Upload File

role of cyber security

28
SEMINAR REPORT ON ROLE OF CYBER SECURITY IN DIFFERENT APPLICATION OF E GOVERNANCE COLLEGE OF COMPUTING SCIENCES AND INFORMATION TECHNOLOGY TMU, MORADABAD Session: JULY 20!" DEC 20! S#$%i&&e' To: S#$%i&&e' B(: M)* A+ ( R s&o-i R .#/ #% ) MCA1LE ,SEM 3 )' TCA!040! 1 |P a g e

Upload: rahulsharma

Post on 07-Oct-2015

6 views

Category:

Documents


0 download

Report

DESCRIPTION

ROLE OF CYBER SECURITY IN DIFFERENT APPLICATION OF E GOVERNMENT

TRANSCRIPT

SEMINAR REPORTONROLE OF CYBER SECURITYIN DIFFERENT APPLICATION OF E GOVERNANCE

COLLEGE OF COMPUTING SCIENCES AND INFORMATION TECHNOLOGYTMU, MORADABADSession: JULY 2014- DEC 2014

Submitted To:Submitted By:Mr. Ajay Rastogi Rahul KumarMCA(LE) ,SEM 3rdTCA1405041

COLLEGE OF COMPUTING SCIENCES AND INFORMATION TECHNOLOGYTEERTHANKER MAHAVEER UNIVERSITYDELHI ROAD, MORADABAD

This is to certify that the seminar/presentation report on the topic ROLE OF CYBER SECURITY IN DIFFERENT APPLICATION OF E GOVERNANCE has been studied and presented by Rahul Kumar in partial fulfillment of degree of Master of Computer Application, CCSIT, TMU Moradabad.

This seminar/presentation report has been found satisfactory and is approved for submission.

Dated :Mr. Ajay Rastogi LectureCCSIT, TMU

ACKNOWLEDGMENT.

The satisfaction that accompanies that the successful completion of any task would be incomplete without the mention of people whose ceaseless cooperation made it possible, whose constant guidance and encouragement crown all efforts with success.We are grateful to our project guide Mr.Ajay Rastogi for the guidance, inspiration and constructive suggestions that helpful us in the preparation of this project. We also thank our colleagues who have helped in successful completion of the project.

Rahul kumarMCA[LE]SEM 3rd

2 | Page

Table of Content

1.Introduction 1.1 Cyber security 1.2 E Governance2.CONCEPT 2.1 E-Governance concept2.2 Evolution of E-Governance 2.3 Cyber security concept in e Governance3. APPLICATIONS OF E-GOV3.1 Real life application of e-Governance 3.2 Application and E-Governance Services4.ROLE OF CYBER SECURITY4.1Typical roles4.2 Key of cyber security

5. CONCLUSION

6. REFERENCE

ROLE OF CYBER SECURITYIN DIFFERENT APPLICATION OF E GOVERNANCE

1. Introduction:1.1 Cyber securityCyber security refers generally to the ability to control access to networked systems and the information they contain. Where cyber security controls are effective, cyberspace is considered a reliable, resilient, and trustworthy digital infrastructure. Where cyber security controls are absent, incomplete, or poorly designed, cyberspace is considered the wild west of the digital age. Even those who work in the security profession will have a different view of cyber security depending on the aspects of cyberspace with which they personally interact. Whether a system is a physical facility or a collection of cyberspace components, the role of a security professional assigned to that system is to plan for potential attack and prepare for its consequences.

