E-GOVERNMENT SERVICE SECURITY MODEL FOR NUSAJAYA ICT
CENTRE
Jama Mohamed Jama
UNIVERSITI TEKNOLOGI MALAYSIA
E-GOVERNMENT SERVICE SECURITY MODEL FOR NUSAJAYA ICT
CENTRE
JAMA MOHAMED JAMA
A dissertation report submitted in partial fulfillment of the
requirements for the award of the degree of
Master of Science (Information Technology – Management)
Faculty of Computer Science and Information Systems
Universiti Teknologi Malaysia
JUNE 2011
iii
I dedicated this dissertation to my beloved family and my supervisor
Assoc. Prof. Dr Othman Bin Ibrahim for their life-time sacrifice, love,
encouragement and blessing and special thank goes to my beloved uncles and
cousin, Omar Abdi Ali, Abdulrahman Mohamoud Ali and Degan Abdulrahman
for their valuable support and assistance.
iv
ACKNOWLEDGEMENT
First and foremost I thank Allah that I am able to complete my Master’s
research Secondly; I wish to express my sincere appreciation to my supervisor,
Assoc. Prof. Dr Othman Bin Ibrahim for his encouragement, Advice and
guidance. He inspired me greatly to complete my dissertations and his willing to
motivate me contributed tremendously to my research. Thank you for giving me
the opportunity to experience this challenging field.
I also would like to thank my respectful examiners for the initial and vive
assessments and comments of this research that will keep me encouraged. I would
also thankful to technical staffs of ICT Nusajaya for their collaboration. I would also
like to express my appreciation to all the lecturers and my colleagues of MSc IT
Management programs in UTM Campus Johor Bahru specially FSKSM post
Graduate Studies’ Lecturers, staff for their support and encouragement. I would also
like to express my appreciation to Kak Lijah with her support views and tips.
v
ABSTRACT
E-government security is considered one of the crucial factors for achieving an
advanced stage of government. As the number of e-government services introduced
increases, higher level of e-government security is therefore required. In order to
provide a highly secured yet responsive and economical access of government
service for the citizens, security is seen as the primary goal for businesses and as
their trusted partners. Over the past years, security has evolved from technology
issues in the government institutions as it also affects the daily security related
incidents such as network intrusion, hacking, viruses or denial of services
attacks. The participants of this research are ICT technical staff of Nusajaya ICT
department in Johor Bahru. Survey questionnaires instrument where chosen as the
data collection method to study the risk and threats associates with e-government
service and its security measures. The focus of the research relies on how egovernment service security will help citizens and analysis the current existing egovernment security. Via the initial planning using the suitable methodology for the
analysis and design phase guided the research towards the development of proposed
model which will help the existing e-government security.
vi
ABSTRAK
Keselamatan E-Kerajaan merupakan salah satu faktor penting bagi mencapai
kemajuan perlaksanaan E-Kerajaan. Oleh kerana jumlah perkhidmatan E-Kerajaan
yang diperkenalkan kepada pengguna meningkat, maka tahap keselamatan EKerajaan yang lebih tinggi amat diperlukan. Bagi menyediakan keselamatan yang
tinggi, responsif dan capaian yang menjimatkan terhadap perkhidmatan kerajaan
kepada masyarakat, maka keselamatan ini juga menjadi perkara utama terhadap
perniagaan dan rakan kongsi lain yang dipercayai. Oleh itu, peserta yang terlibat di
dalam kajian ini adalah terdiri daripada kakitangan teknikal di Jabatan ICT Nusajaya
Johor Bahru, dan penyelidikan ini adalah untuk mengkaji risiko yang berhubungkait
dengan keselamatan perkhidmatan E-Kerajaan. Sepanjang tahun lalu, keselamatan
telah berkembang dari isu-isu teknologi dalam kerajaan elektronik, malah agensi
kerajaan juga dipengaruhi setiap hari oleh isu keselamatan berkaitan seperti
gangguan rangkaian, pencerobohan, virus atau serangan terhadap penolakan
perkhidmatan, dan beberapa kejadian telah dilaporkan tetapi kebanyakan daripada
masalah tersebut tidak dilaporkan. Semasa kajian ini dijalankan, persoalan penting
telah ditumpukan terhadap; bagaimana keselamatan perkhidmatan E-Kerajaan dapat
membantu masyarakat, di samping menjalankan analisis terhadap keselamatan EKerajaan secara terkini dengan melakukan beberapa tinjauan. Metodologi kajian ini
adalah
merangkumi
aspek
perancangan
awal,
analisis
dan
rekabentuk
penggembangan cadangan model yang dapat membantu keselamatan E-Kerajaan.
vii
TABLE OF CONTENTS
CHAPTER
1
2
TITLE
PAGE
DECLERATION
ii
DEDICATION
iii
ACKNOWLEGMENT
iv
ABSRTACT
v
ABSTRAK
vi
TABLE OF CONTENTS
vii
LIST OF TABLES
xi
LIST OF FIGURES
xii
LIST OF APPENDIX
xiii
RESEARCH OVERVIEW
1
1.1. Introduction
1
1.2. Background of Study
2
1.3. Problem Statement
4
1.4. Objectives of the Study
5
1.5. Research Questions
5
1.6. Importance of the Study
6
1.7. Scope of the Study
6
1.8. Chapter Summary
7
LITERATURE REVIEW
2.1. Introduction
8
8
2.2. E-government Implementations
9
2.3. Value of E-governments initiative
11
viii
2.4 Benefits of E-government Initiative
2.5 Challenges of E-government
12
14
2.5.1 Access Issues
15
2.5.2 Technical Issues
15
2.5.3 Human Factors
15
2.5.4 Service Delivery Issues
16
2.5.5 Delivery Integrated Services
16
2.5.6 Resource Issues
17
2.5.7 Other Issues
17
2.6 Security of E-government Service
18
2.6.1 E-Government Security: a Citizen’s Perspective
19
2.6.2 The Government’s Perspective
19
2.6.3 Constituents of Trust in E-government
20
2.6.4 Domain of Trust in E-government
20
2.7 Importance of Security in E-government
21
2.7.1 Information Intercepting
21
2.7.2 Information Tampering
22
2.7.3 Services Denying
22
2.7.4 Information Faking
22
2.8 Common Security Principals in E-government
23
2.9 Procedure of Risk Analysis in E-government
25
2.9.1 Risk Identifying
25
2.9.2 Risk Analysis
26
2.9.3 Risk Controlling
29
2.10 Model of E-government Service Security
30
2.10.1 User Environment of E-government
32
2.10.1.1 Identity Management System
33
2.10.1.2 Access Management Systems
33
2.10.1.3 Interaction Management System
34
2.10.2 Transport Environment of E-government
37
2.10.3 ICT Assets Environments
38
2.11 E-government Security Management Framework
40
ix
2.12 Threats to E-government Services and Clients
2.12.1 E-government Service Assets
43
2.12.2 Internal Sources of Threat
44
2.12.3 External Sources of Threat
45
2.13 Service Security Environment of E-government
46
2.13.1 Environment Assumptions
46
2.13.2 Domain Model
46
2.13.3 External Security Policy Framework
47
2.14 Tools of Maintaining Information Security in Egovernment
2.14 1 Steganography
2.14.2 Steganalysis
2.15 Risk Factors of E-government
47
49
51
51
2.15.1 External & Internal barrier of E-government
Implementation
2.15.2 Budget Barrier
53
2.15.3 Common Technical Frameworks and Infrastructure
54
2.15.4 Digital Divided
54
2.15.5 Privacy and Security Concerns
55
2.15.6 Rapid Technology Change
55
2.15.7 Citizen Expectation and Seamless Services
55
2.16 Discussions
2.16.1 Implementations of E-government
3
42
52
56
56
2.17 Chapter Summary
57
RESEARCH METHODOLOGY
58
3.1 Introduction
58
3.2 Research Strategy
59
3.2.1 Qualitative Research
59
3.3 Operational Framework
60
3.4 Data Collection
65
3.4.1 Primary Data
65
3.4.2 Secondary Data
66
3.5 Sampling and Respondents
66
x
3.6 Data Analysis
67
3.7 Project Validity and Reliability
67
3.7.1 Reliability
4
3.8 Project Schedule
68
3.9 Chapter Summary
69
DATA COLLECTION DATA ANALYSIS
70
4.1. Introduction
70
4.2. Survey Analysis
71
4.2.1. Survey Findings
5
6
68
72
4.3. Respondent’s Profile
73
4.4. Identifying Risk and Importance in E-government Security
75
4.5. Recommendation on E-government Service Security
83
4.6 Chapter Summary
85
E-GOVERNMENT SERVICE SECURITY MODEL FOR
NUSAJAYA ICT CENTRE
86
5.1 Introduction
86
5.2 Analysis of Existing Model and Framework of Egovernment Security
5.3. Derivation of Proposed Model
87
90
5.4. The Proposed Model
91
5.4.1 E-government Users
92
5.4.2 Process
93
5.4.3 Technology
94
5.4.4 Security Components
94
5.4.5 E-government Application Services
97
5.5. User Acceptance Test of the Proposed Model
99
5.6. Chapter Summary
103
DISCUSSION AND CONCLUSION
104
6.1 Introduction
104
6.2 Achievements
105
6.3 Recommendation of How to Use the Proposed Model
106
xi
6.4 Constraints and Challenges
106
6.5 Aspirations
107
6.6 Chapter Summary
108
REFERANCES
109
APPENDIX A
112
APPENDIX B
113
APPENDIX C
121
xii
LIST OF TABLES
TABLE
TITLE
PAGE
Table 2.1:
Possible Threat Sources
27
Table 2.2:
Definition of Risk Probability
29
Table 2.3:
Description of the Model
32
Table 2.4:
User Management Components
35
Table 2.5:
Secure Communication System
38
Table 2.6:
ICT Component Management
39
Table 2.7:
Security Management Framework
41
Table 3.1:
Details of Operational Framework
62
Table 4.1:
Gender Profile
72
Table 4.2:
Risk on E-government Services Delivery
76
Table 4.3:
Cyber Crimes Against Assets
77
Table 4.4:
Cyber crimes against government assets and states
78
Table 4.5:
Security Components Appropriate of E-government Service
79
Table 4.6:
Security Technology in E-government
80
Table 4.7:
Security Components and Activities
81
Table 4.8:
Methods of Securing E-government website
82
Table 5.1:
Analysis of Existing Model in E-government Service Security 88
Table 5.2:
Users Required Process
93
Table 5.3:
Security Components
94
Table 5.4:
ICT Security Components
96
Table 5.5:
Current E-government Applications
98
Table 5.6:
Verifying the Completeness of the Model
100
Table 5.7:
Verifying the Consistency of the Proposed Model
101
Table 5.8:
Benefits of the Proposed Model for Nusajaya ICT Centre
102
xiii
LISTE OF FIGURES
FIGURE NO
LIST OF FIGURES
PAGE
Figure 2.1:
E-government Implementations
10
Figure 2.2:
E-government Security Model
31
Figure 2.3:
Framework of Security Management
40
Figure 3.1:
Project Operational Framework
61
Figure 4.1:
Gender Profile
73
Figure 4.2:
Respondents Age
73
Figure 4.3:
Respondent’s Usage of e-Government Service
75
Figure 4.4:
Utilization of E-government Security Technology
83
Figure 4.5:
Any Related Security Technology E-government Service
84
Figure 5.1:
Proposed Model of e-Government Service Security
92
Figure 5.2:
Verifying the Completeness of the Model
100
Figure 5.3:
Verifying the Consistency of the Proposed Model for Nusajaya 101
centre
Figure 5.4:
The benefits of the Proposed Model Nusajaya ICT Centre
102
xiv
APPENDIX
TITLE
PAGE
Appendix A
Gantt chart
112
Appendix B
Sample of Survey
113
Appendix C
Sample of Questionnaires for User Acceptance Test
121
CHAPTER 1
RESEARCH OVERVIEW
1.1 Introduction
The implementation of e-government service security framework is considered
as one of the most important elements of government policy. It is designed with an
aim of protection mechanisms for the government transactions over the Information
Communication Technology (ICT). For several decades, governments have increased
their level of protection for enhancement of efficiency and effectiveness on the
functions. Therefore, security is still the key demand with high expectations of
government to promote their defense systems to both internal and external threats in
near future.
