Securing & Assuring eGovernance Services




               Prof. K. Subramanian
                Director & Professor
 Adv...
Important Notable Quotes
    “Ever since men began to modify their lives by using

    technology they have found themsel...
NeGP related Policy Guidelines
     1.“Policy Guidelines on the use of e-Form Technology”

     2. Policy on :Identity an...
Strategy-Policy-Good Practice
  “Information Security Policy for Protection Critical Information

  Infrastructure” (No. ...
“IT Regulations and Policies-Compliance &
              Management”
         Pre-requisites Physical Infrastructure and Mi...
e-Governance Promises
• Efficiency of Service Connotes                                 • Citizen-Centric Service involves
...
eGovernance
          Benefits 
                    Reduce service time
                    Improved customer service th...
eGovernance - Governance
                 Quality is differentiator




                                                  ...
What is required

A Framework to ensure
       ■ Requirements are specified
       ■ Specifications are complied
       ■ ...
Quality in eGovernance

         The Service Quality can be achieved by
         ensuring that best practices (as defined
...
Quality and Documentation

     A working group (WG-5) on Quality and

     Documentation was formed to bring out guideli...
Quality

    Quality Assurance Framework

    Framework which provides assurance by defining
    processes and services an...
Basic Principles

        Define
 
        – Quality policy, objectives and means of their achievement
        Assure Qua...
eGovernance Conformity Assessment - Goal


             Generating Confidence of Citizen and Business
                    ...
e GCA - Objective

             Generating Confidence of Citizen and Business
                                 on
        ...
e-Governance Evolution

Maturity of e-Governance
                                                                         ...
eGovernance Maturity Model




29th November 2005   IT Governance-->Corporate Governance   17
Up The Value Chain
Quality Assurance Framework for e-Governance


                     Assured Citizen
III Phase eGov
                       ...
Confidence in e-Government


                                          Quality of Service to
             Assured Services...
e-Governance Components which needs assurance
  Infrastructure
    • Network(SWAN&NICNET)
    • Data Centre
    • Common S...
Documentation (WG-5)

Documentation standards
        Particularly important - documents are the tangible manifestation

...
Agenda

       Develop Procedure for Standards Formulation


       Provide guidelines on Best Practices wherever

     ...
eSecurity Technologies
     Cryptography & Cryptology

     Steganography

     Digital water marking

     Digital Rig...
26/02/2009   Prof. ks@2009 NPC Program securing & Assuring   25
ACCIDENTAL
                                                                              DATA EMBARRASSMENT
LOSS OF       ...
e-Security & eAudit
               Objectives and Certification Framework
                                                ...
Transition :Audit to Assurance
             Cyber Management Assurances
               Layered Framework
    Management & ...
Standards, Standards, Standards
             Technical Vs Management

                                                    ...
Cyber Assurance & IT Governance -
                  Final Message




“In Governance matters Past is no guarantee;
Present...
FOR FURTHER
                                                             

                                              ...
Upcoming SlideShare
Loading in …5
×

Securing & Asuring E Governance Services

1,881 views

Published on

Published in: Technology
1 Comment
1 Like
Statistics
Notes
  • dear sir/mam,
    I am doing PHD on e-gov in iso 9001 approved industries (with special refrence to indore). so I wants some pdf or articles or ppts for the same topic and please send all these related infos and oblige me.
    Thanks and Regards
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
No Downloads
Views
Total views
1,881
On SlideShare
0
From Embeds
0
Number of Embeds
6
Actions
Shares
0
Downloads
90
Comments
1
Likes
1
Embeds 0
No embeds