Fig 1.cyber security

Although the word cyber is mainstream vernacular, to what exactly it refers is elusive. Once a term of science fiction based on the then-emerging field of computer control and communication known as cybernetics, it now refers generally to electronic automation (Safire 1994). The corresponding term cyberspace has definitions that range from conceptual to technical, and has been claimed by some to be a fourth domain, where land, sea and air are the first three (Kuehl 2009). There are numerous definitions of cyberspace and cyber security scattered throughout literature. Our intent is not to engage in a debate on semantics, so we do not include these definitions. Moreover, such debates are unnecessary for our purpose, as we generally use the term cyber not as a noun, but as an adjective that modifies its subject with the property of supporting a collection of automated electronic systems accessible over networks. As well reflected in language-usage debates in both the field of cognitive linguistics and popular literature on lexicography, the way language is used by a given community becomes the de facto definition (Zimmer 2009), and so we request that our readers set aside the possibility that they will be confused by references to cyberspace and cyber security and simply refer to their own current concept of these terms when it makes sense to do so, while keeping in mind that we generally the term cyber as an adjective whose detailed attributes will change with the system of interest. At a high level, cyber security is typically explained in terms of a few triads that describe the objectives of security professionals and their methods, respectively (Bayuk 2010). Three that combine to cover most uses of the term are: prevent, detect, respond people, process, technology confidentiality, integrity, and availability.These reflect the goals of cyber security, the means to achieve cyber security, and the mechanisms by which cyber security goals are achieved, respectively. Prevent, detect, respond addresses goals common to both physical and cyber security. Traditionally, the primary goal of security planning has been to prevent a successful adversary attack. However, all security professionals are aware that it is simply not possible to prevent all attacks, and so planning and preparation must also include methods to detect attacks in progress, preferably before they cause damage. However, whether or not detection processes are effective, once it becomes obvious that a system is threatened, security includes the ability to respond to such incidents. In physical security, the term first responders refers to the heroic individuals in policy, fire, and emergency medical professions. Response typically includes repelling the attack, treating human survivors, and safeguarding damaged assets. In cyber security, the third element of the triad is often stated in slightly more optimistic form. Rather than respond it is recover or correct. This more positive expectation on the outcome of the third triad activity, to recover rather than simply respond, reflects the literature of information security planning, wherein security management is recommended to include complete reconstitution and recovery of any business critical system. Because information technology allows diversity, redundancy, and reconstitution for the data and programs required to operate systems, information security professionals expect that damage can be completely allayed. In either case, the lessons learned in response are expected to inform prevention planning, creating a loop of continuous security improvement.People, process, technology addresses methods common to both technology management in general and to cyber security management as a specialized field. This triad observes that systems require operators, and operators must follow established routines in order for systems to accomplish their missions. When applied to security, this triad highlights the fact that security is not achieved by security professionals alone, and also that cyber security cannot be accomplished with technology alone. The system or organization to be secured is acknowledged to include other human elements whose decisions and actions play a vital role in the success of security programs. Even if all these people had motivation and interest to behave securely, they would individually not know how to collectively act to prevent, detect, and recover from harm without preplanned process. So security professionals are expected to weave security programs into existing organizational processes and make strategic use of technology in support of cyber security goals. Confidentiality, integrity, and availability addresses the security objectives that are specific to information. Confidentiality refers to a systems capability to limit dissemination of information to authorized use. Integrity refers to ability to maintain the authenticity, accuracy, and provenance of recorded and reported information. Availability refers to the timely delivery of functional capability. These information security goals applied to information even before they were on computers, but the advent of cyberspace has changed the methods by which the goals are achieved, as well as the relative difficulty of goal achievement. Technologies to support confidentiality, integrity, and availability are often at odds with each other. For example, efforts to achieve a high level of availability for information in cyberspace often make it harder to maintain information confidentiality. Sorting out just what confidentiality, integrity, and availability means for each type of information in a given system is the specialty of the cyber security professional. Cyber security refers in general to methods of using people, process, and technology to prevent, detect, and recover from damage to confidentiality, integrity, and availability of information in cyberspace.1.2 E-GOVERNANCE

"E-Governance" or "eGov" means using electronic media, particularly the web, to deliver public information and public serviceseGovernance applications empower citizens and businesses to transact Governance business on-line that might otherwise require "a trip downtown". Agencies benefit, too, from reduced paperwork, improved databases, and increased efficiency.

Information and Communication Technologies can enhance the transformation of work culture by serving a variety of ends, better delivery of Governance services to citizens, improved Governance interactions with business and industry, citizen empowerment through access to information and participation for decision-making and more efficient Governance management. e-Governance is not meant only for introducing or using technological tools, it fundamentally strives to bring about a change in mindset and work culture to integrate Governance processes and functions to serve the citizens better. In this process, it is crucial that the capacity of Governance to be open to criticism as well as the application of new social contract between all stakeholders, confirming a shared responsibility on the transformation processes. The interaction between a citizen and a Governance agency take space in a Governance office. With emerging Information and Communication technologies it is possible to locate service centers closed to clients. In all the cases public traditionally look for information and services addressing his or her needs and in both cases quality, relevance and efficiency are of paramount importance. Therefore, the establishment of e-Governance requires a good knowledge of the needs that exist in the society and that can be offered using ICT. The effectiveness of ICT in Governance is closely related with the capacity of Governance to induce a culture change-placing network within its institutions as instrumental to transparency and knowledge exchange and creation.In E-Governance, Governance makes best possible use of internet technology to communicate and provide information to common peoples and businessman. Today, electricity, water, phone and all kinds of bills can be paid over the internet. All this is what Governance and citizens is using and doing. All are dependent on internet and when citizens depends on Governance internet services all that come is E-Governance.

