information security for e-government security for... · -government administrative information...
TRANSCRIPT
![Page 1: INFORMATION SECURITY FOR E-GOVERNMENT Security for... · -Government Administrative Information System (GAIS) ... the Comprehensive E-Government Information Security Management System](https://reader033.vdocument.in/reader033/viewer/2022051722/5aa1dc1d7f8b9a07758c41e8/html5/thumbnails/1.jpg)
J O N A T H A N L E E
INFORMATION SECURITY FOR E-GOVERNMENT
![Page 2: INFORMATION SECURITY FOR E-GOVERNMENT Security for... · -Government Administrative Information System (GAIS) ... the Comprehensive E-Government Information Security Management System](https://reader033.vdocument.in/reader033/viewer/2022051722/5aa1dc1d7f8b9a07758c41e8/html5/thumbnails/2.jpg)
2
![Page 3: INFORMATION SECURITY FOR E-GOVERNMENT Security for... · -Government Administrative Information System (GAIS) ... the Comprehensive E-Government Information Security Management System](https://reader033.vdocument.in/reader033/viewer/2022051722/5aa1dc1d7f8b9a07758c41e8/html5/thumbnails/3.jpg)
3
![Page 4: INFORMATION SECURITY FOR E-GOVERNMENT Security for... · -Government Administrative Information System (GAIS) ... the Comprehensive E-Government Information Security Management System](https://reader033.vdocument.in/reader033/viewer/2022051722/5aa1dc1d7f8b9a07758c41e8/html5/thumbnails/4.jpg)
4
Antung Sor, KEP
![Page 5: INFORMATION SECURITY FOR E-GOVERNMENT Security for... · -Government Administrative Information System (GAIS) ... the Comprehensive E-Government Information Security Management System](https://reader033.vdocument.in/reader033/viewer/2022051722/5aa1dc1d7f8b9a07758c41e8/html5/thumbnails/5.jpg)
5
![Page 6: INFORMATION SECURITY FOR E-GOVERNMENT Security for... · -Government Administrative Information System (GAIS) ... the Comprehensive E-Government Information Security Management System](https://reader033.vdocument.in/reader033/viewer/2022051722/5aa1dc1d7f8b9a07758c41e8/html5/thumbnails/6.jpg)
1. ICT Masterplan & e-Government
2. Background and general history in Korea
3. Introducing Korea’s E-Government
4. Consideration for Information Security of E-Government
Contents
6
![Page 7: INFORMATION SECURITY FOR E-GOVERNMENT Security for... · -Government Administrative Information System (GAIS) ... the Comprehensive E-Government Information Security Management System](https://reader033.vdocument.in/reader033/viewer/2022051722/5aa1dc1d7f8b9a07758c41e8/html5/thumbnails/7.jpg)
I. ICT Master Plan & e-Government
7
![Page 8: INFORMATION SECURITY FOR E-GOVERNMENT Security for... · -Government Administrative Information System (GAIS) ... the Comprehensive E-Government Information Security Management System](https://reader033.vdocument.in/reader033/viewer/2022051722/5aa1dc1d7f8b9a07758c41e8/html5/thumbnails/8.jpg)
Cambodian ICT Masterplan 2020 - KISDI Consortium (KOICA 2014)
8
![Page 9: INFORMATION SECURITY FOR E-GOVERNMENT Security for... · -Government Administrative Information System (GAIS) ... the Comprehensive E-Government Information Security Management System](https://reader033.vdocument.in/reader033/viewer/2022051722/5aa1dc1d7f8b9a07758c41e8/html5/thumbnails/9.jpg)
Cambodian ICT Masterplan 2020 - Summary of e-Government RGC
9
The Royal Government of Cambodia (RGC) has been developing
e-Government Service projects centered on informatization of
government organizations since the beginning of the 2000s.
