Abstract
Electronic governance is being rapidly adopted across the world for providing seamless services to citizens. With rising digitization of information resources, the threats to the infrastructure and digital data are also growing. For developed nations, the security parameters and optimization processes are well tested and placed, but for developing nations, these are yet to be addressed strongly. There is also a need for imparting awareness and educating personnel involved in the development and operations of E-Governance systems.
This study proposes a framework for security assessment among the departments of E-Governance, based on information systems principles. The major areas of security covered in the framework are related to the hardware, network, software, server, data and physical and environment security and various policies for security of information systems at the organizational level. The suggestive framework has also been tested for an organization in India. It was found that, given the functionality and magnitude of the organization, the assessment framework was able to analyze the strength and weakness of an organization in an exhaustive manner. The coverage of technological and organizational measure was found to be 69% and 53%, respectively, and the organization was placed in top two zones of the proposed grid. This study will be useful for security assessment of various organizations operating under E-Governance.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
United Nations, E-Governance survey, 2014. https://publicadministration.un.org/egovkb/Portals/egovkb/Documents/un/2014-Survey/E-Gov_Complete_Survey-2014.pdf. Accessed 15 Mar 2016
S. Singh, D.S. Karaulia, E-governance: information security issues, in Proceedings of the International Conference on Computer Science and Information Technology, India, 2011, pp. 120–124. http://www.academia.edu/download/38526006/77_1211468.pdf.
R. Gupta, S.K. Pal, S.K. Muttoo, Analysis of information systems security for E-governance in India, in National Workshop on Cryptology, (DESIDOC, DRDO & CRSI, Delhi, 2013), pp. 17–25
R. Gupta, S.K. Pal, S.K. Muttoo, Review based security framework for E-governance services. Chakravyuh DRDO 11(1), 42–50 (2015)
R. Gupta, S.K. Pal, S.K. Muttoo, Network monitoring and internet traffic surveillance system: issues and challenges in India, in Intelligent Systems Technologies and Applications, (Springer International Publishing, New York, 2016), pp. 57–65. https://doi.org/10.1007/978-3-319-23258-4_6
A. Miller, R. Horne, C. Potter, Information Security Breach Survey (Pricewaterhouse Coopers, London, 2016)
S.K. Muttoo, R. Gupta, S.K. Pal, Analysing security checkpoints for an integrated utility-based information system, in Emerging Research in Computing, Information, Communication and Applications, (Springer, Singapore, 2016), pp. 569–587. https://doi.org/10.1007/978-981-10-0287-8_53
M. Stamp, Information Security: Principles and Practice (Wiley, Hoboken, 2011)
N. Godbole, Information Systems Security: Security Management, Metrics, Frameworks and Best Practices (With CD) (Wiley, Hoboken, 2008)
R. Gupta, S.K. Muttoo, S.K. Pal, Proposal for integrated system architecture in utilities, in Proceedings of the Advances in Computing, Communications and Informatics (ICACCI) IEEE, 2014, pp. 1995–1998. doi: https://doi.org/10.1109/ICACCI.2014.6968652
K.D. Loch, H.H. Carr, M.E. Warkentin, Threats to information systems: today’s reality, yesterday’s understanding. MIS Q. 16, 173–186 (1992). https://doi.org/10.2307/249574
M.E. Whitman, In defense of the realm: understanding the threats to information security. Int. J. Inf. Manag. 24(1), 43–57 (2004). https://doi.org/10.1016/j.ijinfomgt.2003.12.003
A. Da Veiga, J.H. Eloff, A framework and assessment instrument for information security culture. Comput. Secur. 29(2), 196–207 (2010). https://doi.org/10.1016/j.cose.2009.09.002
J. Rees, S. Bandyopadhyay, E.H. Spafford, PFIRES: a policy framework for information security. Commun. ACM 46(7), 101–106 (2003). https://doi.org/10.1145/792704.792706
L. Sun, R.P. Srivastava, T.J. Mock, An information systems security risk assessment model under the Dempster-Shafer theory of belief functions. J. Manag. Inf. Syst. 22(4), 109–142 (2006). https://doi.org/10.2753/MIS0742-1222220405
A. AlHogail, Design and validation of information security culture framework. Comput. Hum. Behav. 49(1), 567–575 (2015). https://doi.org/10.1016/j.chb.2015.03.054
C. Sillaber, R. Breu, Using business process model awareness to improve stakeholder participation in information systems security risk management processes, in Wirtschafts Informatik, 2015, pp. 1177–1190. http://www.wi2015.uni-osnabrueck.de/Files/WI2015-D-14-00044.pdf.
