E-Government Security Threats
BYOD – “The Elephant in the Room”
Dr Martin Koyabe
Head of Research & Consultancy (CTO)
© Commonwealth Telecommunications Organisation
What is e-Government ?
“ The use by government agencies of information
comm...
© Commonwealth Telecommunications Organisation
Why e-Government ?
“around 170 out of 193 countries have implemented some
f...
© Commonwealth Telecommunications Organisation
e-Government Interactions & Relationships
4
Government
Citizens
BusinessG-t...
© Commonwealth Telecommunications Organisation
South Korea e-Government Portal
5
Note: Very interactive despite having com...
© Commonwealth Telecommunications Organisation
Swedish Tax Agency Portal
6
Note: Very trusted and easy to use
© Commonwealth Telecommunications Organisation
Challenges & Obstacles in e-Government
#1 – Technical
– Lack of adequate IT...
© Commonwealth Telecommunications Organisation
Challenges & Obstacles in e-Government
#2 – Political
– Low prioritization ...
© Commonwealth Telecommunications Organisation
Challenges & Obstacles in e-Government
#3 – Cultural
– e-Government -> “Big...
© Commonwealth Telecommunications Organisation
Challenges & Obstacles in e-Government
#4 – Legal/Regulatory
– Lack of rele...
© Commonwealth Telecommunications Organisation
Hundreds of
targets
Dozens of
campaigns
Direct/Indirect
attacks
Target Secu...
© Commonwealth Telecommunications Organisation
Target Security Threats (per Sector & Function)
Source: Symantec
© Commonwealth Telecommunications Organisation
Security Trends Impacting e-Government
13
“The Mobile – Paradigm Shift, is ...
© Commonwealth Telecommunications Organisation
“The Elephant in the Room”
• Bring Your Own Device (BYOD)
– BYOD refers to ...
© Commonwealth Telecommunications Organisation
Unmasking “The Elephant in the Room”
• Despite high rate of BYOD adoption
–...
© Commonwealth Telecommunications Organisation
Main BYOD Risks
• Caused by ownership of the device
– Exposes organisations...
© Commonwealth Telecommunications Organisation
How do you manage BYOD risks?
• Approach should be information-centric
– Im...
© Commonwealth Telecommunications Organisation
Managing BYOD risks
• #2 A threat and Vulnerability assessment
– Determines...
© Commonwealth Telecommunications Organisation
Managing BYOD risks
• #3 Conduct a Risk Treatment
– Mitigation – applying a...
© Commonwealth Telecommunications Organisation
Managing BYOD risks
• Other deployment issues to consider
– Implementing BY...
© Commonwealth Telecommunications Organisation
My thoughts
• BYOD is here to stay
• Ignore BYOD risk at your own peril
• B...
© Commonwealth Telecommunications Organisation
Finally
• e-Government is not the destination it’s the path
to the destinat...
© Commonwealth Telecommunications Organisation
Martin Koyabe
e: m.koyabe@cto.int
m: +44 (0) 791 871 2490
t: +44 (0) 208 60...
Upcoming SlideShare
Loading in...5
×

Session 5.2 Martin Koyabe

135

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
135
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
1
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Session 5.2 Martin Koyabe

