Securing & Asuring E Governance Services

  • 1,478 views
Uploaded on

 

More in: Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
  • dear sir/mam,
    I am doing PHD on e-gov in iso 9001 approved industries (with special refrence to indore). so I wants some pdf or articles or ppts for the same topic and please send all these related infos and oblige me.
    Thanks and Regards
    Are you sure you want to
    Your message goes here
No Downloads

Views

Total Views
1,478
On Slideshare
0
From Embeds
0
Number of Embeds
1

Actions

Shares
Downloads
72
Comments
1
Likes
1

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Securing & Assuring eGovernance Services Prof. K. Subramanian Director & Professor Advanced Center for Informatics & Innovative Learning, IGNOU Consulting IT Adviser to CAG of India EX-DDG(NIC), Ministry of Communication & Information Technology 26/02/2009 Prof. ks@2009 NPC Program securing & Assuring 1
  • 2. Important Notable Quotes “Ever since men began to modify their lives by using  technology they have found themselves in a series of technological traps.” Roger Revelle “The law is the last interpretation of the law given by  the last judge.”- Anon. “Privacy is where technology and the law collide.”  --Richard Smith (who traced the ‘I Love You’ and ‘Melissa viruses’) 26/02/2009 Prof. ks@2009 NPC Program securing & Assuring 2
  • 3. NeGP related Policy Guidelines 1.“Policy Guidelines on the use of e-Form Technology”  2. Policy on :Identity and Access Management: An e-Governance  standards initiative to make e-Government Programs and their services a reality Draft Document “e-Governance Information Security Standard”  (Version 01 dated 12th October 2006)--has proposed additional security controls for E-Governance purposes Viz., Data security and privacy protection, Network security, and Application security; Draft Document “Base line security requirements & Selection of  controls” (Version 01, 12th October 2 006). http://egovstandards.gov.in 26/02/2009 Prof. ks@2009 NPC Program securing & Assuring 3
  • 4. Strategy-Policy-Good Practice “Information Security Policy for Protection Critical Information  Infrastructure” (No. CERT-In/NISAP/01, issued on 1st May 2006)  Transition from IT Policy(covers only IT & ITeS Industry) to National Informatics Policy Cutting across Governments (central/state/Local) Departmental allocation of Business Rules.  Information & Privacy Protection Policy, apart from IT ACT & RTI ACTS  Stopping Spam Before It Stops You – SPAM Policy to be done quot;Data disposal, anonymity, trust, privacy management, and systems development activities are just a few of the many privacy concerns organizations must address and need to thoughtfully create a privacy strategy that is clearly and consistently supported by the top business leaders.quot; 26/02/2009 Prof. ks@2009 NPC Program securing & Assuring 4
  • 5. “IT Regulations and Policies-Compliance & Management” Pre-requisites Physical Infrastructure and Mind-set PAST: We have inherited a past, for which we cannot be held  responsible ; PRESENT: have fashioned the present on the basis of development  models, which have undergone many mid-course corrections FUTURE: The path to the future -- a future in which India and Indians will  play a dominant role in world affairs -- is replete with opportunities and challenges. In a number of key areas, it is necessary Break from the past in order to achieve our Vision. We have within ourselves the capacity to succeed We have to embrace Integrated Security & Cyber Assurance Framework 26/02/2009 Prof. ks@2009 NPC Program securing & Assuring 5
  • 6. e-Governance Promises • Efficiency of Service Connotes • Citizen-Centric Service involves  Speed and timeliness of delivery of Service  designing of services from user’s point of view  elegance of the user-interface rather than agency  quality close to the user expectation  developing all user interfaces in local  simplicity of user action required for obtaining language(s) the service.  eliminating scope for ambiguity at the user end  grouping of services around user’s requirements • User-Convenience includes and behavior patterns  easy access to the request-fulfillment cycle  User independence of time and place 24 x 7 • Cost effectiveness of Service is available  reduced direct cost compared to conventional  Single- sign-on system  Single Window access to several services  reduced indirect cost involved in repeated visits  Integrated services meaning access to several  reduced cost to government agency in servicing the agencies through one request request  saving of user time and the cost and the consequent opportunity cost of user time. Reliability of the Service Means ●  enhanced revenue/benefit to the Govt. agency  High degree of availability – 99.99% through disaster recovery systems and alternative channels  bug free system that returns no error message system that produces accurate results and response. 26/02/2009 Prof. ks@2009 NPC Program securing & Assuring 6