No notes for slide

Securing & Asuring E Governance Services

  1. 1. Securing & Assuring eGovernance Services Prof. K. Subramanian Director & Professor Advanced Center for Informatics & Innovative Learning, IGNOU Consulting IT Adviser to CAG of India EX-DDG(NIC), Ministry of Communication & Information Technology 26/02/2009 Prof. ks@2009 NPC Program securing & Assuring 1
  2. 2. Important Notable Quotes “Ever since men began to modify their lives by using  technology they have found themselves in a series of technological traps.” Roger Revelle “The law is the last interpretation of the law given by  the last judge.”- Anon. “Privacy is where technology and the law collide.”  --Richard Smith (who traced the ‘I Love You’ and ‘Melissa viruses’) 26/02/2009 Prof. ks@2009 NPC Program securing & Assuring 2
  3. 3. NeGP related Policy Guidelines 1.“Policy Guidelines on the use of e-Form Technology”  2. Policy on :Identity and Access Management: An e-Governance  standards initiative to make e-Government Programs and their services a reality Draft Document “e-Governance Information Security Standard”  (Version 01 dated 12th October 2006)--has proposed additional security controls for E-Governance purposes Viz., Data security and privacy protection, Network security, and Application security; Draft Document “Base line security requirements & Selection of  controls” (Version 01, 12th October 2 006). http://egovstandards.gov.in 26/02/2009 Prof. ks@2009 NPC Program securing & Assuring 3
  4. 4. Strategy-Policy-Good Practice “Information Security Policy for Protection Critical Information  Infrastructure” (No. CERT-In/NISAP/01, issued on 1st May 2006)  Transition from IT Policy(covers only IT & ITeS Industry) to National Informatics Policy Cutting across Governments (central/state/Local) Departmental allocation of Business Rules.  Information & Privacy Protection Policy, apart from IT ACT & RTI ACTS  Stopping Spam Before It Stops You – SPAM Policy to be done quot;Data disposal, anonymity, trust, privacy management, and systems development activities are just a few of the many privacy concerns organizations must address and need to thoughtfully create a privacy strategy that is clearly and consistently supported by the top business leaders.quot; 26/02/2009 Prof. ks@2009 NPC Program securing & Assuring 4
  5. 5. “IT Regulations and Policies-Compliance & Management” Pre-requisites Physical Infrastructure and Mind-set PAST: We have inherited a past, for which we cannot be held  responsible ; PRESENT: have fashioned the present on the basis of development  models, which have undergone many mid-course corrections FUTURE: The path to the future -- a future in which India and Indians will  play a dominant role in world affairs -- is replete with opportunities and challenges. In a number of key areas, it is necessary Break from the past in order to achieve our Vision. We have within ourselves the capacity to succeed We have to embrace Integrated Security & Cyber Assurance Framework 26/02/2009 Prof. ks@2009 NPC Program securing & Assuring 5
  6. 6. e-Governance Promises • Efficiency of Service Connotes • Citizen-Centric Service involves  Speed and timeliness of delivery of Service  designing of services from user’s point of view  elegance of the user-interface rather than agency  quality close to the user expectation  developing all user interfaces in local  simplicity of user action required for obtaining language(s) the service.  eliminating scope for ambiguity at the user end  grouping of services around user’s requirements • User-Convenience includes and behavior patterns  easy access to the request-fulfillment cycle  User independence of time and place 24 x 7 • Cost effectiveness of Service is available  reduced direct cost compared to conventional  Single- sign-on system  Single Window access to several services  reduced indirect cost involved in repeated visits  Integrated services meaning access to several  reduced cost to government agency in servicing the agencies through one request request  saving of user time and the cost and the consequent opportunity cost of user time. Reliability of the Service Means ●  enhanced revenue/benefit to the Govt. agency  High degree of availability – 99.99% through disaster recovery systems and alternative channels  bug free system that returns no error message system that produces accurate results and response. 26/02/2009 Prof. ks@2009 NPC Program securing & Assuring 6