There are four pillars of E-Governance:- 1. CONNECTIVITY:-Connectivity is required to connect the people to the services of the Governance. There should be a strong connectivity for an effective e-governance. 2. KNOWLEDGE: - Here knowledge refers to IT knowledge. Governance should employ skill full engineers who can handle the e-governance in an efficient way. These engineers also handle all kind of fault that may occur during the working of e-governance. 3. DATA CONTENT: - To share any kind of knowledge or information over the internet, there should be its database. This database should have the data content which is related to Governance services. 4. CAPITAL:-Capital can be on public or private partnership. It refers to money used by Governance to provide their services or to that sector of the economy based on its operation

Fig.3 Pillars of eGovernanceIn this paper, we discuss about the Role of cyber security in different in e Governance Cybersecurity starts with an understanding of your critical assets and the threats you face. Only then you can devise strategies to manage your riskseven if you cannot eliminate them. A life-cycle approach to security marries the strategy of constant process improvement to the operational tactics of continual monitoring and defense in depth. In this view, cyber protection, defense, response, and recovery are ongoing concerns, each requiring a plan.E-Governance security is considered one of the crucial factors for achieving an advanced stage of e-Governance. As the number of e-Governance services introduced to the user increases, a higher level of e-Governance security is requiredThis paper contributes to the e-Governance literature by establishing an analytical framework for understanding, clarification and investigation of the management issues involved in improving e-Governance security in technologically-developing countries.

2.Concepts

2.1 E-Governance concept The concept of an e-Governance system is to provide access to Governance services anywhere at any time over open networks. This leads to issues of security and privacy in the management of the information systems. Managing such issues in the public sector has different emphases than in the private sector. The broader e-Governance approach is socio-technical by nature, involving people and processes as well as technologies; hence, particularly in transitional countries, the social culture and characteristics of the country are factors in successful e-Governance development. In the open literature there are four distinct aspects to e-Governance. The remainder of this section gives an overview of this literature.2.2 Evolution of E-GovernanceGlobal shifts towards increased deployment of IT by Governances emerged in the nineties, with the advent of the World Wide Web (WWW). The technology as well as e-governance initiatives have come a long way since then. With the increase in Internet and mobile connections, the citizens are learning to exploit their new mode of access in wide ranging ways. They have started expecting more and more information and services online form Governances and corporate organizations to further their civic, professional and personal lives, thus creating abundant evidences that the new e-citizenship is taking hold.The concept of e-Governance has its origins in India during the seventies with a focus on development of in-house Governance applications in the areas of defense, economic monitoring, planning and the deployment of IT to manage data intensive functions related to elections, census, tax administration etc. The efforts of the National Informatics Center (NIC) to connect all the district headquarters during the eighties was a very significant development.Fig.4 Evolution of GovernanceFrom the early nineties, IT technologies were supplemented by ICT technologies to extend its use for wider sect oral applications with policy emphasis on reaching out to the rural areas and taking in greater inputs from NGOs and private sector as well. There has been increasing involvement of international donor agencies under the framework of e-governance for development to catalyze the development of e-governance laws and technologies in developing countries. While the emphasis has been primarily on automation and computerization, state Governances have also endeavored to use ICT tools into connectivity, networking, setting up systems for processing information and delivering services. At a micro level, this has ranged from IT automation in individual departments, electronic file handling and workflow systems, access to entitlements, public grievance systems, service delivery for high volume routine transactions such as payments of bills, tax dues to meeting poverty, alleviation goals through the promotion of entrepreneurial models and provisions of market information. The thrust has varied across initiatives, with some focusing on enabling the citizen-state interface for various Governance services, and others focusing on bettering live hoods. Every state Governance has taken the initiatives to form an IT task force to outline IT policy document for the state and the citizen charters have started appearing on Governance websites.For Governances, the more overt motivation to shift from manual processes to IT-enabled processes may increased efficiency in administration and service delivery, but this shift can be conceived as a worthwhile investment with potential for returns.

