posted Dec 19, 2013, 11:17 AM by Carlos E. Jimenez-Gomez
[
updated Dec 19, 2013, 11:18 AM
]
IEEE Computer Society e-Government is updating their index of e-Government experts for 2014 (for conferences committees, workgroups, etc.). If you are interested in being part of this list you can download the document and send it to us with your info required (you only need a couple of minutes to fill it). The document can be downloaded from this link within our "Links" page. |
posted Dec 19, 2013, 10:16 AM by Carlos E. Jimenez-Gomez
[
updated Dec 19, 2013, 10:17 AM
]
By the terms of that text, the Assembly established, for the first time, that "human rights should prevail irrespective of the medium, and therefore the need for protection both offline and online". General Assembly calls upon Member States to "review their procedures, practices and legislation on the surveillance of communications, their interception and collection of personal data, including mass surveillance, with a view to upholding the right to privacy by ensuring the full and effective implementation of all relevant obligations under international human rights law".
This document has been adopted by UN some days later of publication of the Report and Recommendations of The US President’s Review Group on Intelligence and Communications Technologies titled “Liberty and Security in a Changing World”. IEEE Computer Society e-Government |
posted Dec 19, 2013, 9:44 AM by Carlos E. Jimenez-Gomez
[
updated Dec 19, 2013, 11:15 AM
]
posted Aug 25, 2013, 7:18 PM by Carlos E. Jimenez-Gomez
[
updated Feb 21, 2014, 11:10 PM
]
Presentation of the IEEE Computer Society e-Government experts, Prof. Francisco Falcone & Carlos E. Jimenez, on May 10th 2013 in Tarragona, Spain, invited by the Computer Engineering and Mathematics Department (DEIM) of the Rovira i Virgili University.
Speakers explain their holistic perspective of key technologies and its aligment's importance, in Public Organizations.
Documents. |
posted Nov 11, 2012, 9:46 AM by STC eGov
[
updated Aug 25, 2013, 7:29 PM by Carlos E. Jimenez-Gomez
]
Hector D. Puyosa P.
IEEE eGovernment STC
e-mail: hector.puyosa@ieee.org
1. INTRODUCTION
The term e-Government is defined by the Organization for Economic Cooperation and Development (OECD) as the use of new information and communication technologies (ICTs) by governments as applied to the full range of government functions. In particular, the networking potential offered by the Internet and related technologies have the potential to transform the structures and operation of government [1].
The effective management of information security is a key factor as willingness, of the different users (citizens and other parties), to use e-Government services will heavily depend on the trust they have on the data security of this service.
2. INFORMATION SECURITY
As stated in [2] a central challenge of e-Government service is how the new technology can be used not only to increase efficiency for public administration, but also to strengthen confidence in privacy measures by creating mutual transparency between public administration and citizens.
The process approach for information security management system, ISMS, presented in [3] encourages its users to emphasize the importance of:
Data security requires a set of security requirements:
Authentication: capability to identify who is using the services (person or software program). Processes of verifying that you are who you say you are.
Authorization: capability to give rights access to resources. Process to verify someone have the rights to do what she is trying to do.
Confidentiality: capability to prevent unauthorized access to information
Integrity: capability to prevent information from unauthorized modification, and ensuring that information can be relied upon and is accurate and complete.
Traceability: capability to chronologically interrelate any transaction to a person or system that performed the action in a way that is verifiable.
Non-repudiation: capability to prevent the intervening person or system in an event or action to denying or challenging their participation on the event.
Example of organizational and technical measures to prevent unauthorized access and processing are shown in [4]:
- Protecting premises, equipment and systems software, including input-output units
- Protecting software applications used to process personal data
- Preventing unauthorized access to personal data during transmission thereof, including transmission via telecommunication means and networks;
- Ensuring effective methods of blocking, destruction, erasure, or anonymization of personal data;
- Enabling subsequent determination of when individual personal data were entered into a filing system, used or otherwise processed, and the person responsible, for the period covered by statutory protection of the rights of an individual with regard to unauthorized supply or processing of personal data.
Despite trusted security and privacy measures constitutes a crucial success factor for e-Government that has not been yet addressed as UN 2012 Survey shows only 20% of national portals clearly indicate the presence of security features. Europe is leading with 44% countries displaying secure links on their national websites but survey do not consider regional and local websites and neither the many decentralized public organization web portals.