A. Joshi, H. Tiwari, Security for E-governance. J. Inf. Oper. Manag. 3(1), 254 (2012). http://furooshgah.ir/wp-content/uploads/2016/12/SECURITY-FOR-E-GOVERNANCE.pdf
A. Roy, S. Karforma, A survey on E-governance security. Int. J. Comp. Eng. Comp. Appl. 8(2), 50–62 (2011)
H. Singh, A.K. Kar, P.V. Ilavarasan, Assessment of e-governance projects: an integrated framework and its validation, in Proceedings of the Special Collection on eGovernment Innovations in India, (ACM, New York, 2017), pp. 124–133. https://doi.org/10.1145/3055219.3055228
V. Singh, G. Singh, Citizen centric assessment framework for e-governance services quality. Int. J. Business Informat. Syst. 27(1), 1–20 (2018). https://doi.org/10.1504/IJBIS.2018.088568
A. Mateen, S. Sabir, K. Ullah, A development of hybrid framework for E-Government. arXiv preprint arXiv:1702.02442 (2017). https://arxiv.org/ftp/arxiv/papers/1702/1702.02442.pdf.
S.L. Kim, T.S. Teo, A. Bhattacherjee, K. Nam, IS auditor characteristics, audit process variables, and IS audit satisfaction: an empirical study in South Korea. Inf. Syst. Front. 19(3), 577–591 (2017). https://doi.org/10.1007/s10796-015-9612-z
Y.N. Chen, H.M. Chen, W. Huang, R.K. Ching, E-government strategies in developed and developing countries: an implementation framework and case study. J. Glob. Inf. Manag. 14(1), 23–46 (2006). https://doi.org/10.4018/jgim.2006010102
G. Dhillon, J. Backhouse, Technical opinion: information system security management in the new millennium. Commun. ACM 43(7), 125–128 (2000). https://doi.org/10.1145/341852.341877
K. Prasad, E-governance policy for modernizing government through digital democracy in India. J. Inf. Policy 2, 183–203 (2007). https://doi.org/10.5325/jinfopoli.2.2012.0183
G. Mitchell, A. May, A. McDonald, PICABUE: a methodological framework for the development of indicators of sustainable development. Int. J. Sustain. Dev. World Ecol. 2(2), 104–123 (1995). https://doi.org/10.1080/13504509509469893
D.H. Meadows, Indicators and information systems for sustainable development, in A Report to the Balaton Group, The Sustainability Institute, 1998. https://pdfs.semanticscholar.org/3372/06350e14a75581b88550fadfd0b39d144d87.pdf. Accessed 25 Jan 2017
R.T. Watson, G.G. Kelly, R.D. Galliers, J.C. Brancheau, Key issues in information systems management: an international perspective. J. Manag. Inf. Syst. 13(4), 91–115 (1997). https://doi.org/10.1080/07421222.1997.11518144
C. Harland, L. Knight, R. Lamming, H. Walker, Outsourcing: assessing the risks and benefits for organisations, sectors and nations. Int. J. Oper. Prod. Manag. 25(9), 831–850 (2005). https://doi.org/10.1108/01443570510613929
S. Basu, E-government and developing countries: an overview. Int. Rev. Law Comput. Technol. 18(1), 109–132 (2004). https://doi.org/10.1080/13600860410001674779
T. Almarabeh, A. AbuAli, A general framework for e-government: definition maturity challenges, opportunities, and success. Eur. J. Sci. Res. 39(1), 29–42 (2010). http://unpan1.un.org/intradoc/groups/public/documents/apcity/unpan045348.pdf
H.J. Liao, C.H.R. Lin, Y.C. Lin, K.Y. Tung, Intrusion detection system: a comprehensive review. J. Netw. Comput. Appl. 36(1), 16–24 (2013)
J.P. Anderson, Computer Security Threat Monitoring and Surveillance (Vol. 17), Technical Report (James P. Anderson Company, Fort Washington, PA, 1980)