2.3Cyber security concept in e GovernanceCyber Security is traditionally concerned with information properties of confidentiality, integrity and availability. These properties underpin services such as user authentication, authorization, accountability and reliability. Much has been published on the changing role of cyber security (Dhillon and Torkzadeh, 2006; ISO/IEC, 2005; von Solms, 2000; 2005; 2006) as its general perception has transformed from the purely technical in the 1970s to its current mainstream role in organizations. In the broader sense cyber /information security involves people as well as technologies. A small number of publications in the literature address the social acceptance of security technologies, known as the organizational security culture (Dhillon, 1999; May and Lane, 2006; Ruighaver et al., 2007; Siponen and Oinas-Kukkonen, 2007). Information security standards are well represented in the open literature (Hone and Eloff, 2002; Saint-Germain, 2005; von Solms, 1999; 2005). These standards attempt to describe the various processes and controls needed for successfully implementing an information security policy, rather than advising what the policy should look like (Hone and Eloff, 2002). In general these standards have been developed through the experiences of leading technological countries.According to Heeks (2002; 2003) most ICT programs such as e-Governance in developing countries fail with 35% being classified as total failures and 50% partial failures. The author attributes these figures to the gap between the current reality (physical, cultural, economic and other contexts) and the design of the ICT program - the greater the gap, the greater the chances of failure. Security has always been identified as one of an information system's important components. Contemporary information assurance management recognizes the imperative to include people and processes, as well as the more traditional technology security issues, in ensuring the quality of information in all modern organizations. To a large extent technological solutions for the majority of security issues have been previously developed. There are however still many application challenges, the people and processes components of information assurance management. This leads to the need for the socio-technical approach to focusing on these issues in the required context for technologically-developing countries. ICT in developing countries is generally under-represented in the open literature. A few publications fleetingly concede that there can be major issues with transitional countries developing their systems, but the subject is not treated in any depth or breadth. Given the widespread prescription of IT, particularly e-Governance for developing countries, the urgency of their needs, and the often paucity of their economic resources, it would be useful to understand in depth the factors and issues that underpin them. Yet there are very few published empirical studies directly addressing the issue.e-Governance is at the forefront of current public sector reform policies across Europe and the rest of the world where the use of information and communication technologies (ICTs) to digitize transactions and deliver public services is seen as a major leverage of public sector innovation. However, providing public sector information and services online also poses profound challenges to security and citizens' trust in Governances, including threats to identity, privacy and data systems. Thus, safeguarding data and systems is of pivotal importance since it can influence Governances and users willingness to adopt the online services offered. The European Parliament, via the Science and Technology Options and Assessment has asked The European Technology Assessment Group (ETAG), which includes 3. Application3.1 REAL LIFE APPLICATION OF e-Governance

Web-based recreation field and facility scheduling

Online interactive maps shows city streets and neighborhoods, including ball fields, tennis courts, and other parks & recreation facilities. Coaches, players, leagues, schools and individuals can visit the departmental web site from home or office, at any hour, weekends & weekdays. Users of the online system can locate facilities by name, neighborhood or street address. They can query the database to find available fields, courts, etc. for specific times and dates.The interactive map can color-code facilities, based on availability, simplifying the process of finding an available facility that is also nearby. Interactive maps are easily printed directly from the eGov web site. Advanced systems can accept reservations online, and collect appropriate fees paid via credit card.Online land ownership maps and tax valuationOnline maps showing real estate maps, including streets, property boundaries and property descriptions. To find a parcel, citizens type a street address or navigate using an interactive Yahoo-like map. By zooming in on a street or parcel, users can see property boundary lines and descriptive information drawn automatically from public databases. Print a map and/or report about the parcel.

Fig.5 Yahoo Map

Auto-notification of road repair & constructionOnline interactive maps showing up-to-date locations of current and projected road or other construction projects. This list and map is updated automatically as city staff add to or edit an online database. Advance notice can lead travelers to pick alternative routes, avoiding the annoyance, delays & pollution related to unexpected road congestion.Option: "Opt-in" auto-emails to alert nearby citizens/business if construction might affect them.Online stream quality monitoringCurrently a variety of volunteers survey stream or other waterway conditions. An interactive map system could collect their observations using online forms, then immediately update interactive maps.Turbidity, debris, and/or other stream conditions would be symbolized or colored differently based on survey values in the online database. The web-based interactive maps would illustrate stream conditions, helping stream "stewards" manage their waterways and helping educate young people about environmental affairs.Data-driven web map software would update the maps automatically, as database records are added or updated.Example #5:Fish& Game, HealthOnline harvest area maps and health warningsCreate an online web map application, based on a database of fish or shellfish harvest areas. The web map system would allow users to interactively zoom in to see shoreline details, boat facilities, etc. or zoom back for a wider-area views. The data-driven map could use colors or symbols to graphically flagareas where the season is "open" and also areas affected by "red tide", industrial pollution, etc.Season and harvest conditions can change rapidly. The online system makes it possible to communicate changes immediately and efficiently. To maintain the map, Fish & Game or Health staff would update values in data tables in background database. The interactive web map software automatically refreshes the map based on the new information. Option: Auto-notification by email, for bait shops, boat rentals, license holders, public safety agencies, and any others who choose to sign up for optional alerts.Online Block Watch & Crime incidence mapsOnline maps let citizens navigate to their neighborhood by typing an address, intersection, community name, or zip code. Users display maps of recent burglaries, car prowls, or other community safety events. The data-driven mapping system may automatically color-code event locations by type of event, date/time, or modus operandi. Neighbors may print maps from their web browsers for offline use or to post at the corner store.Optionally, residents could register to receive auto-emails if, for example, there was an attempted break-in near them. Similarly neighbors could use online forms to quickly share information about everything from suspicious events, to abandoned vehicles, to neighborhood yard sales.

