Your SlideShare is downloading. ×

Session 5.2 Martin Koyabe

106
views

Published on

Published in: Technology

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
106
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
1
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. E-Government Security Threats BYOD – “The Elephant in the Room” Dr Martin Koyabe Head of Research & Consultancy (CTO)
  • 2. © Commonwealth Telecommunications Organisation What is e-Government ? “ The use by government agencies of information communications technology to transform relations with citizens, businesses, and other arms of government.” Source: World Bank 2 radically
  • 3. © Commonwealth Telecommunications Organisation Why e-Government ? “around 170 out of 193 countries have implemented some form of ICT (i.e. just having a website or even an email) “ Source: ITU 3 Better Government Government Efficient ParticipatoryEffective Accountable Transparent
  • 4. © Commonwealth Telecommunications Organisation e-Government Interactions & Relationships 4 Government Citizens BusinessG-to-C C-to-G B-to-C C-to-B G-to-B B-to-GG-to-G C-to-C B-to-B
  • 5. © Commonwealth Telecommunications Organisation South Korea e-Government Portal 5 Note: Very interactive despite having complex backend processing
  • 6. © Commonwealth Telecommunications Organisation Swedish Tax Agency Portal 6 Note: Very trusted and easy to use
  • 7. © Commonwealth Telecommunications Organisation Challenges & Obstacles in e-Government #1 – Technical – Lack of adequate IT infrastructure o public service legacy systems still being used – Lack of technical knowledge o in deploying e-government strategic programs – Lack of efficient & robust secure system o in terms of information security & data privacy 7
  • 8. © Commonwealth Telecommunications Organisation Challenges & Obstacles in e-Government #2 – Political – Low prioritization of e-Government initiatives o Lack of policies, regulatory structures & resources – Poor strategic vision o Lack of integration with mainstream strategies – Lack of broad partnerships & collaborations o with relevant multi-stakeholders 8
  • 9. © Commonwealth Telecommunications Organisation Challenges & Obstacles in e-Government #3 – Cultural – e-Government -> “Big Brother” o Perception of government spying on its citizens – e-Government -> “Retrenchment” o Fears by public service staff about loosing jobs – Lack of confidence/trust in using e-Government systems o Poor education and lack of awareness – General fears o About loosing control or ownership of information 9
  • 10. © Commonwealth Telecommunications Organisation Challenges & Obstacles in e-Government #4 – Legal/Regulatory – Lack of relevant legislation o Data protection & privacy laws critical – Non-existence of cross-border peering agreements o To apprehend or pursue cybercriminal criminals – Less friendly regulatory environment o Need to encourage investment 10
  • 11. © Commonwealth Telecommunications Organisation Hundreds of targets Dozens of campaigns Direct/Indirect attacks Target Security Threats Source: Symantec
  • 12. © Commonwealth Telecommunications Organisation Target Security Threats (per Sector & Function) Source: Symantec
  • 13. © Commonwealth Telecommunications Organisation Security Trends Impacting e-Government 13 “The Mobile – Paradigm Shift, is among the four key security trends impacting e-Government. Others are Malware, Targeted and Data Breaches attacks. “ Source: Symantec
  • 14. © Commonwealth Telecommunications Organisation “The Elephant in the Room” • Bring Your Own Device (BYOD) – BYOD refers to smart phones and tablets that are not owned by the organisation 14
  • 15. © Commonwealth Telecommunications Organisation Unmasking “The Elephant in the Room” • Despite high rate of BYOD adoption – Governance not well understood by many organisations – Initiatives sometimes approved without a business case – Inadequate information security functions 15 Study on BYOD Source: ISF/Ponemon Institute
  • 16. © Commonwealth Telecommunications Organisation Main BYOD Risks • Caused by ownership of the device – Exposes organisations to different risk caused by owners behaviour & constrains available controls 16 Study on mobile devices Source: ISF/Trustwave Study (2013)
  • 17. © Commonwealth Telecommunications Organisation How do you manage BYOD risks? • Approach should be information-centric – Impact on data (information) should be the focus 17 Physical Software Data • Hardware • Connectivity • Operating system • Applications • Information
  • 18. © Commonwealth Telecommunications Organisation Managing BYOD risks • #2 A threat and Vulnerability assessment – Determines the likelihood of that impact 18 • #1 Conduct a Business Impact Assessment – Impact on organisation should Confidentiality, Integrity or Availability of information is compromised – Where applicable, use existing BIA for guidance
  • 19. © Commonwealth Telecommunications Organisation Managing BYOD risks • #3 Conduct a Risk Treatment – Mitigation – applying appropriate security controls o e.g. malware protection, mobile devise management (MDM) or Data Loss Prevention (DLP) – Transfer – risks are shared with an external or via insurance – Avoidance – risk are avoided by cancelling a particular BYOD initiative – Acceptance – Business owners take responsibility 19
  • 20. © Commonwealth Telecommunications Organisation Managing BYOD risks • Other deployment issues to consider – Implementing BYOD in the organisation o Need to define governance structures and policies – Evaluation o Collect metrics and user feedback – Enhancement o Maintain effective risk management efforts o Update the BYOD programme strategy and policies 20
  • 21. © Commonwealth Telecommunications Organisation My thoughts • BYOD is here to stay • Ignore BYOD risk at your own peril • BYOD ownership behaviour adds more risk • If you want BYOD be prepared to compromise • BYOD data/stored information is more important 21
  • 22. © Commonwealth Telecommunications Organisation Finally • e-Government is not the destination it’s the path to the destination 22
  • 23. © Commonwealth Telecommunications Organisation Martin Koyabe e: m.koyabe@cto.int m: +44 (0) 791 871 2490 t: +44 (0) 208 600 3815 23 Q & A Session