  1. 1. E-Government Security Threats BYOD – “The Elephant in the Room” Dr Martin Koyabe Head of Research & Consultancy (CTO)
  2. 2. © Commonwealth Telecommunications Organisation What is e-Government ? “ The use by government agencies of information communications technology to transform relations with citizens, businesses, and other arms of government.” Source: World Bank 2 radically
  3. 3. © Commonwealth Telecommunications Organisation Why e-Government ? “around 170 out of 193 countries have implemented some form of ICT (i.e. just having a website or even an email) “ Source: ITU 3 Better Government Government Efficient ParticipatoryEffective Accountable Transparent
  4. 4. © Commonwealth Telecommunications Organisation e-Government Interactions & Relationships 4 Government Citizens BusinessG-to-C C-to-G B-to-C C-to-B G-to-B B-to-GG-to-G C-to-C B-to-B
  5. 5. © Commonwealth Telecommunications Organisation South Korea e-Government Portal 5 Note: Very interactive despite having complex backend processing
  6. 6. © Commonwealth Telecommunications Organisation Swedish Tax Agency Portal 6 Note: Very trusted and easy to use
  7. 7. © Commonwealth Telecommunications Organisation Challenges & Obstacles in e-Government #1 – Technical – Lack of adequate IT infrastructure o public service legacy systems still being used – Lack of technical knowledge o in deploying e-government strategic programs – Lack of efficient & robust secure system o in terms of information security & data privacy 7
  8. 8. © Commonwealth Telecommunications Organisation Challenges & Obstacles in e-Government #2 – Political – Low prioritization of e-Government initiatives o Lack of policies, regulatory structures & resources – Poor strategic vision o Lack of integration with mainstream strategies – Lack of broad partnerships & collaborations o with relevant multi-stakeholders 8
  9. 9. © Commonwealth Telecommunications Organisation Challenges & Obstacles in e-Government #3 – Cultural – e-Government -> “Big Brother” o Perception of government spying on its citizens – e-Government -> “Retrenchment” o Fears by public service staff about loosing jobs – Lack of confidence/trust in using e-Government systems o Poor education and lack of awareness – General fears o About loosing control or ownership of information 9
  10. 10. © Commonwealth Telecommunications Organisation Challenges & Obstacles in e-Government #4 – Legal/Regulatory – Lack of relevant legislation o Data protection & privacy laws critical – Non-existence of cross-border peering agreements o To apprehend or pursue cybercriminal criminals – Less friendly regulatory environment o Need to encourage investment 10
  11. 11. © Commonwealth Telecommunications Organisation Hundreds of targets Dozens of campaigns Direct/Indirect attacks Target Security Threats Source: Symantec
  12. 12. © Commonwealth Telecommunications Organisation Target Security Threats (per Sector & Function) Source: Symantec
  13. 13. © Commonwealth Telecommunications Organisation Security Trends Impacting e-Government 13 “The Mobile – Paradigm Shift, is among the four key security trends impacting e-Government. Others are Malware, Targeted and Data Breaches attacks. “ Source: Symantec
  14. 14. © Commonwealth Telecommunications Organisation “The Elephant in the Room” • Bring Your Own Device (BYOD) – BYOD refers to smart phones and tablets that are not owned by the organisation 14
  15. 15. © Commonwealth Telecommunications Organisation Unmasking “The Elephant in the Room” • Despite high rate of BYOD adoption – Governance not well understood by many organisations – Initiatives sometimes approved without a business case – Inadequate information security functions 15 Study on BYOD Source: ISF/Ponemon Institute
  16. 16. © Commonwealth Telecommunications Organisation Main BYOD Risks • Caused by ownership of the device – Exposes organisations to different risk caused by owners behaviour & constrains available controls 16 Study on mobile devices Source: ISF/Trustwave Study (2013)
  17. 17. © Commonwealth Telecommunications Organisation How do you manage BYOD risks? • Approach should be information-centric – Impact on data (information) should be the focus 17 Physical Software Data • Hardware • Connectivity • Operating system • Applications • Information
  18. 18. © Commonwealth Telecommunications Organisation Managing BYOD risks • #2 A threat and Vulnerability assessment – Determines the likelihood of that impact 18 • #1 Conduct a Business Impact Assessment – Impact on organisation should Confidentiality, Integrity or Availability of information is compromised – Where applicable, use existing BIA for guidance
  19. 19. © Commonwealth Telecommunications Organisation Managing BYOD risks • #3 Conduct a Risk Treatment – Mitigation – applying appropriate security controls o e.g. malware protection, mobile devise management (MDM) or Data Loss Prevention (DLP) – Transfer – risks are shared with an external or via insurance – Avoidance – risk are avoided by cancelling a particular BYOD initiative – Acceptance – Business owners take responsibility 19
  20. 20. © Commonwealth Telecommunications Organisation Managing BYOD risks • Other deployment issues to consider – Implementing BYOD in the organisation o Need to define governance structures and policies – Evaluation o Collect metrics and user feedback – Enhancement o Maintain effective risk management efforts o Update the BYOD programme strategy and policies 20
  21. 21. © Commonwealth Telecommunications Organisation My thoughts • BYOD is here to stay • Ignore BYOD risk at your own peril • BYOD ownership behaviour adds more risk • If you want BYOD be prepared to compromise • BYOD data/stored information is more important 21
  22. 22. © Commonwealth Telecommunications Organisation Finally • e-Government is not the destination it’s the path to the destination 22
  23. 23. © Commonwealth Telecommunications Organisation Martin Koyabe e: m.koyabe@cto.int m: +44 (0) 791 871 2490 t: +44 (0) 208 600 3815 23 Q & A Session
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×