E Gov Examples Public services and community statistics: Increase citizen participation and awareness by making it easy to obtain up-to-date maps and reports of services, facilities, and statistics.

Health conditions and epidemiology system: The U. S. Center for Disease Control helps prevent disease and accidents by presenting incidence, mortality, and other statistics using this interactive web map system

Interactive bicycle route maps:

Polling place locator system: Encourage voting by mapping current polling places based on voter address.

School bus route finder system: Improve customer service by letting parents find the nearest school bus route.

Economic development system: Promote economic development bymapping & profiling available industrial & commercial sites.

Tax rate locator: Improve tax return accuracy and increase tax collections by letting business map their locations vis a vis boundaries of Local Improvement districts and other special assessment zones. Community services locator: Improve public access to existing services by mapping locations of elderly services, community health clinics, "little city halls", and community police offices. Assisted housing locator: Help families and elderly choose subsidized housing units by mapping available units & showing proximity to transit and other facilities.

3.2 Application and E-Governance Services

Enterprise ApplicationsE-Payment The E-Payment provides the capability for any e-commerce website to accept electronic payment methods. This service allows any web application to enable its customers to make payments online. Features include: Design with Governance in mind Accepts major credit cards and e-checks Flexible batching/update of information Off-line payment processing Address verification services

Fig.6 E-Payment

Enterprise Authorization & AuthenticationEnterprise A&A is the State of Iowa's shared logon service. It handles user registration, account management (like changing and recovering passwords) and simple privilege management functions.The service lets users enjoy having just one account to give them access to multiple applications and a consistent way to manage that account. Implementing a common account resource makes it less expensive and easier to offer multiple services and applications to citizens and employees alike.Features include: Use of common identifiers across multiple platforms and services Allows creation of accounts for the public and other non-employees Permits self-registration by users creating new accounts Establishes application-specific capabilities

Fig.7Enterprise Authorization & Authentication

Single Contact Repository (SING)The Single Contact Repository (SING) is an internet application developed and sponsored by the State Department of Administrative Services / Information Technology Enterprise that allows registered users to perform background checks on potential employees, volunteers, and students doing clinical, from a single web screen. The application lets a user check Iowa criminal history, three abuse registries (child, dependent adult, and sex offender), and over 40 Public Health professional license types from one click on the screen.This data resides on various platforms within Iowa stateGovernance, including a mainframe and several departmental LAN servers. SING performs its background checks against the original registries, rather than using point-in-time copies, which become out-of-date between refreshes. In addition to ensuring that employers receive up-to-date information, SING's technique provides an extra measure of security. Each confidential database is stored in its original secure location, and nowhere else. No data resides on the web server itself. This means that SING must communicate with multiple databases (from different vendors) on multiple platforms (also from different vendors). Some of the databases accessed include SQL, Oracle, Sybase, and a mainframe CA/IDMS.The SING web site is a secured site - only registered users can access the information. Depending on what type of an organization they are determines to which of the databases they have legal access. This is done by putting them in groups, with the group having access only to certain databases, or all of them. The application is used by over 1,000 users each month, doing an average of 17,500 transactions, or searches, a month. This application has expedited the process of checking backgrounds of employees and volunteers as often required by regulations and policies.

eLeaveeLeave Service allows employees and supervisors to input and review leave requests while using the internet. As long as the internet is available, a person can input leave requests and review requests. This provides an easy way for supervisors to quickly see who has requested leave as well as those who have worked overtime. They can also approve or deny a request. This provides a quick feedback to the person requesting the leave. The following items are available: View your most recent requests Enter a new request View requests that are pending or reviewed Search previously entered requests Export the information View a calendar with your leave requests View a calendar with the leave requests of your department. This allows each person to view who has requested leave. It does not provide the details of the leave requests.

Address ValidationAddress Validation is the verification of address information. The service uses a database supplied by the United States Postal Service (USPS) to determine if an address is a deliverable address. The service will also return the address in the standardized USPS format. The service can be accessed either by providing a file which will be run as a batch process or by submitting addresses one at a time to our web service. In addition to the return of the address itself, we can also provide additional information such as county number, county name, geo code and congressional district. An additional item that is offered is the National Change of Address. If you provide 100 or more unique addresses, we can process the files through the National Change of Address (NCOA) data to determine if the person, family or business has moved. If the move is within the last 18 months, we can return the new address. We can also provide information detailing if the move is for an individual, a family or a business. There are many advantages to address verification: Addresses in a database can be searched more effectively as they are in the same format. The spellings of streets and cities are the same throughout the database.