The major goal of security in e-government is to minimize the risks associated
with the government transactions that based on electronically networking.
2
The measurement for security risk management in e-government includes: risk
highlighting, risk analyzing and risk controlling that included in the popularity of
computer network technology.
Eventually, there are no specific rules for e-government risk management, but
it’s required an initial scan and detect on both internal and external environment of egovernment systems that include a further checking on the weakness of the system.
Apparently, that follows a complete analysis of e-government security risk and then
relevant security plan and measurements. Following that, tracking and monitor those
predefined plan for the initial implementation stage will be added as in important
task and finally adjustment on the risk management that involved any time based on
environment changes and draw advance disaster recovery plan. Considering the
essence of e-government security, it is therefore urgent to dispose on whole effective
and purpose countermeasures which is to minimize the potential risk and security
bugs.
1.2 Background of the Study
E-government security provides benefits to the citizens and to public
administrators at a number of levels. At its most basic level, e-government can
connect modern technologies to enable the departments achieve efficiency. One of
the most important issues that need to be addressed in e-government technology is to
apply security measures which are mainly to increase the government productivity,
accuracy, privacy and efficiency in business administrative operations. To achieve
the overall mission, set security measure and defense to protect the e-government
activities is crucially needed. It is mainly because, government’s assets are easy
transferred by hackers, networking intrusions and viruses and also any possible
threats that may have likely to happen. So, security measures are aimed to deliver
3
government services in electronic version safely. To support the purpose of the
research, numerous studies on the effects of risk in e-government have been
published. Studies showed that the number of risks associates the e-government are
highly increasing every year, due to the inadequate security measures.
There are scopes for even greater efficiencies in the future through greater
sharing of processes within and between departments. Of all the security methods
and issue that are common in e-commerce is understood can also be used to egovernment risk management subject, but e-government is different because it has
direct network access to each other that is much better than business networks
because most of them are linked for passing, transferring and sharing information.
Moreover, business network accesses are competitors where they don’t allow their
sensitive information to be shared publicity. The importance of e-government is to
use electronic information technology to break boundary of government
administrative organization to have virtual electronic government security (Kaur,
2003).
Accesses have been government’s main target for the people towards
information and service communication and delivery to each other through different
kind of electronic media of both internal and external government organizations.
However, there are still many problems in e-government services exposed to the
spread of computer network technology and information sharing. Due to that
problem, security became an important factor as result of fast development and egovernment systems.
4
1.3 Problem Statement
In the e-government security development, which is mainly based on internet
faces constant security problem due the complicated and vulnerability of the
network. It is the complete invalidation of the network and server systems of
increasing or growing risk. Its often comes from attacks of the hackers, viruses,
stealing and manmade destruction of the device.
Nusajaya ICT department has experienced a dramatic risk growth in egovernment fields which became the key issues of the government security
committees. E-government related risks are happening all the time and some cases
are receiving significant publicity. The range of incidents varies in greatly and can
include events such as network intrusion, viruses, and denial of services or identity
thefts.
Given the situations, it’s the suitable period that the associated with
governments, to take serious efforts in studying the possible dangers of risks in egovernments that may arises in the form of this useful technology. Many developed
nations have not only invested into research programs to study the effects of risk in
e-governments but also shared with public on the research findings on how the risks
can affect the electronic governments operations in general.
E-government services face a lot of security problem such as: identity theft,
hacking and denial of service. These aspects are related with e-government users, or
invader who steals the information from the government or other users. So,
protecting the citizen’s privacy, security and giving them assurance that their
information will be violated or changed became the important aspect of service
success. It is to avoid the mass retention of e-service user of e-government.
5
Apart from the studies conducted on the short term effects of the e-government
risk security, there is a growing need to determine direct security association of
government operations. Recently, investigation done showed that the issues on
security risk is increasing more and more, where unauthorized user are keen to steal
the properties of the government. Hence, e-government security became a strategic
approach to protect both internal and external threats.
1.4
Objectives of the Study
In order to achieve the objectives of the research, researcher has listed here below:
i.
To study the e-Government risks and threats.
ii.
To identify e-government security dimensions and methods that can be
managed in e-government services.
iii.
To propose an effective e-Government service security model in order to
improve security measures.
1.5
Research Questions
The research questions are:
i.
What is the security issue in e-government service elements?
ii.
What are the elements of risk analysis?
iii.
How risk and threats can be minimized in e-government services?
6
1.6
Importance of the Study
Due to the problems that dwell with the increases for e-government service
both internal and external activities in Nusajaya ICT, this study expresses risk of egovernment services and security methods that is used today. The e-government
security service is a process of measuring security to e-government service and keeps
track on user’s demand and government online performance.
Findings of this study will help both authority and customers to identify egovernment risk and source of threats and notices e-government security risk so that
user and authority may have experience to investigate publicly and raise public level
awareness and more extensive studies have be planned in the near future.
1.7 Scope of the Study
In order to achieve the scope of the study, researcher has selected sample of
respondents. The respondent of this research study will be the technical staffs in
Nusajaya, in ICT department in Johor Bahru who has basic and wide knowledge and
background of e-government service will be respectively selected. This study is
believed will improve the existing securities of e-government accessibility including
delivery of e-government services to its end users.
7
1.8 Chapter Summary
This chapter provides a brief description about e-government security and risk
associated with e-government systems. The researcher has strived hard to understand
the problems and risks on security measurements in the e-governments service
systems. The problem statement gives clear guidelines for identifying the research
questions and research objectives, altogether drawn the scope of the research and
finally the importance of the study was briefly discussed.
CHAPTER II
LITERATURE REVIEW
2.1 Introduction
This chapter covers on the areas that define the e-government risk security
philosophy and analyses on risks associates with e-governments. The most important
parts of this chapter is on security of e-government service, types of threats of egovernments, characteristic of risk, regarded to e-government service and challenges
of e-governments services and then analyzes the best approach of e-governments risk
security measures which provides government to handle their service to customers,
citizens, government and businesses. A collection from various resources is done by
doing on literature reviews such as books, journals, conferences, research reports and
thesis, the internet and so on.
9
2.2 E-government Implementations
E-government is the basic element of modernization and transformation of
government in to technology. It provides common framework and direct across both
public and private sector to increase and enhance the collaboration with and among
public sector, organizations, between government institution and business
community and between government to citizens that serve and helps in
implementation government police. It also defines different way to come up with
new skill that is needed by public servant to recognize the new opportunity given by
the ICT advancement such as internet, online access services.
Likewise, different combination of use of ICT, specially online, internet access
and the support of way of thinking and working public and private administration,
both together with the increase of information shared, interactive accessible over
different channels is the basis of e-government pass on to the access of by the
government departments of Technology usage (Internet, web browser, mobile
technology) that have potential to change relation with customer, citizens, business
organizations and other arms of the government( Patricia J. Parcual,2003).
Similarly, technology can supply variety of technology ends, giving high
quality of information delivery of government service to end users, improving and
upgrading interaction with trade partner and industry, citizen freedom through the
accessibility of information more well-organized administration management. These
benefits can be less corrupted, increase effectiveness, precision, great convenience,
revenue growth and/or cost reduction. Previously, the communication between
citizens or business and government agency was limited and usually takes place in
government office.
With the advancement of the technology and emerging
information communication, it’s now probably to locate service center very close to
the client. Such centers may be consisting of unattended cabin in government
agency. Service window located to the client or use of personal computer in their
homes or office without requiring presence in the office.
10
In general, analogous of e-government, which permits business partner to
interact with each other more capably (B2B) and carry client be close to the trade
(B2C) government purposes to make interaction between the government and its
citizens for direct communication. (G2C) government and business companies (G2B)
and inter-agency relationship (G2G) acts more friendly, convenient, transparent and
inexpensive Figure 2.1 shows e-government implementation system.
Government
E-government
Citizens
G2G
Business
G2C
G2B
G2C
Figure 2.1: E-government Implementations (Source: Patricia, 2003)
There are some special types of service delivered through e-government
according to the theory of Patricia (2003) as she categorized e-government service
into four main types: Government-to-Citizens (G2C), Government-to-Business
(G2B), Government-to-Employee (G2E), and Government-to-Government (G2G).
i.
G2C: information regard to the community, basic and normal citizens such as
paying taxes, request birth/death/ certificates, death papers, license renewal,
11
and citizens’ assistance for such basic service, health care system hospitals,
inquires, libraries, education.
ii.
G2B: transactions includes different service exchange among the government
agencies and business partners, including distribution of policy, memos, set
of laws and regulations, business offered includes getting current information
and downloading application forms, renewal of contracts, registering
business, getting allows and payment of taxes, these service offered by G2B
transaction also helps big business growth, more particularly the development
of all companies. Facilitating application actions that will helps the approval
of the process SME request would be support to commerce improvement.
iii.
G2E: mainly covers G2C services and specialized services that related to
government staffs, such as staff training programs and development, which
aimed to improve the system of controlling and managing daily basis jobs
and dealing with citizens.
iv.
G2G: services that involves between local and the international level. G2G
services are the interaction or transaction among state level and local level
government department and among the departmental level of functions and
close related centers or bureau. Likewise, G2G is used to for maintaining
international relationship with other government in diplomacy way.