Start up
The most representative e-Government Service projects, adopted
under the “e-Government Service Deployment Plan” presented in
the year 2008 for developing e-Government information systems
- Government Administrative Information System (GAIS)
- Provincial Administrative Information System (PAIS)
- Financial Management Information System (FMIS)
- Human Resource Management Information System (HRMIS)
Status of Projects
![Page 10: INFORMATION SECURITY FOR E-GOVERNMENT Security for... · -Government Administrative Information System (GAIS) ... the Comprehensive E-Government Information Security Management System](https://reader033.vdocument.in/reader033/viewer/2022051722/5aa1dc1d7f8b9a07758c41e8/html5/thumbnails/10.jpg)
Cambodian ICT Masterplan 2020 - KISDI Consortium (KOICA 2014)
10
![Page 11: INFORMATION SECURITY FOR E-GOVERNMENT Security for... · -Government Administrative Information System (GAIS) ... the Comprehensive E-Government Information Security Management System](https://reader033.vdocument.in/reader033/viewer/2022051722/5aa1dc1d7f8b9a07758c41e8/html5/thumbnails/11.jpg)
Cambodian ICT Masterplan 2020 - KISDI Consortium (KOICA 2014)
11
![Page 12: INFORMATION SECURITY FOR E-GOVERNMENT Security for... · -Government Administrative Information System (GAIS) ... the Comprehensive E-Government Information Security Management System](https://reader033.vdocument.in/reader033/viewer/2022051722/5aa1dc1d7f8b9a07758c41e8/html5/thumbnails/12.jpg)
2. Background and General History-Past and Present of Korea’s ICT and E-Government
12
![Page 13: INFORMATION SECURITY FOR E-GOVERNMENT Security for... · -Government Administrative Information System (GAIS) ... the Comprehensive E-Government Information Security Management System](https://reader033.vdocument.in/reader033/viewer/2022051722/5aa1dc1d7f8b9a07758c41e8/html5/thumbnails/13.jpg)
A Look at Korea’s Past- The Need for Transformation of Korea’s Economy
After the devastation of the Korean War, people started to migrate from rural agricultural area to urban area to find work in the manufacturing sector
During the 1960s to the 1980s, many simple and cheap products were developed and exported overseas
But in the early 1980s, the Korean government decided to foster the high tech industry by developing the base technology, especially in ICT infrastructure
The Korean economy was transformed by the strategic plans initiated and driven by the government
13
![Page 14: INFORMATION SECURITY FOR E-GOVERNMENT Security for... · -Government Administrative Information System (GAIS) ... the Comprehensive E-Government Information Security Management System](https://reader033.vdocument.in/reader033/viewer/2022051722/5aa1dc1d7f8b9a07758c41e8/html5/thumbnails/14.jpg)
Historical View of the Korean Economy- Government Initiatives and E-Government Perspective
14
![Page 15: INFORMATION SECURITY FOR E-GOVERNMENT Security for... · -Government Administrative Information System (GAIS) ... the Comprehensive E-Government Information Security Management System](https://reader033.vdocument.in/reader033/viewer/2022051722/5aa1dc1d7f8b9a07758c41e8/html5/thumbnails/15.jpg)
The trade data provides empirical
support for the idea that the ICT
sector is the engine driving this
nation's remarkable socio-economic
development in recent decades
The role of the ICT sector looms even
larger as it includes general purpose
technologies(GPT), whose impact is
felt in all sectors of the economy and
society and forms the basis of e-
Government of Korea
These technologies also enable the
pervasive processes of digital
convergence that have made ICT an
important component of innovation
and productivity in all industries and
the public sector, i.e., e-Government Source: Ministry of Trade, Industry and Energy
The Need to Foster ICT Sector and E-Government
15
![Page 16: INFORMATION SECURITY FOR E-GOVERNMENT Security for... · -Government Administrative Information System (GAIS) ... the Comprehensive E-Government Information Security Management System](https://reader033.vdocument.in/reader033/viewer/2022051722/5aa1dc1d7f8b9a07758c41e8/html5/thumbnails/16.jpg)
Recent History of Development of ICT and E-Government in Korea
16
![Page 17: INFORMATION SECURITY FOR E-GOVERNMENT Security for... · -Government Administrative Information System (GAIS) ... the Comprehensive E-Government Information Security Management System](https://reader033.vdocument.in/reader033/viewer/2022051722/5aa1dc1d7f8b9a07758c41e8/html5/thumbnails/17.jpg)
A Look at Korea’s Present- E-Government: Where are We?