Postal discounts can be obtained when the addresses are standardized and processed through the NCOA. Agencies can see a decrease of as much as 10 cents per item mailed.

Service-Oriented Architecture (SOA)Service-Oriented Architecture (SOA) is a Utility that provides the service oriented infrastructure for use by state agencies. SOA has been adopted as a standard for software development, to drive reuse among agencies and foster greater sharing of information. An SOA Advisory Committee was created by the Technology Governance Board to develop standards for IT-related initiatives within the Board's purview. The Committee is led by DAS-ITE with volunteer members from State agencies and oversight by the JCIO (joint council of large-agency CIOs).

4. ROLE OF CYBER SECURITY

4.1 Typical roles

Fig.8 Typical rolesINCIDENT & THREAT MANAGEMENT & FORENSICSFront line Defenders managing networks and mobile devices. Examples are managing network to keep attackers out; testing others networks to assess their security and advising on making them less vulnerable; incident managers; forensics analysts unpicking what happened; analysts of new malware/production of countermeasures. (Please note: the e-crime unit has now been absorbed into the NCA)RISK ANALYSTS & MANAGEMENTRisk Analysts and Managers need to understand which threats will have the worst business impact and advise Boards in non-technical language why and how they should spend on reducing these risks. Risk managers may be non-technical or technical people. Some audit networks and ensure compliance and legal issues are dealt with.POLICY MAKERS & STRATEGISTSPolicy Makers and Strategists define how a company deals with different security risks and meets its legal obligations and gets these policies implemented. Private sector has CISOs (Chief Information Security Officers) often supported by a team. Governance has ITSOs (IT security officers) and DSOs (Departmental security officers).OPERATIONS & SECURITY MANAGEMENTOperations and Security Managers protect data on networks, laptops and mobile devices, they may manage encryption and other protective measures like firewall rules.ENGINEERING, ARCHITECTURE & DESIGNEngineering, Architecture and Design Designing secure code and applications; architecting a secure system or creating new security tools are all essential parts of cyber security but nothing stays still so you will need to keep changing fast.EDUCATION, TRAINING AND AWARENESSEducation Training and Awareness are demanding whether the job is about training newcomers, keeping experts up to date or enabling staff or customers to benefit fully from technology they are using.RESEARCHResearch may be highly technical or more policy or psychology orientated. Areas include Complex models to help understand and manage risks. invention of new technologies or new ways to apply them to reduce risks; looking for the next big thing.LAWYERS SPECIALISING IN ADVICE AND PROSECUTION FOR INTERNET CRIME AND DATA PROTECTIONLawyers specializing in the advice and prosecution of data security and Internet crime. The need for expert advice is growing with high levels of crime and penalties for organizations that dont protect data sufficient

4.2 Key of cyber security System administration: client systems and servers; Network administration and network security operations; Security assessment, security auditing and information assurance; Threat analysis, intrusion and data analysis, intelligence and counter intelligence; Forensics investigation; Programming; Technical writing; Security architecture and engineering; and Information security and incident management."Systems administrators, network administrators, those who write code are typically not identified as cybersecurity types," Reeder said in an interview Tuesday. "But what they do or the manner in which they do it is critical both to deploying technology that is to the extent that we can make it safe and given that there is no such thing as absolutely safe technology, having the skills necessary to protect it and defend it and ultimately recover when bad stuff happens because bad stuff will happen."The Federal Chief Information Officers Council and the Office of Personnel Management, as well as other organizations, are working to develop occupational classes for cybersecurity professionals, and the commission recommendations are aimed at identifying the key roles in cybersecurity, the functions they perform and the specific skills - including requisite training and education - required to do those jobs.Occupational classifications for IT security within Governance would help simplify recruiting - recruiters would know the specific expertise to seek - and facilitate training by defining what skills need to be developed. Today, most cybersecurity professionals are classified as information technology specialists."Because cybersecurity work is performed in many different positions and places throughout the federal Governance, it is not easy to identify them by looking solely at job titles or organization charts," John Berry, director of the Office of Personnel Management, said last November when he unveiled the Governance's IT security classification initiative.By reaching a consensus on the roles and requisite skills, the commission report says, educators would have a much better understanding of the labor market their graduates will enter, purchasers of cybersecurity services could more clearly specify the qualifications they seek from service providers and the sometimes confusing regime of professional certifications programs could reflect the needs of potential employees.IMPROVING SECURITYIN E-GOVERNENCETo make information available to those who need it andwho can be trusted with it, a robust defense requires a flexible strategy that allows adaptation to the changing environment, well-defined policies and procedures, the use of robust tools, and constant vigilance. It is helpful to begin a security improvement program by determining the current state of security at the site. Methods for making this determination in a reliable way are becoming available. Integral to a security program [5] are documented policies and procedures, and technology that support their implementation.A. Security policyIf it is important to be secure, then it is important to be sure. All of the security policy is enforced by mechanisms that are strong enough. There are organized methodologies and risk assessment strategies to assure completeness of security policies and assure that they are completely enforced. In complex systems, such as information systems, policies can be decomposed into sub-policies to facilitate the allocation of security mechanisms to enforce sub-policies. A policy is a documented high-level plan for organization-wide computer and information security. It provides a framework for making specific decisions, such as which defense mechanisms to use and how to configure services, and is the basis for developing secure programming guidelines and procedures for users and system administrators to follow.Because a security policy is a long-term document, the contents avoid technology-specific issues. Definition of acceptable use for users Guidelines for reacting to a site compromise. High-level description of die technical environment of the site, the legal environment (governing laws), the authority of the policy, and the basic philosophy to be used when interpreting the policy Risk analysis that identifies the site's assets, the threats that exist against those assets, and the costsof asset loss Guidelines for system administrators on how to manage systems