2.3 Value of E-governments Initiative
According to Mitchell E.Danail (2002), e-governments provide various
opportunities to enhance the service quality to the citizen. People obtain information
in lesser time, versus today’s stander of the days or weeks. Citizens, business
domestic/ state government require a report file without calling or hire accountant or
lawyers, government employee can do their daily basis job effortlessly well and
successfully compared to their friends in other parts of the world.
12
A useful plan will improve the federal government on:
i.
Easy delivery of services to the citizens and simplifying the online service.
ii.
Dividing levels of government administrations to different sectors.
iii.
Enabling services for citizens, business e-government and government levels,
federal employee to share and find information from the federal government.
iv.
Enhancing achievement to the elements of the president’s agenda on federal
government.
v.
Rapid responds from government to the citizen’s needs and operation
guaranteed service.
vi.
Citizen: Government to Citizens (G2C) is an easy way to built highly reliable
communication which gives citizens an access with high quality government
services.
vii.
Business: Government to Business (G2B): decrees government weight and
heavy business by removing repeated data collection and better control ebusiness technology for communications.
viii.
Between governments: Government-to Government(G2G) is a process of
easier transactions for state and domestic to meet report and participates as
full co-partner with government in citizens service as it generally will enables
better performance measurement.
2.4 Benefits of E-government Initiative
J Pascual, P. (2003) has categorized e-government into to five broad areas for
goals of commonly pursued service success:
i.
To create better and efficient business environment.
ii.
To get customer online service.
iii.
To strengthen and make stronger government broaden public participation.
iv.
To enhance productivity, transparency of government agencies.
13
v.
To improved and upgrade the quality of life stander of the communities.
E-government can be defined as accomplishment of wide social purpose,
purpose that has moved ahead of mere competence, transparency of government
reform and development process. The overall goals of above mention tips are not any
particular order of importance, every country has to set and determine its main
priority in e-government depends on environmental basis, due the difficulty
economic times have led to significant government budget overruns. Local and State
government of US have had substantial budget shortfall in the past years and the
trend are expected to continues for the fiscal year (2004) budget short fall all US.
According to National Governor Association Report (2003) states may extend
to YS$80 Million. In fiscal year survey in 2002 stated, as the state still struggling to
balance the budget, the solution currently available is them are to increase the dire,
and some of the most tough fiscal decision have made it yet.
The USA budget crisis has seeped and losing to crash local government, when
the National League of Citizens (NLC) Survey 145 cities in April, 2003 out of 100
75% reported and said that there were less able to meet their financial need in 2002harshly. Up from the 55% responded to the question in NLC’s 2002 Survey in 2003,
74% of the Survey respondent estimated being able to meet their financial needs in
the cities, where 54% percent predicted even weaker local economies.
According to Kertesz (2003) improving and upgrading both operational and
effectiveness of the organizational correspond to primary objective for many
governments whom trying to stabilize their financial pressures. Nevertheless, many
investment options still on exist - too many that selected among them is a
complicated task, choosing the right option mainly depends on realizing which
initiative best meets the key stakeholder 25 needs, precisely predicting outcomes and
benefits, and perhaps most significantly how to be careful manage the
implementation to achieve the desired return of the investment.
14
According to Robert H Smith, Scholl of Business, University of Maryland, a
study conducted by Gresham and Andrulis (2002)
to better understanding the
relationship between for both government and operational efficiency benefits or
IBM. Total of 412 US Public agency professionals (both primary state and local
government agent participated survey being conducted in Web based survey and
rated a range of initiative on operational and efficiency organizational effectiveness.
in addition, Interview of decision makers. On behalf on business and technology
leaders of government institutions, such as social, public safety and taxes, and egovernment. The survey resulted that the research particularly evaluates the
objectives of eleven common government initiatives.
Finally, the study found that state and local government are building important
investment but their results are not satisfying up the expectation. With no end sight to
financial obstacles, this is a constant need to optimize on investment of every
initiative. The full prospective of government will not achieved yet realized until
both business process and cultural changes with alignment of technology
implementations. Planning for complete transformation that gets rid of organizational
process and technology barrier could be ways to enhance major important payoff.
2.5 Challenges of E-government
According to Jennifer O'Neill (2000), there are different challenges in hider in
the success deployment of e-government in any country. The following are the major
issues while considering about e-government challenges.
15
2.5.1
Access Issues
This provides direct access of your information, as it may need e conversion in
to digital form on ensuring your security and the privacy issue to protect your
citizen’s privacy is by measuring complete private security for all e-government
information system.
2.5.2 Technical Issues
Integral Legacy System, old computer systems need to be integrated in to
newer internet based platform. This conversion may waste of time and costly and
will need technical experts. By changing new technology and maintenance in this
part will need to keep updated on current technology trend.
2.5.3
Human Factors
On measuring citizen’s satisfaction, it is a compulsory element to ensure that
the application developed is based on satisfaction level. Besides that, changes on
current technology toward the future advancement also may cause dissatisfaction.
Hence, it’s important for the government to look closer to enhance solution.
16
2.5.4 Service Delivery Issues
Financial transaction are particularly tough issues and many people aware of
provided that credit cards information through the internet you want to get the trust
of your customers which can be done by ensuring sufficient protection of egovernment transaction. The service Delivery issues are aimed to increase the
efficiency, effectiveness and accountability of government departments.
Technological advancement has placed both producer and distributor under
increasing pressure to introduce new service delivery to:
i.
Enhance customer choice
ii.
Improve service efficiency and quality, and
iii.
Ensure that the government is operating effectively, efficiently and
transparently.
2.5.5 Delivery Integrated Services
A well know Delivery Integrated Service (DIS), is a service that has been
integrated between department and state level agency which has been initiated to be
integrated in government services of value of services integrated.
17
2.5.6
Resource Issues
Human resource availability is part of any e-government implementation, staff
whom should get adequate training and knowledge retooling skills, if the staffs are
lack of training on the new technology, where there is a need to hire IT professional
staff to train the current staffs and built their knowledge of the new technology.
2.5.7 Other Issues
Government officials are concerning about suggestion of e-government and
government often makes important changes of the organization. Some of egovernment changes are licenses and permits which are seem to become increasingly
important in the country or state government. These centralize challenges traditional
role of and may change role of local government officials. There are concerns of egovernment may have influence job that local government official need reduce the
staff job reformation (loss of bookkeeping staff, and getting IT staff) or retrain
current staff.
18
2.6
Security of E-government Service
Security in government isn’t a new theory, because the ancient times, politician
government officials and military leaders had tried their best to measure protection
mechanism for important information from an authorized, unintentional loss,
deletion, denial of service and misuse (Tessabehji, 2005). Information systems are
the basis of e-government are called social-technical infrastructure that many people
trusts. This is generally fact and true in terms of security structure, where people
interaction causes have always been foremost part in numerous security failures
(Werich and Sasse, 2002). Such best way to measure security management requires
holistic organizational advancement with incorporates companies’ business process
and controls policies, business government, human resource management and
training, and organizational traditional approaches and technological infrastructure
(Higgins, 1999; Tassabehji, 2005).
Along with security methods of users privacy information or citizen is the
primary security measures (Patton and Josang 2004) which is recognized in ecommerce as a main challenge in the growth and adoption of e-business (Tassabehji,
2005); Yousafzia, (2005) .Nevertheless, in e-government issues and methods of
security measurement are highly important compared to e-commerce because egovernment is held to superior standard than the commercial companies, because of
the pure scale of operation.
19
2.6.1 E-Government Security: a Citizen’s Perspective
When assessing the core understanding in e-government from the angle of the
citizens, the common subject is their understanding of e-government security
methods. In particularly, confidence founded to play impact to the users
implementation, transparency and effectiveness and achievement of e-government
(Patton and Josang, 2004). Similarly, that contributed to significance of citizens’
reliance and recognizing through the connections among the loom growth on egovernment approval in general (Mercuri, 2005) and lack of confident by the citizens
proves that confidence is always an issue to determine and assess of user awareness
in the superiority of e-government service delivered in the Web as in case of
Videgen’s (2004) on the E-Qual model. Gilbert et al (2004) suggested rising user
confidence and civic connection should be planned purpose of e-government as
resources of including all people and process, they require be prepared so as this to
happened, there should be desires and deep and down understanding of trust.
2.6.2 The Government’s Perspective
The barrier of implementation is the major complexity of the government
agencies and departments in monitoring security issues. Poor IT infrastructure and
human resource obstacles such as lack of professional and unskilled staffs, lack of
budgeting and unwillingness and fright of sharing information, sources between the
department and organizations (Clark, 2003; Norris and Moon, 2005; OECD, 2003;
Rohelnder and Jupp, 2004; Shetty, 2004; Swartz, 2004) are some of the reported
obstacles. Another study complemented the barriers are done by O’Harr (2004)
where he stated that the main driver is to show approach to enhance client
satisfaction with online government service where client has asked to get better
service in statement released . The studies resulted that more than 92% government
20
executive that had responded on rate of great service, as business essential for egovernment was to reform how government department functioning within with
citizens.
2.6.3 Constituents of Trust in E-government
The major concern regarding user trust on e-government service as veritable
assurance: the security and privacy of information being delivered to government
system is preserved. The online interaction including, financial and other important
communication are protected, e-government is highly consistent and deliver
information and their assurance and always meet user expectation, user involvement
in e-government will be confidential and no interruption by government.
2.6.4 Domain of Trust in E-government
According to Chopra Wallace (2003) on theory of domain trust in egovernment, confidence in the background of electronic environments needed to be
considered. Four main domain of electronic environment in which confidence is
observed:
i.
Information: stored information in website or database, or any electronic
device should be truthful and reliable.
ii.
IS (Information System): the scientific infrastructure is reliable and constant.
21
iii.
E-commerce:
agent or business partner whom we exchange, transacted
electronically are consistent, more secure, and offer guarded mechanism
against swindle and elicit access that have been measured to keep privacy and
security of the users interaction via one to one mode, inter-department and
government institutions and citizen.
iv.
On-line relationships: the users are creating relationship with online through
electronically community, social media, and chatting, discussion, e-learning
are not aimed with any kind of misbehavior, abusive, and whether user are
responsible identity fraud.
2.7
Importance of Security in E-government
According to Zhang Chongbin (2002) e-government service faces a lot of
security problem, including, the following aspects, these aspect are related with egovernment users, or invader who steals the information from the government or
other users, so protecting the citizen’s privacy, security. Some of these problems are
described below.
2.7.1 Information Intercepting
Information intercepting is process of theft information from the users and
government or any other. Hacker can do this kind of intercepting to make fraud of egovernment systems.
