION & CONTINUITYPhysical & Environment ControlsContingency Planning Controls
INFORMATION ASSET SECURITYApplication Security
Database/ Metadata SecurityHost Security
Internet Network SecurityNetwork Perimeter Security
USER MANAGEMENTUser ManagementUser Awareness
SECURITY MANAGEMENTSecurity OperationsSecurity Monitoring
SECURITY POLICIESSecurity Policies, Standards & Guidelines
SECURITY PROGRAMSecurity Program Structure
Security Program Resources & Skills-set
SECURITY LEADERSHIPSecurity Sponsorship/ Posture
Security Strategy
Support
Technologies
Knowledge
Management
Strategy
Effects
Causes
![Page 32: e-City as an e-Government Approach Security Issue.pdfe-City as an e-Government Approach: ... 10 key steps to securing e-City ... Microsoft PowerPoint - e-goverment Security Issue.ppt](https://reader031.fdocuments.net/reader031/viewer/2022011802/5b4aacf97f8b9a691e8c53a0/html5/thumbnails/32.jpg)
PolicyPolicy
Setting up thepolicy
Drawing up basic guidelines,std of measure &
implementation procedure
IntroductionDistribution,education and physical,personnel and technical measures
OperationMonitoring, confirmation and
compliance of measures
Evaluation and reviewAuditing the system, evaluation
and review of policy
![Page 33: e-City as an e-Government Approach Security Issue.pdfe-City as an e-Government Approach: ... 10 key steps to securing e-City ... Microsoft PowerPoint - e-goverment Security Issue.ppt](https://reader031.fdocuments.net/reader031/viewer/2022011802/5b4aacf97f8b9a691e8c53a0/html5/thumbnails/33.jpg)
How to identify the security requirements?How to identify the security requirements?
1. From security risks
2. From legal and contractual requirements
3. From internal principles, objectives and requirements
CORRECT controls and required degree of flexibility from the START!
![Page 34: e-City as an e-Government Approach Security Issue.pdfe-City as an e-Government Approach: ... 10 key steps to securing e-City ... Microsoft PowerPoint - e-goverment Security Issue.ppt](https://reader031.fdocuments.net/reader031/viewer/2022011802/5b4aacf97f8b9a691e8c53a0/html5/thumbnails/34.jpg)
Implementing Information Security for Implementing Information Security for ee--CityCity
PeoplePolicyProceduresTechnology (Public Key Cryptography – PKI)Risk ManagementLegal frameworkConformity with international standards
![Page 35: e-City as an e-Government Approach Security Issue.pdfe-City as an e-Government Approach: ... 10 key steps to securing e-City ... Microsoft PowerPoint - e-goverment Security Issue.ppt](https://reader031.fdocuments.net/reader031/viewer/2022011802/5b4aacf97f8b9a691e8c53a0/html5/thumbnails/35.jpg)
10 10 keykey stepssteps toto securingsecuring ee--CityCityBasedBased onon BS7799BS7799
1. Assign accountability for security2. Implement a thorough security policy3. Conduct a security awareness program4. Install a firewall and monitor the traffic regularly5. Deploy anti-virus software and update it
regularly
![Page 36: e-City as an e-Government Approach Security Issue.pdfe-City as an e-Government Approach: ... 10 key steps to securing e-City ... Microsoft PowerPoint - e-goverment Security Issue.ppt](https://reader031.fdocuments.net/reader031/viewer/2022011802/5b4aacf97f8b9a691e8c53a0/html5/thumbnails/36.jpg)
10 10 keykey stepssteps toto securingsecuring ee--CityCityBasedBased onon BS7799 BS7799 (Cont.)(Cont.)
6. Stay abreast of security advisories and make updates in a timely manner
7. Establish strong password rules8. Limit access to sensitive information9. Develop and communicate an incident
response process10.Perform security audits on an ongoing basis
![Page 37: e-City as an e-Government Approach Security Issue.pdfe-City as an e-Government Approach: ... 10 key steps to securing e-City ... Microsoft PowerPoint - e-goverment Security Issue.ppt](https://reader031.fdocuments.net/reader031/viewer/2022011802/5b4aacf97f8b9a691e8c53a0/html5/thumbnails/37.jpg)
Other issuesOther issues
Improving users confidence
PKI deployment in e-City
Privacy / Security / Intellectual policy on City web sites
Trust Mark Program
Click-wrap agreement