17
![Page 18: INFORMATION SECURITY FOR E-GOVERNMENT Security for... · -Government Administrative Information System (GAIS) ... the Comprehensive E-Government Information Security Management System](https://reader033.vdocument.in/reader033/viewer/2022051722/5aa1dc1d7f8b9a07758c41e8/html5/thumbnails/18.jpg)
A Look at Korea’s Present- National Development Perspective in ICT and E-Government
18
![Page 19: INFORMATION SECURITY FOR E-GOVERNMENT Security for... · -Government Administrative Information System (GAIS) ... the Comprehensive E-Government Information Security Management System](https://reader033.vdocument.in/reader033/viewer/2022051722/5aa1dc1d7f8b9a07758c41e8/html5/thumbnails/19.jpg)
19
3. Introducing Korea’s E-Government-Framework and Brief Overview of E-Government History
![Page 20: INFORMATION SECURITY FOR E-GOVERNMENT Security for... · -Government Administrative Information System (GAIS) ... the Comprehensive E-Government Information Security Management System](https://reader033.vdocument.in/reader033/viewer/2022051722/5aa1dc1d7f8b9a07758c41e8/html5/thumbnails/20.jpg)
Characteristics of Development Strategy
E-Government
Industry
Promotion
E-Government
Market
Promotion
E-Government
Infrastructure
Virtuous Circle of
E-Government Development
20
![Page 21: INFORMATION SECURITY FOR E-GOVERNMENT Security for... · -Government Administrative Information System (GAIS) ... the Comprehensive E-Government Information Security Management System](https://reader033.vdocument.in/reader033/viewer/2022051722/5aa1dc1d7f8b9a07758c41e8/html5/thumbnails/21.jpg)
History of E-Government Development in Korea- Government Driven Initiatives
Qualitativeimprovement of e-Government
Services
Creation of Knowledge Infrastructure and
Integration of Government Resources
Initiatives on Government 3.0 and Open DATA
Activation of e-Government
Services
Establishment and Promotion of e-Government
Road-map
Creation ofMilestone for
e-GovernmentServices
Enacting the Act on e-Government (2001)
Establishing e-Civil service, e-Procurement, and NEIS
Silo-basedInformatizationfor Government
Ministries
Promoting Unit-based Informatization on
Customs, Patents and General Tax
Computerization
of National Basic
Information Building Basic Databases for Real-estate, Vehicle
and Local Resident information
21
![Page 22: INFORMATION SECURITY FOR E-GOVERNMENT Security for... · -Government Administrative Information System (GAIS) ... the Comprehensive E-Government Information Security Management System](https://reader033.vdocument.in/reader033/viewer/2022051722/5aa1dc1d7f8b9a07758c41e8/html5/thumbnails/22.jpg)
History of E-Government Development in Korea- E-Government and ICT Development at a Glance
22
![Page 23: INFORMATION SECURITY FOR E-GOVERNMENT Security for... · -Government Administrative Information System (GAIS) ... the Comprehensive E-Government Information Security Management System](https://reader033.vdocument.in/reader033/viewer/2022051722/5aa1dc1d7f8b9a07758c41e8/html5/thumbnails/23.jpg)
Overview by the Decades- Development of E-Government in Korea
23
![Page 24: INFORMATION SECURITY FOR E-GOVERNMENT Security for... · -Government Administrative Information System (GAIS) ... the Comprehensive E-Government Information Security Management System](https://reader033.vdocument.in/reader033/viewer/2022051722/5aa1dc1d7f8b9a07758c41e8/html5/thumbnails/24.jpg)
24
General Overview of NCIA- Serving as Data Centers for E-Government Systems