22
2.7.2 Information Tampering
Information Tampering which regards to the internet interfere by add, modify
or erase original data in the course of different technical issues, and pass to the
destinations in order to damage the essential of data. The malicious user can find or
navigate the date base and retrieve and modify the content.
2.7.3 Services Denying
Denial of service is a method of trying to make the computer resource busy,
meaning that hacker will send more date packet to the system to get stack and jam,
the server of the computer will stop and service will be unavailable. Its mainly comes
from the attacker or viruses or artificial destruction of the devices.
2.7.4 Information Faking
Meaning that after attacker recognizes the regulations of the networking system
information or else they have interpret to the sensitive information allows them to
act as an authorized user or build fake information to deceive other. This technique is
used to obtain unlawful certifications or to make faking emails.
23
E-government is the successful revolution of information system technology to
support operations connects citizens, and supply government services. In order to
provide high secured, responsive and economical access to government service for
citizens, security became the key ambition businesses and trusted partners, for the
recent years, security has evolved from technology issues in electronic government,
government sectors affected every day by security related incidents such as network
intrusion, viruses or denial of services attacks, some of the these accidents have been
reported but many problems not.
2.8
Common Security Principals of E-government
E-government became gradually more reliant on technology and internet to the
point where activities performs online system. Therefore, security plays a significant
role of e-government for defending from an authorized user, unintentional loss,
destructions, leak, modifications, and misuses or accesses both. This is principally
right in terms of security, where people have involved a main part in numerous
security breakdowns (Weirich and Sasse, 2002). The most excellent method of
security management and control takes holistic organizational approaches which
incorporates an e-government process, manages and policies, business governance;
human resource management and training. The primary selection for assessing
security measures in e-government are mainly based on the general security values
which are:
Confidentiality Privacy, Accessibility:
total protection mechanism that
protect information of users as it promises greater satisfaction.
Integrity: In e-government security integrity described as data that can’t be
update, modified without permissible.
24
Accountability/Non-repudiation: Making sure that when data is send to a
receiver neither beneficiary nor sender can reject having received or sent the data.
The non repudiation involves one purpose to perform their obligations to contract,
it’s also mean that only of transactions cannot deny having received transaction or
can the other party refuse having send a transactions.
Authentication: Authentication is the technique in which the electronic
identity of a user is emphasis to, and legalize by, an information method for an
accurate occasion via a permit issued following a registration process. It possibly will
also engage establishing that the user is the true owner of that credential, by means of
a password or biometric.
Trust: the major perception about trust of e-government is about terms of real
assurances of privacy of information’s being passed to the government system is
preserved; online communications together with economic and other dealings are
extremely protected for e-governments services are dependable carry what the
promises and rally up citizens hope and citizens joining in e-governments will face
any interruption by governments.
25
2.9
Procedure of Risk Analysis in E-government
According to Zhang Chongbin (2002) risk analysis refers as method of
identifying risks, analyzing risks, and making up risk managing plans. The measures
of security risk analysis of electronic government
are mainly includes three
stepladders: risk identifying, risk analyzing, and risk controlling.
2.9.1 Risk identifying
Security necessities to electronic government are established by the system
assessment of risks. Risk indentifying is initial footstep of risk managing plane so as
allege the security risk of e-government. Risk detection normally related or gathering
different significant threats, risk problems and their related countermeasure and then
acknowledge some feasible risk and threat of electronic government system.
Commonly there are a lot of various kind of ways to categorize risk, the overall
purpose of e-government identification is to be known with risk existing network
environment in information exchange one. One main crisis ought to be addressed is
risk recognition or identification cannot applied for all the electronic government
system risk. Risk identification could only locate previously known risk which is
based on unknown risk. We used risk analysis and risk managing to handle and
reduce the most unknown risk.
26
2.9.2 Risk Analysis
Risk analysis through different kind of qualitative analysis, evaluate and so on
is to determine the importance for every aspect of e-government risk, first we
categorize the factor and assess every highly possible result to the every government
risks and threats which initiate accidently by the threat source or the attacker bother
the vulnerability of the system deliberately. So the procedure of the risk, we have to
notice and explain where the threat is coming from or, threat source became and
could be only thing including environments, people and nature and so on, which
damage the system encounters always related its geographical locations, depends on
location wise, however, threat source from citizens have may possibly no purpose on
target. To recognize threats of the system, we may be able to use several ways such
brainwashing in Delphi and scenarios analysis. Some of the examples are shown
Table 2.1.
27
Table 2.1 Possible Threat Sources (Zhang Chongbin 2002)
Threats
Possible Sources
Intentional Threats
Terrorist
Criminals
Hackers
Cyber internet attack
Viruses
Fraud
Theft of resources
Denial of service
Mis operational from system users
Unintentional Threats.
Mis-operational
from
Administrators and protectors.
system
Earth Quick,
Electricity shock
Floods
Natural Threats
Thunder and lighting
We can extract information about vulnerabilities throughout investigation, staff
investigation system and networking scanning, testing related with document
analysis. If the system is under design or already being implemented, we have to
analyze some particular information such as designing document, if the computer is
in accessing, we are required to make more analysis, such as information system
security function, genuine effect security control, etc.
28
Finally, propose of risk analysis is to evaluate risk probability factor that has
influence risks including awareness of actors of the threats system vulnerability and
consequence of associated security actions. Evaluating risk possibility is path way
with extremely tough subjectivity as there may possibly be some previous report in
story regarding to neutral threats occurred but those pass report be capable of helping
to analyze the possibility and probability that natural threat occurred and we are not
aware of the previous report and past information about scientific/ technical and
operational threat that mainly from the public so as to assess risk possibility. We may
be able to utilize and apply analogy their practiced experience on the field, we can
have here proposed methods of risk probability are categorized based on rank, high,
medium and low. Table 2.3 explains the definitions of risk possibility.
29
Table 2.3 Definitions of Risk Probability (Zhang Chongbin 2002)
Probability
Description
High
Threat source have high incentive and capability, security
actions are unacceptable.
Medium
Threat source have some incentive and capability, but
security resolve have effect; or threat source does not
have inspiration; or it does not have
Clear ability.
Low
Threat source is with out of motivation and capability,
security actions can maintain vulnerability.
2.9.3 Risk Controlling
Risk controlling has been selected widely to minimize, ensure risks egovernment for acceptable level. Risk controlling is the most appropriate footstep in
risk management planes. It’s also the fundamental base to verify whether the risk
analysis has been achieved or not. The objective of maintaining e-government safety
risk control is to decrease risk level and measure with electronic government project
suffering. Commonly, there are two broad of risk controlling technique and primary
are risk controlling measure, including risk falling, avoiding, or transmitting and
fatalities managing. We regularly apply risk passing and losses managing in
electronic government security management. Second some types are measures
30
financial support for risk reimbursement that includes ensuring, or assuming by one
self in e-government security management, manager require to choose which
measure to select appropriate assuring or taking risk of their own. Additionally, to
formulate a suitable choice, one must catch risk coast into consideration. We be able
to also disregard other effects such as government performance and reputation, one
of the most useful and possible risk controlling methods for e-government security is
to set all security plane to minimize risk, mastering some crucial knowledge for
security assurance and became to prepare solution that electronic government adopt
when specific security accident occurred.
2.10 Model of E-government Service Security
According to J.Satyanarayana (2004) security of e-government systems has to
be managed systematical and continuously. It has to be created necessary level of
confidence and trust among the stake holder, citizens, business, and government. It
must be also stander of security practices and implement in e-government. These
securities model mainly consist of three different areas and each of them is subjected
to various types of threats and for each area requires security measures: User
Environment, Transport Environment and the ICT Assets Environment. Figure 2.2
shows the model.
31
Figure 2.2 E-governnment Service Security Model (Source: J.Satyyanarayana, 2004)
32
Table 2.3 Description of Model (J.Satyanarayana, 2004)
Environments
Management
Management tools
1. User Environment Identity Management
x
Passwords
x
Internal User
Access Management
x
Digital identity tokens
x
External User
Interaction Management
x
Access Control
Lists(ACL)
2. Transport
Environment
x
With LAN, WAN
x
Over the Internet
Security Communication
x
PKI
x
Biometrics
x
Government secure
System
Internet
x
Virtual private
networks
x
Government Secure
Internet(GSI)
3. ICT Assets
Environment
Cryptography Systems
x
Encryption
Physical Security
x
Firewalls
Electronic Security
x
Anti-virus systems
x
Tangible assets
x
Disaster recovery site
x
Intangible assets
x
Server and work
station security.
2.10.1 User Environment of e-Government
The user environment of e-government is mainly focuses on internal and
external user who has had great impact of accessing e-government services, so we
need to identify who is user of e-government. In user environment we have two
33
broad users internal and external, there for to manage and security the users
environment, there are three type of user management categorizes.
2.10.1.1 Identity Management System
The purposes of identity Management system is to:
i.
Create Unique Digital identity and credential to all legal persons and citizens,
identifying them base on reference name, date of birth.
ii.
Create directory with link to the digital identity and provides for their
accessibility to who want to communicate with it. Examples are User name
and password.
iii.
Set up ICT system which ensures the digital identity more secure.
2.10.1.2 Access Management Systems
Access Management system is serving the followings:
i.
To gain access to the departmental, a registration that involves verifications of
identity and attributes related to user.
ii.
It authorizes the user to perform only those tasks and transaction that are
predefined as per the privilege granted by the system administrations.
iii.
It also maintains intelligence with users as an authorized access.
34
2.10.1.3 Interaction Management System
The objective of interaction management system is by the far the most
comprehensive, it includes access assurance of complete security which are a way to
measuring high security elements:
i.
Authentication: the procedure of creating the legality .Verification approach
includes: user name and password; biometrics; digital certificates (PKI, smart
cards).
ii.
Access Control (or authorization): the method of preventive users’
admittance to resources and data.
iii.
Confidentiality: ensuring that information is not accessed by an Authorized
user.
iv.
Accounting: the practice of creating a pathway for a user's action while using
the resource, services or the network resources.
v.
User management: the process of activating and de-activating users’
identities and access permissions. Some of user management components
have been shown in Table 2.4.
35
Table 2.4 User Management Component (J.Satyanarayana, 2004)
Users Management Components in Descriptions
E-government
Password
Password a casual string of typescript
select
by
a
user
or
{system
administrator} and used to validate the
user when he tries to log on, in order
to prevent unauthorized access to his
account.
Digital Identity
The electronic symbol of a real-world
entity. The word is typically taken to
mean the online equal of an individual
human being, which participates in
electronic communication on behalf of
the individual in question form.
Access Control List
Access Control is The electronic
symbol of a real-world thing. The
expression is regularly in use to mean
the online matching of an individual
human being, which participates in
electronic transactions on behalf of the
person in question.