Fig.9 Security policyB. Security PracticesThe daily barrage of spam, now infested with zero-day malware attacks, not to mention the risks of malicious insiders, infected laptops coming and going behind the packet-inspecting firewalls and cyber-attacks-prevention systems is the fact of networked communication today. This establishes need for steps of due care and due diligence towards a regulatory compliance, which must be put in place for smooth operations, if not in existence already.System administration practices play a key role in network security. Checklists and general advice on good security practices are readily available. Below are examplesof commonly recommended practices:

Ensure all accounts have a password and that thepasswords are difficult to guess. A one-time password system is preferable. Use tools such as MD5 checksums (8, a strong cryptographic technique, to ensure the integrity of system software on a regular basis. Use secure programming techniques when writing software. These can be found at security-related sites on the World Wide Web. Be vigilant in network use and configuration, making changes as vulnerabilities become known. Regularly check with vendors for the latest available fixes and keep systems current with upgrades and patches. Regularly check on-line security archives, such as those maintained by incident response International Conference on Computer Science and Information Technology (ICCSIT'2011) Pattaya Dec. 2011 122 teams, for security alerts and technical advice. Audit systems and networks, and regularly check logs. Many sites that suffer computer security incidents report that insufficient audit data iscollected, so detecting and tracing ancyber-attacks is difficult Best practices are things done - steps taken - actions and plans carried out. For example-;, encryption is a best practice and not a product or tool. There are many commercially and freely available tools which may prove to be most suited for a best-practice model.

Fig.10 Security practicesC. Security Procedures

Procedures are specific steps to follow that are based on the computer security policy. Procedures address such topics as retrieving programs from the network, connecting to the site's system from home or while traveling, using encryption, authentication for issuing accounts, configuration, and monitoring.

CONCLUSION

It is evident from above discussion that information security in an essential part of any e-governance initiative.In Indian e-governance scenario, however, the security aspects are not being taken as seriously. In large number of cases it is not difficult to see that the decision-makers in the Governance prefer to compromise when it comes to high end technology adoption, implementation and maintenance. Digital security is critical in e-governance initiatives. Confidentiality of any transaction or information available on the network is crucial. The Governance document and other important material have to be protected from unauthorized users in case of e-governance projects. Hence security is critical for successful implementation of such projects. E-governance coupled with security systems providing adequate protection is the requirement of any system design effort to beat the inertia.

REFERENCES[1]E-Governance in India: Opportunities and challenges, JOAAG, Vol.3. No. 2, 2008.[2]Shailendra Singh, Sanjay Silakari. A Survey of Cyber AttackDetection Systems, International Journal of Computer Science andNetwork Security, ISSN-1738-7906, Vol.9 No.5, pp1-10 May 2009.[3]A busive behavior http://www.us-rt.gov/control_systems/pdf/undir-Ected_attack0905.pdf[4]DefiningMalware:FAQ".technet.microsoft.com.http://technet.microsoft.com/en-us/library/dd632948.aspx. Retrieved 2009-09-10.[5]Cho, Dong-ki. The information society and privacy, media andculture in the information age, Seoul, 1998.[6]Clarkke, R. A hidden challenge to the regulation of data surveillance,Jounrnal of Law and Information Science 4(2), 1993[7]Steven H. Spewak& Steven C. Hill, Enterprise ArchitecturePlanning: Developing a Blueprint for Data, Application andTechnology, John Wiley & Sons, New York, ISBN 0-471-599859


Cyber security & Importance of Cyber Security

Graph Based Role Mining Techniques for Cyber Security · Graph Based Role Mining Techniques for Cyber Security KIRI OLER, SUTANAY CHOUDHURY January 15, 2015 1 ... Graph theoretic