3. INFORMATION SECURITY THREATS
Services provided by e-Government to citizens, enterprise, public officer, government administration and agencies via Internet and mobile connections are vulnerable to a variety of threats. In [5] are detailed examples of cyber attacks using techniques like packet sniffer, probe, malware, internet infrastructure attack, denial of services attack, remote to local attack and user to root attack.
As is stated in [6] the successful adoption of an ISMS is important to protect information assets, allowing an organization to:
- Achieve greater assurance that its information assets are adequately protected against information security risks on a continual basis
- Maintain a structured and comprehensive framework for identifying and assessing information security risks, selecting and applying applicable controls, and measuring and improving their effectiveness;
- Continually improve its control environment
- Effectively achieve legal and regulatory compliance.
There are simple and well-known web application vulnerabilities that could be avoided but e- Government webs are still vulnerable. A research work [7] found 81.6% e-Government web sites from 212 different countries were vulnerable to Cross Site Scripting (XSS) and Structured Query Language (SQL) injection. SQL injection attack can compromise data integrity while XSS is a vulnerability, which attackers may exploit to steal users' information.
Specific security measures like firewalls, intrusion detection software, encryption, and secure networks must be defined designed and implemented for government agencies to provide the appropriate levels of security. But information security must also take into consideration the people and processes that rely on the systems. Employees with daily access to e-Government systems must be trained on cybersecurity and this aspect must become part of their job. A study by the Department of Computer Science at Columbia University [8] shows how the human factor influences cybersecurity policies and how that work could be used to train government employees to improve the security posture of government departments and agencies.
4. CONCLUSIONS
Aim of this article is to highlight the need to implement an ISMS to provide e-Government services with the different levels of confidentiality, integrity and availability, which are requested, for the different users regardless of their literacy in electronic information technology. A lot of work has been done but more is needed to secure e-Government application.
To protect e-Government systems current information security best practices shall be used. Security polices, practices and procedures must be in place as well as utilization of security technology, which help to protect e-Government systems against attack, detect abnormal activities services and to have a proven contingency plan in place.
Fundamental factors are to have a proper public-key infrastructure providing the required level of authentication and integrity and also to have a continuous awareness and training program to ensure people understand security threats, know how to identify potential issues and behave accordingly to maintain a secure e-Government service.
REFERENCES
[1] Organisation for Economic Co-operation and Development, Public Management Service, PUMA 16/ANN/Rev1 (2001). “E-Government: analysis framework and methodology”. http://search.oecd.org/officialdocuments/publicdisplaydocumentpdf/?cote=PUMA(2001)16/ANN/REV1&docLanguage=En (Link at 21-October-2012)
[2] United Nations, Department of Economic and Social Affairs (2012). “E-Government Survey 2012. E-Government for the People”. ISBN: 978-92-1-123190-8.
http://unpan1.un.org/intradoc/groups/public/documents/un/unpan048065.pdf (Link at 21-October-2012).
[3] ISO/IEC 2700:2005 (2009). Information technology — Security techniques — Information security management systems — Requirements.
[4] Chatzidimitriou, Marios and Adamantios Koumpis (2008). “Marketing One-stop E-Government Solutions: the European OneStopGov Project”. IAENG International Journal of Computer Science, 35:1, IJCS_35_1_11. (Advance online publication: 19 February). http://www.iaeng.org/IJCS/issues_v35/issue_1/IJCS_35_1_11.pdf
[5] Shailendra, Sing; Singh Karaulia (2011). “E-Governance: Information Security Issues”. International Conference on Computer Science and Information Technology (ICCSIT’2011). http://psrcentre.org/images/extraimages/1211468.pdf
[6] ISO/IEC 2700:2009 (2009). Information technology — Security techniques — Information security management systems — Overview and vocabulary.
[7] Vebjørn Moen, André N. Klingsheim, Kent Inge Fagerland Simonsen, and Kjell Jørgen Hole (2007). “Vulnerabilities in e-governments”. International Journal of Electronic Security and Digital Forensics, vol. 1, issue 1, pages 89-100. http://www.nowires.org/Papers-PDF/ICGeS_egov.pdf
[8] Brian M. Bowen, Ramaswamy Devarajan, Salvatore Stolf (2012). “Measuring the Human Factor of Cyber Security”. Homeland Security Affairs, Supplement 5, article 2.