36
PIK
Public key infrastructure: (PKI) is
more advance system that gives users
of
a
essentially
unsecure
public
network, such as the Internet to
securely and privately exchange data
and through the use of a public and a
private cryptographic key pair that is
obtained and shared through a trusted
authority.
The
infrastructure
public
gives
certificate that
for
a
key
digital
can recognize an
individual or an organization and
directory services that can store and,
when necessary.
Biometric devices
Biometric is popular machine used to
hold
process
for
exclusively
recognizing individual based leading
one or more inherent physical or
behavioral character These features are
captured at the time of registration,
converted in to a code using certain
algorithms and stored for relationship
at
the
time
of
verification
in
information technology; in particular,
biometrics is used as a figure of
identifying right to use management
and access control.
37
2.10.2 Transport Environment of E-government
Transport e-environment is often provides common security services to the
clients’ confidentiality, integrity and privacy of the particular information for the
time of security points. The administrator has very limited control in physical and
electronically.
According to J.Satyanarayana (2004) transport environment mainly consist of
LAN, WAN, WIRLESS, VSAT beside Internet. These are very important aspects
for the transport environment.
Protecting the environment that covers all the
mentioned components, the following security measures are identified:
i.
(VPN) Virtual Private Network is process of setting up information system
network that is implemented in a supplementary logical layer (cover) on top of
an accessible network. It has the function of making a private capacity of
computer communications or giving a secure extension of a private network into
an insecure network such as the Internet.
ii.
Firewall is also another element of a supercomputer system and system which is
intended to bane illegal use while authorizing allowed connections for egovernment services. It is a machine or set of devices intended to authorize,
refuse, encrypt, decrypt, or proxy all (in and out) system traffic among diverse
security domains support with set of policy and other criteria.
Firewalls can be applied in either hardware or software, or a grouping of both.
Firewalls are habitually used to stop illegal Internet users from using private
networks linked to the Internet, particularly intranets. All messages passing in or
leaving the intranet pass through the firewall, which examines each message and
blocks those that do not meet the specified security criteria.
iii.
Encrypting Date: is improvement of changing information (known to as
plaintext) via an algorithm (called cipher) to create un unreadable formate to
anyone apart from who those have special familiarity, frequently referred to as a
key. The result of the method is encrypted information (in cryptography, referred
to as ciphertexta. A lot of contexts, the statement encryption also completely
38
tells to the reverse process, decryption (e.g. “software for encryption” can
naturally also carry out decryption), to make the encrypted information readable
again (i.e. to make it an encrypted). Some of security components in transport
Table 2.5 explain on Secure Communication System.
Table 2.5 Secure Communication System (J.Satyanarayana, 2004)
Security
components
of Descriptions
Transport Environment
Government Secure Intranet
Network
is
organizations
enables
to
electronically and
connected
communicate
securely,
its
intended to use and have an access
only the government departments
for security issue.
Virtual; private network
(VPN)
is
used
a
public
communication, such as internet, to
give an access remote centers,
offices with highly secure access to
their organization’s network, it
provide good communication with
no interruption.
2.10.3 ICT Assets Environments
In general, ICT assets are the most important and key sensitive when it comes
for e-government assets including, hardware, software, database and knowledge.
39
These all assets are required security treatment. So, to measure their security
there are two types of security: physical and electronically. To secure ICT assets it
requires a number of securities for further protecting the internet worm accidents,
electrical shocks, network intrusions, disasters and etc. There are the security
management components. Table 2.6 shows some of ICT components.
Table 2.6 ICT Components Management (J.Satyanarayana, 2004)
Security
Descriptions
Management
Components of ICT Assets
Firewall
Firewall
is
component
of computer
system intended to ban an authorized
access, it can only allows those who have
permission to access the communication.
Ant viruses System
Computer software that is designed to
tope, detect and remove any harmful
viruses
which
including
attacks
computer
you
system,
viruses,
worms,
trojan.etc.
Disaster Recovery Sites
DRS is special system and plan that is
aimed to make a copy for the information
system operation after an accidents, or
natural disaster happened, such as Power
off, fire and earth quick, it includes, back
up planes, restarting new system for
another locations.
Server and Work station Security
Work station is PC that is controlling and
observation software, that stops defenseless,
endpoint accessing your sharing I/S or even
you’re PC .vulnerable endpoints accessing
your
shared
network
or
you
personal
computers, suitable for monitoring staff in
your workplace.
40
2.11 E-government Security Management Framwork
Security management is definitely broad field of management related with
asset in e-government services and systems. There are enabling technologies that
help e-government to be protected and secured. Security management is also set of
function that protects communication network and system from an authorized access
acts, or influences and that includes many sub functions, such as creating, deleting,
and controlling security services and mechanisms; Australian Government, the
Department of Finance provides framework that illustrates how these different
technologies work together. Figure 2.3 shows Security Management technologies.
Figure 2.3: A Framework for e-Government Security Management (AGDS, 2009)
41
Table 2.7 Security Management Framework (AGDS, 2009)
Service Component
Defines the set of capabilities that
Identification and Authentication
Support obtaining information about those
parties attempting to log on to a system or
application for security purposes and the
validation of those users.
Access Control
Support the management of permissions
for logging onto a computer, application,
service
or
network;
management
includes
and
user
role/privilege
management.
Cryptography
Support the use and management of
ciphers,
including
decryption
encryption
processes,
to
and
ensure
confidentiality and integrity of data.
Digital Signature Management
Support the use and management of
electronic
signatures
to
support
authentication and data integrity; includes
Public Key Infrastructure (PKI).
Intrusion Prevention
Include penetration testing and other
measures to prevent unauthorised access to
a government information system.
Intrusion Detection
Support the detection of unauthorised
access
to
a
government
information
system.
Incident Response
Provide active response and remediation to
a security incident that has allowed
unauthorised access to a government
information system.
42
Audit Trail Capture and Analysis
Support the identification and monitoring
of activities within an application, system,
or network.
Certification and Accreditation
Support the certification and accreditation
of Australian Government information
systems.
ISM Management and Reporting
Support management and reporting of
compliance
with
the
Australian
Government Information Security Manual
(ISM – formerly ASCI 33).
Virus Protection
Provide anti-virus service to prevent,
detect
and
remediate
infection
of
government computing assets.
2.12 Threats to E-government Services and Clients
In view of the defensive measure that should be put in place with e-government
information system, a risk study has to be performed. This risk analysis must take in
to account the intern, incentive and ability of source of threats, the possibility and
prospective frequency of method of attacks, the consequences of the successful
attacks, the cost of to any opponents. Threat analysis tests the devices that require
safeguard, the possible sources of threat and the likely ways of attack.
43
2.12.1 E-government Service Assets
Consequently, property of the e-government based on service that needs
security on the individual data of customer for e-government service which must be
protected against lost, break, or unnecessary leak in line with the related data security
and privacy. It is significant to identify that personal date, once passed to the Client
Network Domain (CND) from the e-government services, is exterior of the range of
the e-government service that can get and accountable. Customer will take the
responsibility of protecting their personal details, when it’s under their personal
control.
The business information base of government in general and organizations
contributing e-government services must be measured security against accidental
loss, unnecessary disclosure or introduction of invalid content.
The e-government service (include the applications and delivery stage) must be
measured security against risk, threats to its availability and the integrity of the
service presented verification ID must be protected against fake or unwarranted use.
Objects that correspond to financial or any other important value must be
protected against swindle. Hacking, some of the e-government transactions are likely
to result in cashable orders, which must be appropriately controlled can relate to the
delivery of goods that can be misappropriated.
44
2.12.2 Internal Sources of Threat
Some of the possible risk that been identified by Andrew (2002) are the agents
that can be in the form of customer, e-government service staffs’ with those for
whom system is authorized and have few responsible and can manipulate. The details
are as below:
i. Legitimate Clients: the threats that been created by governmental staffs which
have major technological resources and skills with a tough enthusiasm towards
the service which leads to misuse the rights on the service system for the purpose
of economic gain.
ii. Government Customers Agents: who are in charge for the service provision of
daily basis functions of e-Government service system may look to be swindle or
private disturbance that is gladly subjected to a sanction in the event of security
breaches which are observable.
iii. Insider: Whom is not related of the e-government service provision, however may
share access to the E-government Service Provision Domain (ESPD) with no
accountability of e-government service provision but may rise an attack from
within ESPD or Trusted Service Provision Domain (TSPD) and may possess a
strong motivation to do so.
45
2.12.3 External Sources of Threat
Some of the possible threat agents that are defined by Andrew (2002) strangers
and are ahead of the control of the system establishment such as:
i.
Criminal organizations including organized crime people, petty criminals that
may be involved by the potential for large-scale fraud accessible by eGovernment services.
ii.
Foreign intelligence services that may request to use e-government services
as a means of getting information on the workings of administration or on
bases on individuals of interest.
iii.
Profitable organizations that may request information about challenging
companies, clients, debtors etc from e-government related sources.
iv.
Investigation agencies that may request to use e-Government systems as a
source of information on targets of interest for example economic
information or other individual details.
v.
Terrorist organizations that may need to access e-governments systems as a
source of focusing information on person or an organization for future
disaster.
46
2.13 Service Security Environment of E-government
E-governments security plays an important role for the activities in
governments and based on environments and the community being accessing the egovernments. Therefore these followings are some of the service security
environments.
2.13.1 Environment Assumptions
To assemble the objective of e-government, it’s implicitly derivable that the
best delivery of government service will share the same public network that is being
designed in the community at large. In particularly, for the internet will defined by
which society will use to government to government services will high successes
through other such interactive digital television and call centre will used.
2.13.2 Domain Model
A classic e-government services usually involves large figure of management
regimes referred to as security domain, special security measure will be applied to
every domain. Single security domain may be under control of customer as another
one might be controlled by the service provider.
47
2.13.3 External Security Policy Framework
The development and completion of government should takes place legislation
that applies of tackling both domestic and international, commercial and individual
data within civic and private corporate networks as well as computer system servers.
Departments, public sectors or other local administration body will have their
own sharing information managing and security policy strategies that will highly
impacts and give more detailed interpretation of national government and corporate
policy, legislative framework and business requirement of the companies.
Organization policy are not cited clearly but still assumed to state requirements
of the high-quality business performance. In addition, government proposed to direct
in setting and ensuring high quality of executive in its control of publicity owned
resources and information.
2.14 Tools of Maintaining Information Security in E-government
Conventional government design is at times regarded as very huge, though
with global advancement of computer network and the growth of information
technology. Now, it’s highly possible to transfer or exchange huge amount of data at
light speed much greater than distance. These technologies gives the opportunity for
government to change themselves form hug monster to compact and efficient
organization, and recognizing the huge improvement of IT, over 2000 summary 198
governments has recently in progress their electronic government strategy to built
technology and internet based of their government functions (West, 2004).
