Presentation is loading. Please wait.

Presentation is loading. Please wait.

1. Public confidence is key to success of E- Government implementation o Information and individual privacy o National security o Global competitiveness.

Published byBryan Magnus Harper Modified over 8 years ago

Similar presentations

Presentation on theme: "1. Public confidence is key to success of E- Government implementation o Information and individual privacy o National security o Global competitiveness."— Presentation transcript:

1 1

2 Public confidence is key to success of E- Government implementation o Information and individual privacy o National security o Global competitiveness o Protection of civil liberties Approaches o Uniform privacy practices o Digital signature standards o Cryptography standards 2

3 Level of security is to correspond to the service concerned o It’s not a matter of whether to protect, but how best to protect and how effective the protection is 3

4 4 The networked world of E-Government opens another dimension of fear and vulnerability Increase in information stored in digital form will have a potential consequence of increased susceptibility to unauthorised access

5 A security model should be ideally across multiple hardware and software platforms and networks, integrating the various aspects of o Security services o Mechanisms o Objects o Management functions 5

6 SYSTEM INTRGRITYSYSTEM INTRGRITY Security Services Security Mechanisms Security Objects Security Management POLICYMANAGEMENTPOLICYMANAGEMENT Audit and Alert Mgt Service Mgt Mechanism Mgt Object Mgt Identification and Authentication Non Repudiation Data Integrity Confidentiality Access Control Entity Authentication Access Control Lists/Security Labels Encipher Decipher Message Authentication Notification Detection Digital Signature Users Groups Privileges Audit Logs Policies Encryp -tion Keys Pass- words 6

7 Four major components in security model o Security Management – apparatus used to administer, control and review the security policy being implemented o Security Services – facilities and functions necessary to ensure the protection of resources o Security Mechanisms – technical tools and techniques necessary to implement the required security services o Security Objects – key security-related entities within system environment 7

8 8 Challenges to Government’s initiatives in ICT security : o Increased spending in security-related products and services o Availability, capability and limitations of ICT security technology must be well understood o Human resource development to have sufficient number of skilled and experienced ICT security experts o Supporting infrastructure should be developed

9 Organisational unit that is to ensure consistency and sufficiency in ICT security implementation should focus on o Definition of comprehensive and documented guidelines for the formulation and implementation of security policies o Coordination of skills development o Review and validation of implementation o To be a key point of referral for all security matters 9

10 10 An ICT Security Division was established within MAMPU in January 2000 Plans, coordinates, streamlines and consolidates the efforts to strategise public sector ICT security implementation Serves as a referral point for ICT security-related matters within government organisations

11 11 Formulate policy and guidelines as well as the adoption of relevant ICT security standards and their dissemination Implement business resumption, cryptology, computer emergency response and audit Responsible for ICT security training and acculturation programmes which include the development of a certification plan for public sector ICT Security Officers

12 “Government Information and Communication Technology (ICT) Security Framework” was published in October 2002 Addresses issues of confidentiality, integrity, availability, non-repudiation and authenticity Mandate the appointment of ICT Security Officers in ministries and departments who are responsible to conduct risk analysis and security programmes based on standards, guidelines and ICT security measures 12

13 13 “Malaysian Public Sector Management of ICT Security Handbook” (MyMIS) was published in January 2002 A detailed guide for ICT infrastructure development and management Covers o Identification of risks and threats o Roles and responsibilities for ICT security o Investigation of computer crimes Includes templates, checklist and procedures that serves as a guide for public sector agencies in the development of ICT security policy

14 14 The Government Computer Emergency Response Team (GCERT) was formed in January 2001 The team o Acts on reported ICT security incidences o Disseminates information to assist in ICT security for the public sector o Provides advisory services in security incidence handling o Coordinates with relevant agencies such as MyCERT, Internet Service Providers (ISPs) and enforcement agencies

15 15 MAMPU establish Malaysian Public Sector Network Surveillance (PRISMA) to protect public sector ICT installations and critical information assets from exposure to the vulnerabilities of public network electronic systems Basis for establishment o The need to have a first layer defence to protect government ICT installations and critical information assets o The need for a reliable and trusted information base o The rise of cyber threats and attacks

16 o The increasing cost of implementing ICT security protection and management o The lack of knowledgeable and focus ICT security professionals o The need to uplift the knowledge and awareness of ICT security PRISMA operated 24x7 in real time, proactively monitoring and managing a government agency’s firewalls and intrusion detection systems 16

17 Capabilities include o Cyber attack monitoring o Periodic vulnerability scanning o Automated web recovery o Provision of a government security web portal o PKI integration 17

18 18 The sophistication of the security mechanisms employed must commensurate with the importance of the applications and the risk factors involved The scale of implementation of applications Direct interaction with citizens and businesses electronically

19 EG*Net, as the government’s dedicated network, requires a tightly secured architecture, especially for connections to public or external networks such as Internet or gateways to business partners 19