  7. 7. eGovernance Benefits   Reduce service time  Improved customer service through up-to-date, accurate data.  Business intelligence for fact based decision making  Increased Government revenue due to reduction in transmission and distribution losses. Risk Concerns • Economic Risk •Users whether Government services will be available - Huge Investment in a convenient way as promised – Cost of Technology and Knowledge is high • Policy Makers and Administrators • Technological Risk – Whether objectives of eGovernance are being – High obsolence Rate achieved (Transparency, availability of Service, compliance with Govt. Rules, procedures, – Dependability/Reliability of Technology decisions and Regulations) – Use of right technology • Solution/Service Provider • Social Risk and User acceptability Risks – That system meets the requirements of RFP. – Solutions are citizen and business Centric and touch upon sensitive service oriented issues - High expectation 26/02/2009 Prof. ks@2009 NPC Program securing & Assuring 7
  8. 8. eGovernance - Governance Quality is differentiator Risks and Concerns Benefits 26/02/2009 Prof. ks@2009 NPC Program securing & Assuring 8
  9. 9. What is required A Framework to ensure ■ Requirements are specified ■ Specifications are complied ■ Users are satisfied Context specific Processes should be in Place to achieve these and can be defined in framework known as Quality Assurance Framework 26/02/2009 Prof. ks@2009 NPC Program securing & Assuring 9
  10. 10. Quality in eGovernance The Service Quality can be achieved by ensuring that best practices (as defined in International Standards) are followed while Designing and implementing the processes & Products/Services. 26/02/2009 Prof. ks@2009 NPC Program securing & Assuring 10
  11. 11. Quality and Documentation A working group (WG-5) on Quality and  Documentation was formed to bring out guidelines and best practices for Quality and Documentation 26/02/2009 Prof. ks@2009 NPC Program securing & Assuring 11
  12. 12. Quality Quality Assurance Framework Framework which provides assurance by defining processes and services and by demonstrating conformity with these 26/02/2009 Prof. ks@2009 NPC Program securing & Assuring 12
  13. 13. Basic Principles Define  – Quality policy, objectives and means of their achievement Assure Quality  – execute Processes and implement best practices Generate confidence  – Assess conformity and analyse impact 26/02/2009 Prof. ks@2009 NPC Program securing & Assuring 13
  14. 14. eGovernance Conformity Assessment - Goal Generating Confidence of Citizen and Business on e-Government By assuring quality of delivered services 26/02/2009 Prof. ks@2009 NPC Program securing & Assuring 14
  15. 15. e GCA - Objective Generating Confidence of Citizen and Business on e-Government Through conformity assessment to user- requirements, regulations and Best Practices by Independent Third Party Rather than Relying solely on the assertion of the developers and solution providers 26/02/2009 Prof. ks@2009 NPC Program securing & Assuring 15
  16. 16. e-Governance Evolution Maturity of e-Governance Integration Transaction Interaction Information Time 26/02/2009 Prof. ks@2009 NPC Program securing & Assuring 16
  17. 17. eGovernance Maturity Model 29th November 2005 IT Governance-->Corporate Governance 17
  18. 18. Up The Value Chain
  19. 19. Quality Assurance Framework for e-Governance Assured Citizen III Phase eGov ITIL, BS15000 (Transformation) Secure Citizen IS) 27001, Q-Web ISO 15408 Quality Certified eGov Products ISO 9126, ISO14598 I Phase eGov II Phase eGov ISO 9001-2008 (Information & (Transaction) Interaction) 26/02/2009 Prof. ks@2009 NPC Program securing & Assuring 19
  20. 20. Confidence in e-Government Quality of Service to Assured Services Citizen & Business Infrastructure Conformance Engineering Network Datacentre CSC Conformance to standards & best practices Website Security of IT Service Levels S/W Quality Legal & Ethical Information IT Service Mgmt. System issues 26/02/2009 Prof. ks@2009 NPC Program securing & Assuring 20