DEVELOPING FINANCIAL SECTOR RESILIENCE IN A ...Cyber security 17 Principles 17 OSFI’s evolving role in cyber security 17 Enhancing cyber resilience and cooperation 19 Quantum readiness

BSc (Hons) Cyber Security BSc (Hons) Cyber Security (with

MAGAZINE - Cyber Security Raad€¦ · progression of cyber security ° Cyber security: limitation and opportunity Cyber security belongs in the boardroom ° °Greater internet security

National Cyber Security Centre and the Control Systems ...€¦ · 1.5 National Cyber Security Centre Role Explained ... also potential physical and operational security factors that

CYBER CRIME AND NATIONAL SECURITY: THE ROLE OF THE … · Cyber Crime and National Security: The Role of the Penal and Procedural Law 201 444.8% on a global level, and currently an

Open Source and Cyber Security: Open Source Software's Role in Government Cybersecurity

Better Cyber Security Through Effective Cyber Deterrence_The Role of Active Cyber Defense in Regulating Information Security

Legal Framework For Cyber Space & Cloud Security …exicon.website/uploads/editor/Saudi_law_conference...information security in cyber space. • Article 3 of the commissions role

Mission-Centricity in Cyber Security: Architecting Cyber … · but still, the subordinate role in mission cyber security. In other words, the success ... system, including communication

Australia's Cyber Security Strategy · 4 AUSTRALIA’S CYBER SECURITY STRATEGY | 5 The Australian Government will take a lead role and in partnership with others, promote action to

Cyber Security Auditing for Credit Unions - ACUIA.org 15... · Cyber Security Auditing for Credit Unions ACUIA Fall Meeting October 7-9, 2015. Topics Introduction ... The role and

The role of business continuity in managing cyber security threats

Cyber Security - Joshua McCloud - Cisco Cyber Security Solutions Architect

Role of The Board In IT Governance & Cyber Security-Steve Howse

Cyber Security Role of CERT-In - TT · Cyber Security & Role of CERT-In Dr. Gulshan Rai Director General, ... today’s NGNs are defined more by ... ― Communication to all concerned

Vardhil Cyber Security Cyber Crime1st

Cyber Security Beyond 2020 - European Network and ...€¦ · 3 Role/responsibilities for ENISA Key elements of a future permanent mandate for ENISA Cyber Security Beyond 2020 Policy

Communications and Cyber Security...Oct 03, 2017  · •Communication technology plays a key role in the implementation of various Smart Grid Technologies. •Robust Cyber Security

ABB Cyber Security Services - library.e.abb.com · ABB’s approach to cyber security Cyber security roadmap –reaching maturity with ABB Cyber Security Services May 8, 2017 Slide

Submission 207 for Australia’s 2020 Cyber Security Strategy · cyber security mitigation strategies (that result in actual security uplift) for small to effective That the role

Best practices and Government role in Cyber Security

T ROLE OF CYBER SECURITY IN DIGITAL TRANSFORMATION · Imraan Bashir, Senior Director, Cyber Security Treasury Board of Canada Secretariat COUNTERMEASURE 2018. DIGITAL TRANSFORMATION

10 tips for cyber security - Munich ReCyber risks 10 tips for cyber security Title 10 tips for cyber security Subject hsb-cyber-ten-security-tips Keywords,cyber,HSB_Cyber_Safety_Tips_10082020

Cyber Security Specialist Information Security • Cyber ... · Cyber Security • Security Analyst • Cyber Security Specialist Information Security • Cyber Operations Manager

FOCUS GROUPS - Cyber Security Coalition | Cyber Security ... · A central pillar of the European Union cyber security strategy, the Cyber Security Act aims to strengthen the cyber

The Role of Testbeds in Cyber Security Research...The Role of Testbeds in Cyber Security Research CSET Washington, DC August 9, 2010 Dept. of Homeland Security Science & Technology

EMERGING INSIGHTS Cyber Security Incentives and the Role ......secure behaviours. This research is funded by the National Cyber Security Centre (NCSC), in collaboration with the Research

Improving Cyber-Security Improving Cyber-Security through

Tackling Cyber Crime: The Role of Private Security · 2016-09-27 · The internet of things ... addressed four key areas – the current approach to managing cyber security, ... •

System 800xA Cyber Security Maximizing cyber security in ......security, and its role to advance the security of control systems. ABB customers can rely on system solutions where reliability

Role of CERT-In & Cyber Security Initiatives

Management's Role in Information Security in a Cyber Economy

RBI’s circular on cyber security - PwC India€¦ · RBI’s circular on cyber security Role of CEOs and the questions they should ask. We believe this circular will shift the cyber