20 EG Public DNS B2G/C2G Service Provider Radius EG*Net IP Backbone FR/ATM/Digital ad Analog Leased Lines Firewall EG ServerEG WorkstationsRAS Internet PSTN External Secure Gateway B2G/C2G Secure Gateway Dial-up Gateway Dial-up Access Untrusted domain 20

21 Secure gateways which control access to EG*Net from external networks or connection points o Internet o Public Switched Telephone Network (PSTN) o Integrated Service Digital Network (ISDN) o Gateways to other government intranets and partners 21

22 Key security technologies o Multiple firewalls protect E-government servers located at the project implementation sites at different levels o Remote Access Server (RAS) and Authentication Server (RADIUS) provide ID and password for dial-up users o Virtual private networks further limit access to key computer installations within EG*Net and encrypt confidential information in transit within the network o Network monitoring and intrusion detection systems proactively detect and automatically defeat attempts at penetrating network access points and/or devices within the network 22

23 Many of E-Government applications’ functions are sensitive or controlled, security must be enforced at the application level o Login with the use of an identification and password o Smart-card secured logins o Controlled user profiles o Digital signing of electronic documentation o Encryption of sensitive data o Logging of all critical activities 23

24 24 Government has formulated the E-Government Information Technology Policy and Standards (EGIT) Details out government policies concerning the specified technologies and the current ICT security standards that must be considered when designing E-Government applications Security mechanisms available o Authentication and authorisation o Audit controls o Enhanced services (encryption, decryption, digital signature and secure electronic transfers) o Administration

25 25 EGIT is the security benchmark for all E-Government projects To ensure consistency in the implementation and to avoid unwanted vulnerabilities, compliance to EGIT is a mandatory requirement in every E-Government project contract

26 26 Certification Authorities (CA) are trusted third parties who confirm the identity of participants in a commercial interaction via the use of PKI technology The method of authentication is extremely useful and reliable for access control purposes as a substitute or complement to standard system login methods Digital certificates contain small amount of data to uniquely identify an individual or an organisation The content of these digital certificates is used by computer applications to sign documents or to determine an identity, which can in turn be verified by communicating with issuing CA

27 Digital certificates are virtually impossible to forge They can be performed remotely, allowing business transactions to be conducted even when the participants in the transaction are half a world away Digital signature technologies are being employed in E- Government with the purpose o Securing access to applications and data o Records of decisions made o Sign transactions between the government and its business partners 27

28 28 A major benefit of the non-repudiating nature of the technology employed is that it immediately enforces a high degree of authenticity to the decisions recorded and the associated levels of accountability and transparency E-Procurement – government’s suppliers are also issued with similar smart cards, thus allowing all procurement transactions conducted on the system to be concluded with maximum efficiency and security

29 29 There are plans being formulated to incorporate digital certificates into MyKad Advantages – able to interact with the government through an entirely new channel promise greater efficiencies and an enhanced service experience Challenges – possible abuse To ensure that there are sufficient incentives in the form of added services and convenience for citizens to use MyKad

Download ppt "1. Public confidence is key to success of E- Government implementation o Information and individual privacy o National security o Global competitiveness."

Similar presentations

Steps towards E-Government in Syria

Steps towards E-Government in Syria
Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.

Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.
A presentation on e-Procurement

A presentation on e-Procurement
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Technical Review Group (TRG)Agenda 27/04/06 TRG Remit Membership Operation ICT Strategy ICT Roadmap.

Technical Review Group (TRG)Agenda 27/04/06 TRG Remit Membership Operation ICT Strategy ICT Roadmap.
Information security An introduction to Technology and law with focus on e-signature, encryption and third party service Yue Liu Feb.2008.

Information security An introduction to Technology and law with focus on e-signature, encryption and third party service Yue Liu Feb.2008.
Security Controls – What Works

Security Controls – What Works
Information Security Policies and Standards

Information Security Policies and Standards
6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.

6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.
Chapter 12 Network Security.

Chapter 12 Network Security.
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.

CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.
E-Government Security and necessary Infrastructures Dimitrios Lekkas Dept. of Systems and Products Design Engineering University of the Aegean

E-Government Security and necessary Infrastructures Dimitrios Lekkas Dept. of Systems and Products Design Engineering University of the Aegean
Computer Security: Principles and Practice

Computer Security: Principles and Practice
Stephen S. Yau CSE 465-591, Fall 2006 1 Security Strategies.

Stephen S. Yau CSE , Fall Security Strategies.
1 Kuwait Central Agency for information technology.

1 Kuwait Central Agency for information technology.
Beyond HIPAA, Protecting Data Key Points from the HIPAA Security Rule.

Beyond HIPAA, Protecting Data Key Points from the HIPAA Security Rule.
Network security policy: best practices

Network security policy: best practices
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.

Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.

Similar presentations

Ads by Google