  21. 21. e-Governance Components which needs assurance Infrastructure • Network(SWAN&NICNET) • Data Centre • Common Service Centre Quality components • Information Security Assessments • Application Software Testing (Quality & Security) • IT Services – Quality Evaluation (Service Levels) • Web-Site (Security, Quality, Ethical & Legal Issues) • Compliance with technical standards • IT Infrastructure (Hardware & Software) • Non-IT Infrastructure (Compliance to requirements) • Compliance with regulatory requirements (RTI Act, IT Act, DOPT Rules and other applicable Govt. and State Govt. Acts and Rules 26/02/2009 Prof. ks@2009 NPC Program securing & Assuring 21
  22. 22. Documentation (WG-5) Documentation standards Particularly important - documents are the tangible manifestation  of the software. Documentation process standards  – Concerned with how documents should be developed, validated and maintained. Document standards  – Concerned with document contents, structure, and appearance. Document interchange standards  – Concerned with the compatibility of electronic documents. 26/02/2009 Prof. ks@2009 NPC Program securing & Assuring 22
  23. 23. Agenda Develop Procedure for Standards Formulation  Provide guidelines on Best Practices wherever  required ( e.g. RFP, SLA etc.) Develop framework for Quality Assurance  Develop framework for Conformity Assessment  Develop Standards for documentation.  26/02/2009 Prof. ks@2009 NPC Program securing & Assuring 23
  24. 24. eSecurity Technologies Cryptography & Cryptology  Steganography  Digital water marking  Digital Rights Management  Cyber Defence technologies (Firewall, IDS/IPS,  Perimeter and Self-Defence ) Access Control &ID Management (Rule, Role,  Demand Based) Signatures (Digital/Electronic)  Cyber Forensics & Cyber Audit  26/02/2009 Prof. ks@2009 NPC Program securing & Assuring 24
  25. 25. 26/02/2009 Prof. ks@2009 NPC Program securing & Assuring 25
  26. 26. ACCIDENTAL DATA EMBARRASSMENT LOSS OF DAMAGE CREDIBILITY DIDDLING INTERCEPTION AUTHORISATION SOCIAL PROGRAM CHANGE ENGINEERING PASSWORDS DOCUMENTATION ATTACK SCAVENGING AUDIT TRAILS VIRUS ATTACK INPUT BACKUPS NATURAL IS VALIDATIONS DISASTER ANTI-VIRUS ENCRYPTION TROJAN HARDWARE / HARDWARE HORSES SECURITY MAINTENANCE SOFTWARE GUARDS FAILURE BUSINESS FINANCIAL INCOMPLETE FRAUD CONTINUITY LOSS PROGRAM & THEFT PLAN CHANGES UNAUTHORISED ACCESS LOSS OF LOSING TO CUSTOMERS COMPETITION 26/02/2009 Prof. ks@2009 NPC Program securing & Assuring 26
  27. 27. e-Security & eAudit Objectives and Certification Framework Indian Framework Control COBIT IT Act IT Act Theory Attributes reference 2(1)(zd)(c) Effectiveness Efficiency 2(1)(zd)(a) Confidentiality 2(1)(zd)(b) Integrity Availability 2(1)(zd)(d) Compliance Reliability of information 26/02/2009 Prof. ks@2009 NPC Program securing & Assuring 27
  28. 28. Transition :Audit to Assurance Cyber Management Assurances Layered Framework Management & Operational Assurance (Risk  & ROI) Technical Assurance  (Availability, Serviceability & Maintainability) Revenue Assurance  (Leakage & Fraud) Legal Compliance & Assurance (Governance)  26/02/2009 Prof. ks@2009 NPC Program securing & Assuring 28
  29. 29. Standards, Standards, Standards Technical Vs Management Technical Standards-  Security  Specifications-mainly for Audit  Interoperability  interoperability, Interface  accessibility and (systems/devises/communications) Architecture/Building Blocks/reusable  Interactivity HCI (Human Computer Interface)  Process (Quality & Work)  Management standards-  Environmental (Physical, Safety,  Security) Auditable & Verifiable- Data Interchange & mail messaging  Certification & (Information/Data Exchange) Layout/Imprint  Compliance 26/02/2009 Prof. ks@2009 NPC Program securing & Assuring 29
  30. 30. Cyber Assurance & IT Governance - Final Message “In Governance matters Past is no guarantee; Present is imperfect and Future is uncertain“ “Failure is not when we fall down, but when we fail to get up” 26/02/2009 Prof. ks@2009 NPC Program securing & Assuring 30
  31. 31. FOR FURTHER  INFORMATION PLEASE CONTACT :- E-MAIL: ksdir@nic.in  ksmanian@ignou.ac.in  91-11-23219857  Fax:91-11-23217004  Office of the CAG,  10, B.Z. Marg,  New Delhi-110002  26/02/2009 Prof. ks@2009 NPC Program securing & Assuring 31

×