![Page 25: INFORMATION SECURITY FOR E-GOVERNMENT Security for... · -Government Administrative Information System (GAIS) ... the Comprehensive E-Government Information Security Management System](https://reader033.vdocument.in/reader033/viewer/2022051722/5aa1dc1d7f8b9a07758c41e8/html5/thumbnails/25.jpg)
25
E-Government Systems of 43 Government Agencies- Integrated Operation and Management by NCIA
… …
22 Ministries 21 Ministries
1,200 Systems
No. of H/W 20,000
Copies of S/W 24,000
Basic Infrastructure Automated Operation
Clients n-TOPS GIDC
![Page 26: INFORMATION SECURITY FOR E-GOVERNMENT Security for... · -Government Administrative Information System (GAIS) ... the Comprehensive E-Government Information Security Management System](https://reader033.vdocument.in/reader033/viewer/2022051722/5aa1dc1d7f8b9a07758c41e8/html5/thumbnails/26.jpg)
26
Supporting E-Government Systems- Promoting Collaboration and Integration
![Page 27: INFORMATION SECURITY FOR E-GOVERNMENT Security for... · -Government Administrative Information System (GAIS) ... the Comprehensive E-Government Information Security Management System](https://reader033.vdocument.in/reader033/viewer/2022051722/5aa1dc1d7f8b9a07758c41e8/html5/thumbnails/27.jpg)
27
Best Practice and World Recognition- Introducing the Best E-Government Systems(1)
![Page 28: INFORMATION SECURITY FOR E-GOVERNMENT Security for... · -Government Administrative Information System (GAIS) ... the Comprehensive E-Government Information Security Management System](https://reader033.vdocument.in/reader033/viewer/2022051722/5aa1dc1d7f8b9a07758c41e8/html5/thumbnails/28.jpg)
28
Best Practice and World Recognition- Introducing the Best E-Government Systems(2)
![Page 29: INFORMATION SECURITY FOR E-GOVERNMENT Security for... · -Government Administrative Information System (GAIS) ... the Comprehensive E-Government Information Security Management System](https://reader033.vdocument.in/reader033/viewer/2022051722/5aa1dc1d7f8b9a07758c41e8/html5/thumbnails/29.jpg)
29
Benefits of E-Government
![Page 30: INFORMATION SECURITY FOR E-GOVERNMENT Security for... · -Government Administrative Information System (GAIS) ... the Comprehensive E-Government Information Security Management System](https://reader033.vdocument.in/reader033/viewer/2022051722/5aa1dc1d7f8b9a07758c41e8/html5/thumbnails/30.jpg)
30
4. Considerations for Information Security of E-Government
![Page 31: INFORMATION SECURITY FOR E-GOVERNMENT Security for... · -Government Administrative Information System (GAIS) ... the Comprehensive E-Government Information Security Management System](https://reader033.vdocument.in/reader033/viewer/2022051722/5aa1dc1d7f8b9a07758c41e8/html5/thumbnails/31.jpg)
31
Study Case: Civil Affair Document Issue System - Misuse / Document Forgery Problem (2005. 9)
![Page 32: INFORMATION SECURITY FOR E-GOVERNMENT Security for... · -Government Administrative Information System (GAIS) ... the Comprehensive E-Government Information Security Management System](https://reader033.vdocument.in/reader033/viewer/2022051722/5aa1dc1d7f8b9a07758c41e8/html5/thumbnails/32.jpg)
32
Study Case: Hacking Public i-PIN - 750,000 Misuse (2015. 3)
![Page 33: INFORMATION SECURITY FOR E-GOVERNMENT Security for... · -Government Administrative Information System (GAIS) ... the Comprehensive E-Government Information Security Management System](https://reader033.vdocument.in/reader033/viewer/2022051722/5aa1dc1d7f8b9a07758c41e8/html5/thumbnails/33.jpg)
33
Study Case: Hacking E-Government Systems- Cyber Terror against Homepage of the Blue House(2013.6)