http://academiccommons.columbia.edu/catalog/ac%3A142664
|
posted Nov 3, 2012, 3:01 AM by STC eGov
[
updated Oct 14, 2013, 7:29 AM by Carlos E. Jimenez-Gomez
]
Presentation IEEE e-Government Initiative
On 20 September was held a Conference in Madrid which presents IEEE e-Government Initiative. The presentation took place within a technical session on collaboration between IEEE Spain Section, network e-Madrid, the IEEE Technology Management Council (TMC) Spain chapter, IEEE Spain Education Society chapter and IEEE Student Branch at the UNED. At the end of the presentation an interesting Question Time resulted in an analysis of the current situation on e-Government(the video is in Spanish with English subtitles, that they have been included automatically via voice recognition and automatic simultaneous translation).
egov madrid subt 20092012 from stc_egov on Vimeo. |
posted Oct 18, 2012, 1:27 PM by STC eGov
[
updated Aug 9, 2014, 10:23 PM by Carlos E. Jimenez-Gomez
]
The IEEE eGovernment STC
The IEEE Computer Society’s Special Technical Community on eGovernment aims at carrying out more coordinated and better work on eGovernment within the IEEE. The IEEE eGovernment STC is a new worldwide and transversal
division within IEEE and, particularly, it is part of the IEEE Computer Society. This is an open community, related specially to public organizations’ technological areas. Some of the tasks this IEEE division could carry out are (but not limited to):
- To design a newsletter for the eGovernment community
- To set up workshops in IEEE conferences addressed to authors and attendees
- To draft standards
- To invite authors to submit technical articles to different journals, magazines and newsletters
- To design and try courseware for government IT practitioners
What does eGovernment mean for the IEEE eGovernment STC?
We know and understand the differences between the distinct classifications related to technology adoption in public organizations. However, in order to be inclusive, this STC adopts a broader eGovernment view, a transversal and horizontal one that takes into account both the strategic and the operative perspectives. Thus, among other, eGovernment includes infrastructure, management, rules and specific requirements, different areas under the
eGovernment umbrella, or public policies (or strategies) related to technology adoption. It also focuses on :
- Open Government, Smart Government, eAdministration
- Government Cloud, mGovernment
- eGovernment Interoperability, eGovernment Cybersecurity or eGovernment Privacy
- eJustice or eHealth
- eGovernance and other eGovernment perspectives and technologies, present and futures
Some examples?
The management of technology, innovation and engineering are core disciplines in STC
on eGovernment. Some specific areas the group will work on are (but not limited to):
1. The design of systems, standards, architectures and configurations, including Government systems and eGovernment interoperability. How should we prepare eGovernment systems to be interoperable, which standards are key for this purpose?
2.
The design of the infrastructure and underlying architecture of eGovernment systems so that all of the technology pieces work together
3.
Scalability and maintainability, keeping in mind that selling companies may go out of business but that public organizations’ systems have to
keep running (this
requires special procurement policies in order to get
source
code, a good configuration control, documentation, standard development platforms, etc.)
4.
Project design,
taking into account the real and long-term costs, including ongoing licenses and support fees.
5.
Protection and hosting of personal data, resistance to hacking and break-in, resilience to failures and emergencies (how
to prevent a nation’s databases from turning off if an earthquake takes place?)
6.
Change management in public organizations. How do you convince citizens and users to trust and use the new systems
instead of standing in line at the old offices as they have always
done?
7.
IT and information systems
strategic alignment with public policies, principles and eGovernment strategies
8.
What pieces of the e-system must continue to be duplicated by the “old” methods, and for how long? How to ensure consistency between data and documents processed through the e-system and the “old” system?
Mission, Vision and Field of Interest
Our perspective is integrated and aligned with the IEEE Computer Society and IEEE view. Right now, we are in the process of developing it, but these are some of the key elements it will include.Mission – To support public managers worldwide pursuing excellence in management of innovation and technology on eGovernment in order to be more efficient, effective and transparent, as well as to serve to the citizen. To enable technology professionals and managers, members of IEEE, to optimize organizational effectiveness in public organizations, more specifically, in the eGovernment area in order to be more efficient, effective and transparent. The IEEE eGovernment STC will help organize the IEEE community to come together to advance in the eGovernment area . Vision - To become the preferred resource for technology professionals and public managers pursuing excellence in management of innovation and technology on eGovernment. Governments will increasingly seek IEEE’s input as an unbiased source of technical information. Governments will request IEEE opinions before policy decisions. IEEE experts will always be invited to participate in conferences and international government fora.Field of Interest - The field of interest focuses on the strategic management, social implications of technology and policies, related information systems, innovation, technologies, processes and procedures within public organizations.
|
|