  • 7. eGovernance Benefits   Reduce service time  Improved customer service through up-to-date, accurate data.  Business intelligence for fact based decision making  Increased Government revenue due to reduction in transmission and distribution losses. Risk Concerns • Economic Risk •Users whether Government services will be available - Huge Investment in a convenient way as promised – Cost of Technology and Knowledge is high • Policy Makers and Administrators • Technological Risk – Whether objectives of eGovernance are being – High obsolence Rate achieved (Transparency, availability of Service, compliance with Govt. Rules, procedures, – Dependability/Reliability of Technology decisions and Regulations) – Use of right technology • Solution/Service Provider • Social Risk and User acceptability Risks – That system meets the requirements of RFP. – Solutions are citizen and business Centric and touch upon sensitive service oriented issues - High expectation 26/02/2009 Prof. ks@2009 NPC Program securing & Assuring 7
  • 8. eGovernance - Governance Quality is differentiator Risks and Concerns Benefits 26/02/2009 Prof. ks@2009 NPC Program securing & Assuring 8
  • 9. What is required A Framework to ensure ■ Requirements are specified ■ Specifications are complied ■ Users are satisfied Context specific Processes should be in Place to achieve these and can be defined in framework known as Quality Assurance Framework 26/02/2009 Prof. ks@2009 NPC Program securing & Assuring 9
  • 10. Quality in eGovernance The Service Quality can be achieved by ensuring that best practices (as defined in International Standards) are followed while Designing and implementing the processes & Products/Services. 26/02/2009 Prof. ks@2009 NPC Program securing & Assuring 10
  • 11. Quality and Documentation A working group (WG-5) on Quality and  Documentation was formed to bring out guidelines and best practices for Quality and Documentation 26/02/2009 Prof. ks@2009 NPC Program securing & Assuring 11
  • 12. Quality Quality Assurance Framework Framework which provides assurance by defining processes and services and by demonstrating conformity with these 26/02/2009 Prof. ks@2009 NPC Program securing & Assuring 12
  • 13. Basic Principles Define  – Quality policy, objectives and means of their achievement Assure Quality  – execute Processes and implement best practices Generate confidence  – Assess conformity and analyse impact 26/02/2009 Prof. ks@2009 NPC Program securing & Assuring 13
  • 14. eGovernance Conformity Assessment - Goal Generating Confidence of Citizen and Business on e-Government By assuring quality of delivered services 26/02/2009 Prof. ks@2009 NPC Program securing & Assuring 14
  • 15. e GCA - Objective Generating Confidence of Citizen and Business on e-Government Through conformity assessment to user- requirements, regulations and Best Practices by Independent Third Party Rather than Relying solely on the assertion of the developers and solution providers 26/02/2009 Prof. ks@2009 NPC Program securing & Assuring 15
  • 16. e-Governance Evolution Maturity of e-Governance Integration Transaction Interaction Information Time 26/02/2009 Prof. ks@2009 NPC Program securing & Assuring 16
  • 17. eGovernance Maturity Model 29th November 2005 IT Governance-->Corporate Governance 17
  • 18. Up The Value Chain
  • 19. Quality Assurance Framework for e-Governance Assured Citizen III Phase eGov ITIL, BS15000 (Transformation) Secure Citizen IS) 27001, Q-Web ISO 15408 Quality Certified eGov Products ISO 9126, ISO14598 I Phase eGov II Phase eGov ISO 9001-2008 (Information & (Transaction) Interaction) 26/02/2009 Prof. ks@2009 NPC Program securing & Assuring 19
  • 20. Confidence in e-Government Quality of Service to Assured Services Citizen & Business Infrastructure Conformance Engineering Network Datacentre CSC Conformance to standards & best practices Website Security of IT Service Levels S/W Quality Legal & Ethical Information IT Service Mgmt. System issues 26/02/2009 Prof. ks@2009 NPC Program securing & Assuring 20