48
The most important elements of technology based and electronic government
is the communication and broadcast of secret data and information through the
information system on network system related on importance of the information.
Security of this information must be measured with high security actions compared
to national security though every government has their own specific network.
Government can’t refuse the internet partly because it would be wasting of resources.
Nevertheless, the internet technology is an unlock location that is protecting
information and data smooth on the internet from the hacker/ attacker, therefore vital
e-government service issues.
All government departments requested assistance from cryptographers and it
cost a lot of time and investment to develop a special information system design for
advanced cryptosystem to support information security in the e-government service
system. Unfortunately, cryptography is not sufficient in a number of applications, as
computer power keeps rising and the method of cryptanalysis keeps. West (2004)
provided two main types of steganology known as stegnography and steganalysis
which mainly and widely explored the area of e-government security.
49
2.14.1 Steganography
According Markus Kahn (1995) steganography is an art and science of
communicating in ways which hides the existence communication. In contrast to
Cryptography, where the enemy is allowed to detect, intercept and modify messages
without being able to violate certain security premises guaranteed by a cryptosystem,
the goal of steganography is to hide messages inside other harmless messages in a
way that does not allow any enemy to even detect that there is a second message
present. The overall goals of stenanography is aimed to cover message inside other
innocent message that didn’t permit any other users or yet notice that is next message
there, the term description is globally conventional with information security related
environments.
The application of steganography is generally used if traced back on the old
days B.C Histiaus shaved the head of his slave and tattooed an important message
on his scalp When the slave’s hair grown, the information was hidden and the slave
was sent to Aristagoras, when the shaved the slave’s head.
According to the Herodotus (1992) who told the message that, he taught him to
uprising against the persain which is considered as one of the oldest example of
steganography, As the system advanced, imperceptible ink and microfilm come out
in the latest application. He water mark on bank notes is the most important and
general modern example of steganography.
In this present technology, steganography is a secreted message that permits
top secret information to be hidden to cover up communication/media on the
presented communication with the out of sight information is known as the stego
message. Steganography methods are mainly divided into two main categories:
digital watermarking and digital figure printing, digital watermarking targets on the
embedding algorithms and is used for the objective of copyright protection,
50
authentication and integrity verification. The hidden information is called the
watermark; in digital water marking is comparatively. Some other frequent assets of
steganography methods are including: Simplicity the twist introduced by the
embedding procedure ought to be hardly noticeable to humans so that the impact on
the perceptual quality is reduced.
Robustness: Most of the application programs such copyright protection, the
survivability of against all types of malicious attack and Incidental manipulation,
such as lossy compression, format trans-coding, must be handled and maintained
unless the manipulations have rendered the content in some sense.
Payload (i.e., the embedding capacity) is significant for digital finger printing.
Since the function of the fingerprint is to recognize the individual recipient buyer, the
fingerprint should with adequate to provide space to keep the 5 uniqueness when a
massive number of copies of the cover message are to be distributed. In this case,
embedding capacity is the deterministic factor of an effective fingerprinting scheme
(Su et. al, 2000):
x Digital Watermarking
Digital watermarking is a process of setting in small amount of secret
information the watermark, to the computer and media to achieve goals like
copyright, assertion, authentication and content of integrity verification, etc. The
superiority of digital water marking over cryptography is that the latter give no
protection soon after the content is decrypted. This includes the measurement of
transparency and robustness to avoid any detectable artifact and any other important
assets to meet this particular application, its all dependant to the design of this hidden
algorithm.
x Digital Fingerprinting
Digital figure print is unique process which allows message to be embedded in
the computer to recognized, identify the receipt, digital printing can’t oppose against
the law copying but it provides the copyright and media to mark out the recipients
who leak redistribute the figure printed media. Therefore, additional condition for
51
digital fingerprinting is anti-collusion, meaning that even after the attackers have
collected an adequate figure of officially permitted copies, they still cannot notice
and satisfy the fingerprints. Further technical information concerning to this course
was establish in as stated (Trapp et.al, 2003; Celik et. al, 2004).
2.14.2 Steganalysis
As mentioned previously, steganlysis is one of the security measures of egovernment information as the e-government is responsible of observing public data
flow. At present, most governments strongly believe restricting the power of
community cryptosystem or preventing them entirely is not sufficient to guarantee
national security. For example, companies like Microsoft and PGP has been
restricted to sell their internet explorer software with the highest encryption (128bits). It’s a proven fact, that the point of views of the government in this might be for
logical way for national security is high concerning, yet it impacts the greater part of
the internet client to expose to privacy breaches. This condition makes the
community to remedy to steganography for their privacy defense.
2.15 Risk Factors of E-government
The successful implementation of e-government concept always related with
the capability of the government to raise electronic service, by providing the disaster
communications through advancing, inform the country institution and supporting it
52
by the latest communication technology to help in support of electronic services, and
helps government institution in using e-government conception and in digital form.
2.15.1 External and Internal Barriers to E-government Implementation
The purpose of e-government achievement is slight growing in effectiveness,
transparency and enhancing the communication between the business and citizens
and improved communication system and to get good governance tools. The
customer needs to see the public services if it isn’t applied or will there be problems
of interior and exterior obstacles to electronic government accomplishment which
influence citizens and businesses to utilize commence and electronic services (Edwin
and Lua, 2003)
The internal problem is primarily up-coming which includes most frameworks
that are located in one place. These problems are related of realizing of better
understanding of the common vision and mission of e-government.
Providing leadership to a various levels to turn vision in to action, where leader
will be trained on how to ensure the accurate administrative system to help
organization in e-government accomplishment. The institution cant operates in
remoteness so it is required for assistance to make sure interoperability passed-up
copy services to make sure that this still government official possesses knowledge to
develop the operation, and to estimate victory.
Government faces obstacles from exterior in developing e-government due to
the fast technological change. However, choosing the best stander technology and the
53
other challenges is that people having no PC or doesn’t use to the internet and people
who make use of the online systems needs full assurance of privacy and protection
that their information records will not violated or changed. The achievement of egovernment procedure mainly depends on framework for their function. For an
example, digital signatures are used for submission electronic service.
Risk is an identifiable, possible what matter or negatively impacts with egovernment initiative is that the stakeholder must practice some assess control risk
management regarded with of e-government activates programs, which has some
ability to mitigate accountability of the program. The major risk in developing of egovernment plan to mitigate each risk has listed as fellow (Lau and Edwin, 2003).
2.15.2 Budget Barrier
The government operates with funding arrangement on the development price
of e-government that is extremely high for the government. Therefore, both longer
term financial support and teamwork among the government institution should be
consider and predefined. This problem can only solved by the following steps:
i.
Developing direct project that could be leveled presently based on demand of
the project.
ii.
Convince the user of the new technology and innovation commercial
arrangements to private sectors to fund in electronic government.
iii.
Supporting planned business partnership with expert international dealer to
fund e-government.
iv.
Practical well progression phases for e-government rollout.
54
2.15.3 Common Technical Framework and Infrastructure
Challenges incur from the failure of government organization to be in touch
from one another and inconsistent decision between the government agencies.
Government can do a lot to help and provide common shared rules and stander and
this can be easy solved by using shared inter agency working group side by side or
with obvious governs to supervise and enforce government policy and stander.
2.15.4 Digital Divided
Resource with Nusajaya ICT Center doesn’t have the basics knowledge to
apply e- government strategic and this can be solved by:
i.
Maintenance of government bodies for IT training and other required
skillfulness on the staffs.
ii.
Hire professional staff with required skills.
iii.
Motivation for government agencies to fund in rising ICT proficiency
internally.
iv.
Provide and make links local universities and colleges on job preparation to
the students.
v.
Promote maintenance of trained professionals in collaboration with other
programs.
55
2.15.5 Privacy and Security Concerns
Government is responsible to offer role and regulation in developing of civic
polices, and divide imperative position with business, organizations, business and
individual for guarantee protected access of the computer. This crisis can only be
resolved by increase responsiveness among the shareholders, lift up accountability
and improve modify management.
2.15.6 Rapid Technology Change
The government faces problems in expect future policy impact in details of the
fast moving technological changes. These issues can be solved by:
i. Extreme performance requirement rather than specifications.
ii. Participation of shareholder in one process.
iii. Looking for international cooperation.
iv. Re-arranging e-government strategy with political and change.
2.15.7 Citizen Expectation and Seamless Services
Governments are offering high quality electronic service to their customers, but
they failed to understand citizens need. This kind of crisis is resolved by general
responsiveness of e-government initiative among the shareholders. These obstacles
56
needs to be understood and sense of mission shared across all level of government
institutions.
2.16 Discussions
E-government service system is used by the government authority of
information and communication technology (ICT) to provide general service for
citizen and business which in particular, meant for service to the public participation.
E-government became the international phenomenon since last twenty years of
technology development. Many governments around globe have implemented egovernment in the belief that its ability of improving efficiency, transparency, cost
effectiveness in government, therefore security of e-government has also became key
hot issues.
2.16.1 Implementations of E-government
In this chapter, many e-government security aspect and implementations were
presented. The implementation of e-government was discussed. In this case, ICT
plays an important role in e-government implementations particularly internet which
provides new way of working with public administrations together with enhanced
provision. This regards with IT communication and how to protect and measure
security of electronic government became hot, this chapter from the approach of
security threat supervision analyzes the measures of electronic government security
risk managing and the corresponding countermeasures are proposed.
57
i.
Service Security of e-government: several e-government services are covered
which plays of crucial in promoting services quality. E-government services are the
access of IT, and the internet to improve public access, customer’s service
efficiently. However, it’s also recognized that customer and citizen have the right to
choose how service is delivered either directly used in web and mobile phone
whatever.
ii.
Threats of e-Government: threats of e-government research described two types of
threats that associates with e-governments:
internal and external where threats
analysis examines the assets that need protections and potential sources of the
threats.
In contrast, security is the protection mechanism of ICT assets of egovernments as these assets are the portfolio of the organizations. External assets
that lies out of the organizations including assets on clients’ remote users and
business partners who need to communicate and collaborations with organizations.
On the other hand, internal assets are whose inside of the e-government systems
includes data, information, knowledge resource and programmers.
2.17 Chapter Summary
This chapter provides widely in e-government implementations process and
risk security aspects. It also covers much of the security importance and the roles that
security plays in e-government, benefits of e-government, values, and risk factors of
e-governments. This chapter has made a ground work for conceptual risk security of
e-governments and major challenges that arise in information communication
technology.
