• Save
Security in e governance 2   ruchin kumar
Upcoming SlideShare
Loading in...5
×
 

Security in e governance 2 ruchin kumar

on

  • 639 views

 

Statistics

Views

Total Views
639
Views on SlideShare
628
Embed Views
11

Actions

Likes
0
Downloads
0
Comments
0

1 Embed 11

http://secureit.eletsonline.com 11

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Security in e governance 2   ruchin kumar Security in e governance 2 ruchin kumar Presentation Transcript

  • Security in eGovernanceRuchin KumarPrincipal Solution ArchitectSafeNet Inc.Ruchin.kumar@safenet-inc.com © SafeNet Confidential and Proprietary
  • Governance to eGovernance > Visibility From scattered information on files TO a consolidated dashboard that can be accessed from anywhere > Efficiency From manual work processes with lost bandwidth in finding the files as well as status of a particular work item TO a central system that allows for tracking of work status of a particular item without having to ask anyone > Analytics From missing information to delays in getting the information TO real time analytics© SafeNet Confidential and Proprietary 2
  • Made Possible through implementation of IT for Workflow Automation© SafeNet Confidential and Proprietary 3
  • Governance – Security by Design What can’t be found can’t stolen or manipulated Employees not sure where the file is Strong rooms full of files that no one knows how to search the information for> What can’t be accessed can’t be under threat You can ask for your own file only Even getting access to your own file is difficult enough let alone having to get access to someone else’ file > What can’t be found can’t be under threat Making a general query (like give me the list of all properties sold in last 10-days) is quite a challenge in a manual environment© SafeNet Confidential and Proprietary 4
  • Governance – Security in the hands of Individuals and not by Process The very obstacles that lead to inherent security of various documents also equip them to completely or selectively erase the data/information > No Audit Trail on who might have seen a particular piece of information© SafeNet Confidential and Proprietary 5
  • eGovernance – Security Needs to be Designed The very benefit of bringing the data and information closer to one’s finger tips means that the information can be accessed Something that is inter-connected will always be open to threats from internal as well as external sources© SafeNet Confidential and Proprietary 6
  • Use Case - Crime and Criminal Tracking Network And System© SafeNet Confidential and Proprietary 7
  • Vision “To transform the police force into a knowledge-based force and improve the delivery of citizen centric services through enhancing the efficiency and effectiveness of the police stations by creating a platform for sharing crime and criminal information across the police stations in the country” The overall objective of the MMP is based on enhancing the operational efficiency and effectiveness of the police force in delivering the services.© SafeNet Confidential and Proprietary 8
  • Objectives  Empowerment of Police Officers at all level.  Improve Service Delivery to the Public  Provide Enhanced Tools for Law & Order Maintenance, Investigation, Crime Prevention, & Traffic Management  Increase Operational Efficiency  Create a platform for sharing crime & criminal information across the country  Eliminating Drudgery from Police System© SafeNet Confidential and Proprietary 9
  • Data Elements Stored in the CCTNS system Criminal Details Lost or unauthorized property details Passport Verification details Ongoing cases details Pictures, Biometric prints etc Citizen information Arms possession details© SafeNet Confidential and Proprietary 10
  • User Manager Module - User accounts are created for various officers who are authorized to operate the system. Permissions for various user accounts createdData are also defined which may beEncryption, Granular changed from time to time.Access, Audit/reporting and digital signing Investigation Module –for data intigrity retrieve information of the crime, criminals, cases, witnesses etc. and help in getting the required Central Data analysis done Center State Data Center Unclaimed/Abondon property – enable the police personal to record and maintain unclaimed/abandoned property and Synchronization Module - match unclaimed/ abandoned enables transmission of the data property with property in lost/stolen to and from DR Offices records Servers & also the Central Database Server. Data Encryption, Granular Access, Audit/reporti DR Data Encryption, ng and digital signing Granular Access, for data integrity Data Center Audit/reporting and digital signing for data integrity © SafeNet Confidential and Proprietary 11
  • Integrated Financial Management System (IFMS) and Integrated Workflow and Document Management System (IWDMS) ……….The Treasury Projects© SafeNet Confidential and Proprietary 12
  • Data Elements Stored in the Treasury System Financial Data in terms of Debt Management Loan Management Treasury Data Pension Details (confidential for an individual) Budgeting Details Accounting Details State Revenue Details Revenue Disbursement Details© SafeNet Confidential and Proprietary 13
  • How should we protect sensitive Information ?? Access Control Login name Password PIN Digital Certificate Biometrics Data in Transit Mail (+ attachment)Data at Rest FTPDatabase Other transferFiles (Internet(Hard Disk Phone networkUSB drive Leased linesTape) Other networks) © SafeNet Confidential and Proprietary 14
  • Inspector General of Registration and Superintendent of Stamps (IGRS) Property Administration System (PAS) – An Example© SafeNet Confidential and Proprietary 15
  • Data Elements Stored in the IGRS system Property Details Scanned Copy of Registry Buyer Details Seller Details Fingerprints Picture Signatures© SafeNet Confidential and Proprietary 16
  • Likely Misuse Scenario - 1 Query the system to show the Top 10 transactions by value in last 10-days > Once done, does it facilitate someone with criminal mindset to make demands on the parties involved? > Does the information published on a Website or any other public media lead to uncomfortable situation for the parties involved?© SafeNet Confidential and Proprietary 17
  • Likely Misuse Scenario - 2 Query the system to show list of people with highest number of properties > Once done, does it facilitate someone with criminal mindset to misuse the information. > Does the information published on a Website or any other public media lead to uncomfortable situation for the parties involved?© SafeNet Confidential and Proprietary 18
  • Likely Misuse Scenario - 3 Query the system for properties in the name of Senior Citizens Once done, does it facilitate someone with criminal mindset to misuse the info?© SafeNet Confidential and Proprietary 19
  • Likely misuse scenario - 4 Downloading copy of Registry document along with Photograph and owner details Will that allow someone to try selling it by faking the documents?© SafeNet Confidential and Proprietary 20
  • Are those illegitimate Scenarios? Far from being illegitimate, those are the very queries that the authorities will need to make However, the same queries in the hands of an authorized person may lead to sensitive information in the wrong hands© SafeNet Confidential and Proprietary 21
  • IT Act of India Section 43A Where a body corporate, possessing, dealing or handling any sensitive personal data or information in a computer resource it owns, controls or operates, is negligent in implementing and maintaining reasonable security practices and procedures and thereby causes wrongful loss or wrongful gain to any person, such body corporate shall be liable to pay damages by way of compensation to the person to affected So What? Financial Penalties to the Organization Loss of Reputation for the Department© SafeNet Confidential and Proprietary 22
  • What Can be Done? Understand the Security Aspects Integrity of Data (No One shall be able to modify it) Non-repudiation of Transaction (No one shall be able to deny the transaction) Encryption of Data (Data shall be visible to only the ones who are authorized) Identify the Sensitive Data Elements and corresponding Security Needs Not every data elements need same level of protection Control the access to Data. Not every piece of data is needed by everyone Control the Type of Queries that can be run by a particular role Control the amount of information that can be fetched Add the Security Aspects to bring “adequate” level of Security for the identified Data Elements Add the Audit Trail© SafeNet Confidential and Proprietary 23
  • Thank You© SafeNet Confidential and Proprietary 24