The Blue House and the Office for Government Policy Coordination were hacked in June, 2013
Homepage of the Blue House was defaced and replaced with praises for the North Korean President
Personal information of 100,000 members was leaked; the perpetrators were not found and the homepage was out for a full day
![Page 34: INFORMATION SECURITY FOR E-GOVERNMENT Security for... · -Government Administrative Information System (GAIS) ... the Comprehensive E-Government Information Security Management System](https://reader033.vdocument.in/reader033/viewer/2022051722/5aa1dc1d7f8b9a07758c41e8/html5/thumbnails/34.jpg)
Security Management of NCIA- “e-ANSIS”, the Comprehensive E-Government Information
Security Management SystemG-ISMS
IDS
IPS
Spam
/ Virus
DB
Security
DDoS
Response
DDoS
Shield Firewall
Web
Firewall
Server
Security
8layered defense4analysis
Hacking
Virus
DDoS
Harmful Traffic
MaliciousCode
Vulnera-bility
Comprehen-sive
34
![Page 35: INFORMATION SECURITY FOR E-GOVERNMENT Security for... · -Government Administrative Information System (GAIS) ... the Comprehensive E-Government Information Security Management System](https://reader033.vdocument.in/reader033/viewer/2022051722/5aa1dc1d7f8b9a07758c41e8/html5/thumbnails/35.jpg)
35
Integrated Operation Management
Malfuction & Recovery Management with ISO20000
Malfuc-
tion
Applic-
ation
Malfuction
Report
Action Report
Action
Request
Customers
Recovery & Cause Analysis,
Anti-relapse Plan
Malfuction
Recovery
Customers
Report Study &
Main Person Assignment
Service Desk
Malfuction
Circulation
nTOPs
Integrated Security
Mgn’t Center
Malfuction Prevention/
Detection
Warning
Malfuction
Occurrence
Malfuction
Prevention
Critical Point Setup
![Page 36: INFORMATION SECURITY FOR E-GOVERNMENT Security for... · -Government Administrative Information System (GAIS) ... the Comprehensive E-Government Information Security Management System](https://reader033.vdocument.in/reader033/viewer/2022051722/5aa1dc1d7f8b9a07758c41e8/html5/thumbnails/36.jpg)
36
Intrusion Protection Process
Worm
DOS
Spam
Virus
Hacking
Intrusion block & analysis system for resident systems
against Illegal intrusion & attack
1st Blockade
8 Defense
system
Analysis/2nd Blockade
4 Analysis
System
Integrated Security Management Center
Related Organizations
(Customer, Centers,
NIS, KISA)
Action
Checkup/
Diffusion
Recovery/
Action Plan
Threat Info., Harmful Site Info.
![Page 37: INFORMATION SECURITY FOR E-GOVERNMENT Security for... · -Government Administrative Information System (GAIS) ... the Comprehensive E-Government Information Security Management System](https://reader033.vdocument.in/reader033/viewer/2022051722/5aa1dc1d7f8b9a07758c41e8/html5/thumbnails/37.jpg)
37
Considerations for Information Security
Contextual response process
Systematic monitoring process
Rapid propagation process
Monitoring tools
Security devices
Various analysis system
Technology
Process
Skilled workforce
Ongoing training
Collaborative relationship
People
![Page 38: INFORMATION SECURITY FOR E-GOVERNMENT Security for... · -Government Administrative Information System (GAIS) ... the Comprehensive E-Government Information Security Management System](https://reader033.vdocument.in/reader033/viewer/2022051722/5aa1dc1d7f8b9a07758c41e8/html5/thumbnails/38.jpg)
38
SOC (Security Operation Center) The Security Operation Center consists of the Briefing Room, the Monitoring Room, the Server Room, the
Equipment Room, and the Video/Audio System.