CHAPTER III
RESEARCH METHODOLOGY
3.1
Introduction
The purpose of this chapter is to present and justify research methodology used
in this study. In this chapter, we will present and describe how the data will be
collected. The presentation of the chosen technology includes discussions concerning
the research approach, research strategy and research method.Finally the chapter
discusses on the quality of the research undertaken.
The main purpose of this research is to identify risks security in e-governments
and activities associates with transactions related to the e-governments. The study
also investigates manners in which e-government security can provide more efficient
and effective customer’s centric services and extended e-government reliability. On
the other hand, this research also looks the different types of risks and threats,
challenges that encountered of e-government and how to ensure security measures to
these threats as well.
59
3.2 Research Strategy
The choice of research approach is not only dependant on research’s
epistemological position and pre knowledge but also influenced by the research
questions that were set out to illuminate (Morse,et. al,1994).
Quantitative research: This research is used to respond questions about
relationship between precise variables with the point of describing, generating and
controlling phenomenon. This approach is sometimes called traditional, experimental
positive approach. Quantitative research seeks explanations and production that will
generalize to the other persons and places. This intended is to establish confirm or
validate relationship to develop generalizing that contributes.
3.2.1 Qualitative Research
This research is normally used to respond questions regarding to the complex
nature of phenomenon, frequently with the point of explaining and consideration
with the phenomenon from the applicant concepts. The qualitative approach is used
as the interpretative, constructivist, or post positivist approach.
The qualitative research seeks a better understanding of complex situation their
work is often exploratory in nature, and they may use their observations to build
theory from the ground up. The qualitative and quantitative process refers to the
technique one selects to treat and study the chosen data/ selectivity and remoteness to
the entity of research characterize a quantitative approach. While, a qualitative
60
approach is characterized by closeness to the object of research both have their
power and weakness, and neither one of the approaches can be.
3.3 Operational Framework
To make sure that all research activities are well-organized, research
methodology is needed to guide these activities to the right direction. However, to
gather all the information relevant to the study, the researcher build a methodology
or operational framework to make sure that all the tasks of the research have been
done clearly. Figure3.1 shows research methodology frameworks. AndTable 3.1
shows the operational framework.
61
Phase 1
Research Initiation &
Planning
Phase 2
Literature Review
Preliminary survey
Survey
Analyze Data
Phase 3
Preparing E-government
Security Model
Evaluate
Model
Yes
No
Phase 4
Report Writing
Research Presentation
Figure 3.1 ResearchMethodology Frameworks
1
project scope.
statement).determine
research question (problem
Objectives from the
x To determine project
question.
x To identify Research
Security in e-government
x To understand the Risk.
Initiation and
Planning
x Understand problem
x To plan project.
Project
the problem.
domain and existence of
TASKS
OBJECTIVES
PHASES
METHOD
NTS /
INSTRUME
Table 3.1: Details of Operational Framework
x Project scope.
x Project objectives.
x Project proposal.
DELIVERABLES
62
62
Literature
x Survey
x Review
2
respondents’ reflections
research by observing
x To obtain viability of the
opinions.
Bahru.
ICT department in Johor
special Staffs in Nusajaya
accessibility in Malaysia,
government service
analyzes to obtain result.
x Using respondents’
people involved with e-
To conduct survey about
gather the related data and
x To conduct survey and
x Survey
through Survey.
x Data Collected
service security.
government
of the e-
understanding to
the research objectives.
papers, etc.
x Proud
The whole concept
collected materials, and
security methods.
research
perspective study.
resources according to
sources, sorting the
government service
articles,
from different
x Collecting ideas
the
and other reliable
previous research on e-
journals
x Books,
selecting appropriate
material form internet
x Collecting related
related to topic issues and
x To study and get opinion
63
63
4
3
Project
presentation
final report
x Writing the
Model
understandable way.
analyzed the date carefully.
to take place.
Project outcome.
with others.
share your projectresult
projectpresentation to
x Prepare
organizing all the data in
to the research and
Final report writing going
Combining and
x Write the report by
requirement.
government security
model based on e-
x By designing the security
for Malaysia.
Service Security model
x Designing E-government
survey results in it.
model by integrating the
x Revising the proposed
relevant information regard
After collecting all the
x Present the complete
x
security framework.
Government
Security
x To design and develop
survey results in it.
model by integrating the
x To revise the proposed
data
x To analyze the collected
x Preparing e-
Analyze Data
skills.
writing
report
x Using
Software.
x SPSS
x
report.
Complete final
model.
service Security
x E-government
64
64
65
3.4 Data Collection
Data collection is an expression that is generally used to explain a method for
preparing and gathering data and the objective of data gathering is to get information.
In data collection phase, the task for the researcher is to collect all relevant data
about the research topic. These are the following sources that date has been
collected.Data can be divided in to two categories: primary data and secondary data.
3.4.1 Primary Data
In this research, the main primary data drafted from:
x
Survey
Survey is a research mechanism consisting of a sequence of questions and
other prompts for the point of collecting information from respondents. Questions
will be distributed to particular group of
respondents through sampling. The
researcher will set questionnaires with various ways, like survey, mail and internet,
or faxes. The researcher will write the questions properly and provides concise
instructions. Finally after the question being prepared, the researcher will test the
questionnaires and distribute to the selected number of samples to find the research
weakness.
66
3.4.2 Secondary Data
There are different sources for secondary data including:
i.
Books
ii.
Journals
iii.
Articles.
iv.
Electronic Documents
o
Websites.
o
Online materials.
o
E-journals.
3.5 Sampling and Respondents
The respondents were collected from Nusajaya and ICT department in Johor
and questionnaires are distributed to e-government users, Government Employees at
deferent levels’. A total of 70 people from various positions were selected, so as to
provide in depths information about the topic through survey and sessions.These
respondents were chosen as random from the above list to complete the study their
perception of the e-government security system and policies in Malaysia.
67
3.6
Data Analysis
Upon completion of data collection, process of analysis will be conducted to
analysis data and information extraction.Several steps are required including
personal data,activities of e-government risk security, and implementations of egovernment systems. Later, by using SPSS software, data will be edited and a result
will be presented in graphics, tables and charts with detailed information to provide
relevant information for the study.
3.7
Project Validity and Reliability
Validity: when we judge the strength of research study we require to ask two
basic questions, first does the study have adequate controls to make that the
termination we illustrate are really warranted by the data.
Secondly, isn’t possible that we can utilize thing that we have view in the
research condition, to build the generalization on world beyond that exact situation.
The answers to these 2 questions deal with the subject of interior validity and
exterior validity respectively (Leady andOrmrod, 2001).
68
3.7.1 Reliability
Reliability of measurements is to extend to which it yields consist result when
the characteristic being measures has changed. A researcher can enhance the
reliability in several ways; first the instrument should be monitored in constant
fashion and should be standardization in uses of the instrument from situation or a
person to text.Secondly, to extend the subjective judgment are requited, third any
researcher assistance that are using instrument should be well trained so they can
obtain similarly story.
3.8
Project Schedule
Project schedule will list down the overall project schedule including the
project start date and end date, and the activities that needed to do during the
research according to the objectives of the project. The details of the project schedule
are shown in Gantt chart attached in Appendix A.
69
3.9
Chapter Summary
This chapter provided brief description of the methodology used for this
research activities were organized using operational framework, data collection was
defined to be a process of collecting data from different sources. There are two
sample of population consist of 70 people will be respondents of the research. Data is
analyzed by using SSPS software and project activities are scheduled to be
completed with a limited time is presented.
CHAPTER IV
DATA COLLECTION AND DATA ANALYSIS
4.1 Introduction
Provided that, the research design has be successfully developed the nest phase
would be necessary on the matter of data collection and analysis. A set of survey
instrument for data collection purpose is chosen. A survey questionnaires consisting
of ten questions which were divided into three main sections, different question
types, such as scale ranking; Yes/No questions were used. The different section of
the question was, i) Respondents profile, ii) Identifying risks and importance of egovernment service security. iii) Recommendation and commits.
71
Technical staffs from Nusajaya ICT (Johor Bahru) were chosen as the
respondent of this study as they have basic background of e-government service and
security appropriate methods.
Besides that, priority was also placed on the respondents in the sense that the
respondent must be a staff member of Nusajaya ICT centre. This will give the
researcher wider and better understanding of the research questions. Later, the
completed surveys were analyzed using SPSS software.
The descriptive procedures in SPSS provide mean value and Standard
Deviations (SD) for variables. It also provides the minimum and maximum value. It
is a good practice in Likert Scale questions to print means value, since the number
that is obtained can provide an indication of what average answer is. The SD is also
important because it gives us an indication of the average distance from the mean
value. The low SD means value upshot the most observations center on the means
value. Conversely, higher SD means value that there were a lot of variations in the
answers. SD of zero is obtained when all responses to a question give the same
answer.
4.2 Survey Analysis
As mention above, only one set of questionnaire were used in this research. It
was designed for technical staffs and citizens to extract implicit information from
them.
72
4.2.1 Survey Findings
Based on the studies objectives, 70 copies of survey set was distributed fairly
to the ICT Centre but returned were only 21 copies. The design of this questionnaire
was divided into three sections and is categorized below.
The design of this questionnaire is divided into three sections:
Section A:
Respondent Details.
Section B:
Identifying Risks and Importance of E-government Service Security.
Section C:
Recommendation of E-government Service Security.
4.3 Respondent’s Profile
Table 4.1: Profile Gender
Gender
No. of respondents
Percent
Male
36
60
Female
24
40
Total
60
100
73
Gender
0
F
Female
40%
Male 60%
0
Figure4. 1: Gender Profile
The figure 4.1 shows the details of survey respondents byy gender, there are
more males in compaarison of female, out of 21 respondents who ggives their feedback
60% were Males while 40% are female.
QA2. Respondents Age
A
12
50%
10
8
6
22%
22%
Frenquence
percent
4
2
0
18-25
5
26-30
More than 30
Figure 4.2 Respondent’s Age
74
Figure 4.2 above shows the details of survey respondent’s age; researcher
found an increase of respondent’s dependence on e-government service, age ranges
was occurred. Majority of the respondents were between 26-30 years.
The finding also illustrate that, younger citizens possess the skills and
knowledge necessary to use the computer and internet. The older age group consist
of respondents who have little basic on accessing e-government service by online.
Out of 21 respondents who give their feedback 22% are under 25 years, where 50%
are 26-30 years old and another 22% are above more than30 years. Here below are
summarized.
i.
18-25 years:
22%
ii.
26-30years:
50%
iii.
More than 30 yrs
22%
QA3. How long have you been using e-government service (please rate you answer
1 less important, 5 most important)?
Respondents were given number of years being using e-government service,
1-5 years and 5-10 years as can be seen chart below.