D.E. Denning, An intrusion-detection model. IEEE Trans. Softw. Eng. 13(2), 222–232 (1987)
A.M. Chandrashekhar, K. Raghuveer, Performance evaluation of data clustering techniques using KDD Cup-99 intrusion detection data set. Int. J. Inform. Netw. Secur. 1(4), 294–305 (2012)
C.F. Endorf, E. Schultz, J. Mellander, Intrusion detection & prevention (McGraw-Hill Osborne Media, Osborne, 2004)
X. Wang, S. Chen, S. Jajodia, Tracking anonymous peer-to-peer VoIP calls on the internet, in Proceedings of the 12th ACM conference on computer and communications security, (ACM, New York, 2005), pp. 81–91
S. Kaplantzis, N. Mani, M. Palaniswanmi, G. Egan, Security Models for Wireless Sensor Networks, PhD Conversion Report, Monash University, Australia, 2006
S. Rathore, A. Saxena, M. Manoria, Intrusion detection system on KDDCup99 dataset: a survey. Int. J. Comp. Sci. Informat. Technol. 6(4), 3345–3348 (2015)
R. Bhattacharya, Indian companies faced cyber-attack in 2015: KPMG survey, The Economic Times (2015). http://articles.economictimes.indiatimes.com/2015-12-01/news/68688315_1_cyber-risks-cyber-forensicskpmg-survey. Accessed 15 Jan 2016
A.M. Sukumar, C. R. Sharma, The Cyber Command: Upgrading India’s National Security Architecture (2016). http://www.orfonline.org/wp-content/uploads/2016/03/SR_9_Arun-Mohan-Sukumar-and-RK-sharma.pdf. Accessed 15 Sep 2016
R. Caceres, N. Duffield, A. Feldmann, J.D. Friedmann, A. Greenberg, R. Greer, J.E. van der Memle, Measurement and analysis of IP network usage and behavior. Commun. Mag. IEEE 38(5), 144–151 (2000)
S. Das, 9 Cybersecurity policies & initiatives by Indian Govt in 2019 (2019). https://analyticsindiamag.com/9-cybersecurity-policies-initiatives-by-indian-govt-in-2019/. Accessed 15 Mar 2020
ISG-IHE, Information security governance assessment tools for higher education, 2005. https://net.educause.edu/ir/library/pdf/SEC0421.pdf. Accessed 12 Mar 2016
R. Ismail, A.N. Zainab, Information systems security in special and public libraries: an assessment of status, 2013. https://arxiv.org/ftp/arxiv/papers/1301/1301.5386.pdf.
P. Brudenall, Technology and Offshore Outsourcing Strategies (Palgrave Macmillan, Basingstoke, 2005). https://doi.org/10.1057/9780230518568
H. Berghel, The two sides of RoI: return on investment vs. risk of incarceration. Commun. ACM 48(4), 15–20 (2005). https://doi.org/10.1145/1053291.1053305
C. Sundt, Information security and the law. Inform. Secur. Technol. Represent. 1(1), 2–9 (2006). https://doi.org/10.1016/j.istr.2005.11.003
B. Von Solms, Information security—the third wave. Comput. Secur. 19(7), 615–620 (2000). https://doi.org/10.1016/S0167-4048(00)07021-8
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Appendix
Appendix
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this chapter
Cite this chapter
Gupta, R., Pal, S.K., Muttoo, S.K. (2020). Cyber Security Assessment Education for E-Governance Systems. In: Daimi, K., Francia III, G. (eds) Innovations in Cybersecurity Education. Springer, Cham. https://doi.org/10.1007/978-3-030-50244-7_10
Download citation
DOI: https://doi.org/10.1007/978-3-030-50244-7_10
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-50243-0
Online ISBN: 978-3-030-50244-7
eBook Packages: EducationEducation (R0)