![Page 39: INFORMATION SECURITY FOR E-GOVERNMENT Security for... · -Government Administrative Information System (GAIS) ... the Comprehensive E-Government Information Security Management System](https://reader033.vdocument.in/reader033/viewer/2022051722/5aa1dc1d7f8b9a07758c41e8/html5/thumbnails/39.jpg)
39
SOC (Security Operation Center)
Monitoring Room Conference Room
Sever Room
![Page 40: INFORMATION SECURITY FOR E-GOVERNMENT Security for... · -Government Administrative Information System (GAIS) ... the Comprehensive E-Government Information Security Management System](https://reader033.vdocument.in/reader033/viewer/2022051722/5aa1dc1d7f8b9a07758c41e8/html5/thumbnails/40.jpg)
40
Technology
① Many security devices and
solutions.
② What are you going to do with all?
③ When an incident happens, many
security devices will generate tons
of information.
④ Who is going to analyze them?
⑤ How are you going to respond to
an incident?
⑥ What is the response protocol to
minimize the damage?
⑦ What are you going to do not to
have the same situation next time?
![Page 41: INFORMATION SECURITY FOR E-GOVERNMENT Security for... · -Government Administrative Information System (GAIS) ... the Comprehensive E-Government Information Security Management System](https://reader033.vdocument.in/reader033/viewer/2022051722/5aa1dc1d7f8b9a07758c41e8/html5/thumbnails/41.jpg)
41
Process
Monitoring
Incident Response
Analysis
PreventionDetection
Notification
Recovery
Investigation
![Page 42: INFORMATION SECURITY FOR E-GOVERNMENT Security for... · -Government Administrative Information System (GAIS) ... the Comprehensive E-Government Information Security Management System](https://reader033.vdocument.in/reader033/viewer/2022051722/5aa1dc1d7f8b9a07758c41e8/html5/thumbnails/42.jpg)
42
Framework of Information Security
ISP ISP
Private Sector
Risk Assessment
and Certification
ESMTAS
(ITMA3)
Ministry A Ministry B
Related Organization
1
2 3
4
5
6
4
6
Public Sector
Web F/W Web F/W
Traffic
IntrusionIncidents
The data flow and system architecture for monitoring center are
shown in this slide.
![Page 43: INFORMATION SECURITY FOR E-GOVERNMENT Security for... · -Government Administrative Information System (GAIS) ... the Comprehensive E-Government Information Security Management System](https://reader033.vdocument.in/reader033/viewer/2022051722/5aa1dc1d7f8b9a07758c41e8/html5/thumbnails/43.jpg)
43
Major Solution for e-Government Security
classification Main capabilities Illustrative screen shot
Total Analysis
System
Total analysis of threats, vulnerabilities, incidents and so on
Manage the history of handling incidents
Monitoring
System
(ESM)
Security Event Gathering
Correlation Analysis
Monitoring & Alert Rule
All sorts of statistic analysis and reporting
Traffic Analysis
System
(TAS)
Traffic Analysis (IP, Port, Protocol, etc.)
Intrusion Detection
Assessment/
Certification
Management
(RMS)
Manage vulnerabilities evaluation of each organization
Manage training and certificate programs
1
2
3
4
![Page 44: INFORMATION SECURITY FOR E-GOVERNMENT Security for... · -Government Administrative Information System (GAIS) ... the Comprehensive E-Government Information Security Management System](https://reader033.vdocument.in/reader033/viewer/2022051722/5aa1dc1d7f8b9a07758c41e8/html5/thumbnails/44.jpg)
44
classification Main capabilities Illustrative screen shot
Security
Portal System
Dealing with intrusion incidents.
Information sharing web board.
Indicate the risk level, forecast future threats.
3D Visualization
Analysis
System
3D Visualization
Centralize Analysis
Excellent GUI
Web
Monitoring
System
Home page Monitoring
Home page defacement detection
Configure settings for integrity detection
5
6
Major Solution for e-Government Security
![Page 45: INFORMATION SECURITY FOR E-GOVERNMENT Security for... · -Government Administrative Information System (GAIS) ... the Comprehensive E-Government Information Security Management System](https://reader033.vdocument.in/reader033/viewer/2022051722/5aa1dc1d7f8b9a07758c41e8/html5/thumbnails/45.jpg)