Session 5.2 Martin Koyabe
Upcoming SlideShare
Loading in...5
×
 

Session 5.2 Martin Koyabe

on

  • 190 views

 

Statistics

Views

Total Views
190
Views on SlideShare
184
Embed Views
6

Actions

Likes
0
Downloads
0
Comments
0

1 Embed 6

http://www.slideee.com 6

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Session 5.2 Martin Koyabe Session 5.2 Martin Koyabe Presentation Transcript

  • E-Government Security Threats BYOD – “The Elephant in the Room” Dr Martin Koyabe Head of Research & Consultancy (CTO)
  • © Commonwealth Telecommunications Organisation What is e-Government ? “ The use by government agencies of information communications technology to transform relations with citizens, businesses, and other arms of government.” Source: World Bank 2 radically
  • © Commonwealth Telecommunications Organisation Why e-Government ? “around 170 out of 193 countries have implemented some form of ICT (i.e. just having a website or even an email) “ Source: ITU 3 Better Government Government Efficient ParticipatoryEffective Accountable Transparent
  • © Commonwealth Telecommunications Organisation e-Government Interactions & Relationships 4 Government Citizens BusinessG-to-C C-to-G B-to-C C-to-B G-to-B B-to-GG-to-G C-to-C B-to-B
  • © Commonwealth Telecommunications Organisation South Korea e-Government Portal 5 Note: Very interactive despite having complex backend processing
  • © Commonwealth Telecommunications Organisation Swedish Tax Agency Portal 6 Note: Very trusted and easy to use
  • © Commonwealth Telecommunications Organisation Challenges & Obstacles in e-Government #1 – Technical – Lack of adequate IT infrastructure o public service legacy systems still being used – Lack of technical knowledge o in deploying e-government strategic programs – Lack of efficient & robust secure system o in terms of information security & data privacy 7
  • © Commonwealth Telecommunications Organisation Challenges & Obstacles in e-Government #2 – Political – Low prioritization of e-Government initiatives o Lack of policies, regulatory structures & resources – Poor strategic vision o Lack of integration with mainstream strategies – Lack of broad partnerships & collaborations o with relevant multi-stakeholders 8
  • © Commonwealth Telecommunications Organisation Challenges & Obstacles in e-Government #3 – Cultural – e-Government -> “Big Brother” o Perception of government spying on its citizens – e-Government -> “Retrenchment” o Fears by public service staff about loosing jobs – Lack of confidence/trust in using e-Government systems o Poor education and lack of awareness – General fears o About loosing control or ownership of information 9
  • © Commonwealth Telecommunications Organisation Challenges & Obstacles in e-Government #4 – Legal/Regulatory – Lack of relevant legislation o Data protection & privacy laws critical – Non-existence of cross-border peering agreements o To apprehend or pursue cybercriminal criminals – Less friendly regulatory environment o Need to encourage investment 10
  • © Commonwealth Telecommunications Organisation Hundreds of targets Dozens of campaigns Direct/Indirect attacks Target Security Threats Source: Symantec
  • © Commonwealth Telecommunications Organisation Target Security Threats (per Sector & Function) Source: Symantec
  • © Commonwealth Telecommunications Organisation Security Trends Impacting e-Government 13 “The Mobile – Paradigm Shift, is among the four key security trends impacting e-Government. Others are Malware, Targeted and Data Breaches attacks. “ Source: Symantec
  • © Commonwealth Telecommunications Organisation “The Elephant in the Room” • Bring Your Own Device (BYOD) – BYOD refers to smart phones and tablets that are not owned by the organisation 14
  • © Commonwealth Telecommunications Organisation Unmasking “The Elephant in the Room” • Despite high rate of BYOD adoption – Governance not well understood by many organisations – Initiatives sometimes approved without a business case – Inadequate information security functions 15 Study on BYOD Source: ISF/Ponemon Institute
  • © Commonwealth Telecommunications Organisation Main BYOD Risks • Caused by ownership of the device – Exposes organisations to different risk caused by owners behaviour & constrains available controls 16 Study on mobile devices Source: ISF/Trustwave Study (2013)
  • © Commonwealth Telecommunications Organisation How do you manage BYOD risks? • Approach should be information-centric – Impact on data (information) should be the focus 17 Physical Software Data • Hardware • Connectivity • Operating system • Applications • Information
  • © Commonwealth Telecommunications Organisation Managing BYOD risks • #2 A threat and Vulnerability assessment – Determines the likelihood of that impact 18 • #1 Conduct a Business Impact Assessment – Impact on organisation should Confidentiality, Integrity or Availability of information is compromised – Where applicable, use existing BIA for guidance
  • © Commonwealth Telecommunications Organisation Managing BYOD risks • #3 Conduct a Risk Treatment – Mitigation – applying appropriate security controls o e.g. malware protection, mobile devise management (MDM) or Data Loss Prevention (DLP) – Transfer – risks are shared with an external or via insurance – Avoidance – risk are avoided by cancelling a particular BYOD initiative – Acceptance – Business owners take responsibility 19
  • © Commonwealth Telecommunications Organisation Managing BYOD risks • Other deployment issues to consider – Implementing BYOD in the organisation o Need to define governance structures and policies – Evaluation o Collect metrics and user feedback – Enhancement o Maintain effective risk management efforts o Update the BYOD programme strategy and policies 20
  • © Commonwealth Telecommunications Organisation My thoughts • BYOD is here to stay • Ignore BYOD risk at your own peril • BYOD ownership behaviour adds more risk • If you want BYOD be prepared to compromise • BYOD data/stored information is more important 21
  • © Commonwealth Telecommunications Organisation Finally • e-Government is not the destination it’s the path to the destination 22
  • © Commonwealth Telecommunications Organisation Martin Koyabe e: m.koyabe@cto.int m: +44 (0) 791 871 2490 t: +44 (0) 208 600 3815 23 Q & A Session