  • 21. e-Governance Components which needs assurance Infrastructure • Network(SWAN&NICNET) • Data Centre • Common Service Centre Quality components • Information Security Assessments • Application Software Testing (Quality & Security) • IT Services – Quality Evaluation (Service Levels) • Web-Site (Security, Quality, Ethical & Legal Issues) • Compliance with technical standards • IT Infrastructure (Hardware & Software) • Non-IT Infrastructure (Compliance to requirements) • Compliance with regulatory requirements (RTI Act, IT Act, DOPT Rules and other applicable Govt. and State Govt. Acts and Rules 26/02/2009 Prof. ks@2009 NPC Program securing & Assuring 21
  • 22. Documentation (WG-5) Documentation standards Particularly important - documents are the tangible manifestation  of the software. Documentation process standards  – Concerned with how documents should be developed, validated and maintained. Document standards  – Concerned with document contents, structure, and appearance. Document interchange standards  – Concerned with the compatibility of electronic documents. 26/02/2009 Prof. ks@2009 NPC Program securing & Assuring 22
  • 23. Agenda Develop Procedure for Standards Formulation  Provide guidelines on Best Practices wherever  required ( e.g. RFP, SLA etc.) Develop framework for Quality Assurance  Develop framework for Conformity Assessment  Develop Standards for documentation.  26/02/2009 Prof. ks@2009 NPC Program securing & Assuring 23
  • 24. eSecurity Technologies Cryptography & Cryptology  Steganography  Digital water marking  Digital Rights Management  Cyber Defence technologies (Firewall, IDS/IPS,  Perimeter and Self-Defence ) Access Control &ID Management (Rule, Role,  Demand Based) Signatures (Digital/Electronic)  Cyber Forensics & Cyber Audit  26/02/2009 Prof. ks@2009 NPC Program securing & Assuring 24
  • 25. 26/02/2009 Prof. ks@2009 NPC Program securing & Assuring 25
  • 26. ACCIDENTAL DATA EMBARRASSMENT LOSS OF DAMAGE CREDIBILITY DIDDLING INTERCEPTION AUTHORISATION SOCIAL PROGRAM CHANGE ENGINEERING PASSWORDS DOCUMENTATION ATTACK SCAVENGING AUDIT TRAILS VIRUS ATTACK INPUT BACKUPS NATURAL IS VALIDATIONS DISASTER ANTI-VIRUS ENCRYPTION TROJAN HARDWARE / HARDWARE HORSES SECURITY MAINTENANCE SOFTWARE GUARDS FAILURE BUSINESS FINANCIAL INCOMPLETE FRAUD CONTINUITY LOSS PROGRAM & THEFT PLAN CHANGES UNAUTHORISED ACCESS LOSS OF LOSING TO CUSTOMERS COMPETITION 26/02/2009 Prof. ks@2009 NPC Program securing & Assuring 26
  • 27. e-Security & eAudit Objectives and Certification Framework Indian Framework Control COBIT IT Act IT Act Theory Attributes reference 2(1)(zd)(c) Effectiveness Efficiency 2(1)(zd)(a) Confidentiality 2(1)(zd)(b) Integrity Availability 2(1)(zd)(d) Compliance Reliability of information 26/02/2009 Prof. ks@2009 NPC Program securing & Assuring 27
  • 28. Transition :Audit to Assurance Cyber Management Assurances Layered Framework Management & Operational Assurance (Risk  & ROI) Technical Assurance  (Availability, Serviceability & Maintainability) Revenue Assurance  (Leakage & Fraud) Legal Compliance & Assurance (Governance)  26/02/2009 Prof. ks@2009 NPC Program securing & Assuring 28
  • 29. Standards, Standards, Standards Technical Vs Management Technical Standards-  Security  Specifications-mainly for Audit  Interoperability  interoperability, Interface  accessibility and (systems/devises/communications) Architecture/Building Blocks/reusable  Interactivity HCI (Human Computer Interface)  Process (Quality & Work)  Management standards-  Environmental (Physical, Safety,  Security) Auditable & Verifiable- Data Interchange & mail messaging  Certification & (Information/Data Exchange) Layout/Imprint  Compliance 26/02/2009 Prof. ks@2009 NPC Program securing & Assuring 29
  • 30. Cyber Assurance & IT Governance - Final Message “In Governance matters Past is no guarantee; Present is imperfect and Future is uncertain“ “Failure is not when we fall down, but when we fail to get up” 26/02/2009 Prof. ks@2009 NPC Program securing & Assuring 30
  • 31. FOR FURTHER  INFORMATION PLEASE CONTACT :- E-MAIL: ksdir@nic.in  ksmanian@ignou.ac.in  91-11-23219857  Fax:91-11-23217004  Office of the CAG,  10, B.Z. Marg,  New Delhi-110002  26/02/2009 Prof. ks@2009 NPC Program securing & Assuring 31