75
90%
80%
70%
60%
50%
40%
30%
20%
10%
0%
81%
13%
%
1-5years
5-10yeaars
Figure 4.3
4 Respondent’s Usage of e-Government Seervices
The figure 4.3 showed,
s
that the majority of the respondents have been using egovernment in betweeen 1-5 years while some of them stated more than five years.
4.4
Identifying Rissk and Importance of E-government Securrity
QB.1 which of the following are severe (more dangerous) rissk to e-government
service delivery (pleaase rate your answer 1 less important and 5 m
most important)?
Respondents were
w
given list of e-government risks includiing, hacking, cyber
attacks, internet worm
m, denial of service and viruses.
76
Table 4.3 Risk on e-Government Service Delivery
E-government risks
Number of Min
Max
Mean
SD
Respondent
Hacking
21
1
5
3.33
1.065
Cyber Attack
21
2
5
3.48
.981
Internet Worm Attack
21
1
5
3.05
.921
Denial of service
21
2
5
3.38
1.024
Viruses
21
2
5
4.19
.928
Table 4.3 shows great varies among e-government risk. Five risks were
examined in this survey. To present the outcome of the survey, mean and Standard
Deviation was used. Five-point scale is used whereas 1 =Not important, 2=less
important, 3 =neutral, 4= important, and 5 = most important. As it shows in the table
4.3 viruses has a higher mean value which is 4.19. There is also a significant
increase in cyber attack, denial of service. Conversely, internet worm attacks (3.33)
have lower ratings. Based on this important statistics, it can be concluded that
viruses, cyber attack and denial of service are the highest risk on e-government
services delivery and could be considered seriously. Similarly, internet of worms and
hacking could be another source of threats but have lower rate.
77
QB2. Which of the following is cyber crime against ICT assets (please rate your
answer 1 less important and 5 most important)?
Table 4.4 Cyber Crimes against Assets
Contents
Number
of Min
Max
Mean
SD
Respondent
Theft of resources
21
2
5
3.71
1.007
Fraud and Swindle
20
2
5
3.55
.826
21
2
5
3.48
1.078
21
1
5
3.57
1.207
20
2
5
3.85
1.040
Black
mailing
and
Cyber Extortion
An authorized system
access
Hacking Government
Website
Table 4.4 shows the cyber crimes against e-government assets. Roughly, there
are five cyber crimes were tested in this survey. Respondent’s feedback greatly
varies based on the five scales “1” less important and “5” most important. Normally
mean and Stander Deviation used to display the result. As can be seen on the table
4.4 hacking government websites has the highest mean value which 3.85. There is
also significant increasing in theft of resources, an authorized system access and
fraud/swindle. It also shows that black mail and cyber extortion has the lowest rate
based on the survey.
78
QB3. Which of the following are cyber crime against government institution and
states (please rate your answer 1 less important and five most important)?
Table 4.4 Cyber Crimes against Governments and States
Contents
Hacking websites
Cyber threat
against states
Information
Warfare
Hacking critical
website
Environmental
Risk
No of
Respondents
20
Mini
2
Max
5
Mean
3.85
Std. Deviation
1.040
21
1
5
3.67
1.278
21
2
5
3.71
.902
21
1
5
3.57
1.207
21
2
5
3.81
.873
The table 4.4 above shows, all respondent’s feedback is positive yield and
provided the highest priority to the cyber crimes against states. For instance, the
mean values of all first three components shown above. Hacking websites 3.85,
environmental risk 3.81 and Information warfare 3.75 having the highest mean
values. Similarly cyber threat 3.67 and hacking critical website are increasing as
well.
79
QB4. Which one the of the following security management components are the most
appropriate for e-government services (please rate your answer 1 less important and
5 more important)?
Table 4.6 Security Components Appropriate to e-Government Services
Contents
Password
Digital Identity
Biometric device
Access Control
E-government Gateway
No
of Min
Respondent
21
1
Max
Mean
SD
5
4.29
1.146
21
21
21
1
2
1
5
5
5
3.86
3.81
3.71
1.153
.928
1.189
21
1
5
3.76
1.261
Table 4.6 showed respondent’s perception on security management component
appropriate of e-government service. All respondent answered positive to the
security components applicable in e-government service. As observed on the table
4.6, the mean value on password passed 4.29 along with Digital Identity 3.88 and
biometric device 3.81. Respondents also indicated that there is increase on egovernment gateways 3.76 and access control 3.71 respectively.
80
QB5. Which of the following security technology does your organization uses
(please rate your answer 1 less important and 5 most important)?
Table 4.7 Security Technologies in e-Government
Contents
No of Respondent
Min Max
Mean
SD
Data Backup System
21
2
5
4.33
.966
Encryption Methods
21
2
5
3.90
.995
21
2
5
4.19
.981
21
3
5
4.33
.856
21
1
5
3.57
1.165
User Security ID
Management
Internet Security
IDS/ and other
detection
Table 4.7 resulted the research with five types of technologies that organization
uses as security purpose, respondents got positive yield. Based on the table’s
contents majority of the respondents believe that data backup system 4.33, internet
security 4.33 and user security ID 4.19 are most widely used security technology in
e-government. There is lower decrease in mean value of encryption 3.90 and IDS
3.57 and much lower than the other security technologies.
81
QB6. How important are the following security components and activities of egovernment service (please rate your answer 1 less important and 5 most important)?
Table 4.8 Security Components and Activities
Contents
Network firewall
Network Intrusion
Detector
Network Access
Control
Server & work
station security
Anti viruses
No of Respondent
Min
Max
Mean
SD
21
2
5
3.95
.921
21
2
5
4.00
1.000
21
2
5
3.76
.944
21
2
5
4.05
.865
21
2
5
4.10
.944
Table 4.8 indicated, researcher asked respondents perception on network
security components and their role of security in e-government service. By using
scale 1 less important, and 5 most important. Most of the respondents strongly
believe that Antivirus 4.10, server work station security. Network Intrusion detector
4.00 are most reliable network security components which plays an vital role of
monitoring traffics and prevent an authorized access. It also shows that there is low
decrease in mean value. Network firewall 3.95 and network access 3.76 which are
lower than other components.
82
QC7. In your opinion, how state governments can security on their website (please
rate your answer 1 less important and 5 most important)?
Table 4.8 Methods of Securing e-Government Websites
Contents
Privacy Policy being
presented
on
egovernment sites
Authentication log in
Encryption Using SSL
Monitoring traffics
Deliver best Practices
Security rights
No of
Respondent
Min
Max
Mean
SD
21
2
5
3.52
.981
21
21
21
1
2
1
5
5
5
3.90
4.00
3.14
1.091
1.000
1.236
21
1
5
3.57
1.326
Table 4.8 shows contents that can be used for securing e-government website.
There are five different methods of security e-government websites based on the
table. That was examined in this survey. How government can secure their website
by scaling as can seen on the table. Encryptions protocol 4.0 was the highest value to
protect the transmission. User name and password, authentications 3.90 are second
highest mean value to protection privacy and security of websites. Deliver security
rights 3.57 shows the third category of measuring security. Using server management
software to monitor traffic 3.14 and privacy policy being presented on e-government
website are the lows rating.
83
4.5 Recommendatioon on E-government Service Security
QC8. Do you believee that Nusajaya ICT Centre has utilized otheer Technology of egovernment Security Services?
13%
Yes
No
81%
Figure 4.4 Utilizattion of e-Government Security Technologies in Nusajaya ICT
Centre
The figure 4.99 indicates that 81% of the respondents sttrongly agreed that
Nusajaya ICT Centree has utilized other technology on e-governm
ment service security
and 13% disagree this. It shows that respondent is highly optimisttic on e-government
security technology thhat Nusajaya provides to it citizens.
84
QC9. Give your comment,
c
any related technology of e-goovernment Service
Security?
Related technoloy
7%
22%
D
Digital Identity
70%
FFingure prints
N
No commet,
Figure 4.5 Anyy Related Security Technology of e-governm
ment Services.
Figure 4.10 inddicates that 70% of the respondent strongly bbelieves that digital
identity and biometricc devices could be the latest technology can improve for further
security of e-governnment services, while 22% of the respoondents give their
comments on figure print
p
technology. Only 7% did not respond onn the question.
85
4.6
Chapter Summary
A set of survey questions designed and distributed to conduct an analysis to
identify risk on e-government services and security importance of e-government as
well. Data was collected by randomly distributed questionnaires to 70 technical
staffs and citizen on Nusajaya ICT department in Johor Bahru. The chapter has
discussed the respondent’s profile:
i.
All respondent identified risk and threats impact on e-government service.
ii.
All respondents agreed the importance of e-government service security.
iii.
For e-government service, respondents highlighted that cyber attacks, hacking
and viruses are the most sever risks on e-service applications.
iv.
For e-government service security components, respondents prioritized to
password, digital identity token, biometric device. A considerable number of
the respondents also believe the importance e-government Gateway and Access
control are highly effective security tools for e-government service
accessibility for further protection mechanisms.
v.
Out of 21 respondents 81% percent believes that Nusajaya ICT Centre has utilized
other technology on e-government service security and 13% does not believe.
CHAPTER V
E-GOVERNMENT SERVICE SECURITY MODEL FOR NUSAJAYA
ICT CENTRE
5.1
Introduction
Currently, Nusajaya ICT department is an agency that operates for the
coordination of the social development of government organization, especially
information communication technology (ICT). The objective of the case study in
Nusajaya was to get information regarding to the e-government service security
perceptions, in order to improve the previous security measure in e-government
service for Nusajaya ICT centre. This chapter provides e-government service security
and identifies risk and threats towards Nusajaya e-government services security.
Furthermore, based on the result and the key findings from the 21 respondents of
Nusajaya ICT staffs and study of previous models from the literature review, an
enhanced e-government service security model for Nusajaya will be proposed and
the analysis of the previous model is described..
87
5.2
Analysis of Existing Models and Frameworks in E-government Security
There have been various studies been resulted on the analysis for e-government
models that focuses on security. Researcher described in detail on the models which
has be introduced in previous chapter in Table 5.1.
Access Management,
Interaction Control,
&
External.
the
importance
e-
security,
Assets Requires Security Treatment.
including, Hardware, Software and Databases. These
sensitive when it comes for e-government assets
third Is “ICT Asset Environment” which is the key
protected from any harmful security failure. The
environment is needed to be full secured and
require
confidentiality, integrity and privacy. This transport
that
Private Network.
communication
“Transport Environment” which is the channels of
who are using the E-government service, Second is
first component is the “User” User are the citizens
specified area but through many different angles, the
government security will be measured not only
provided deep information about the how the e-
government service security. The Components has
about
the
Electronic.
Security and
Physical and
general information
of e-government security framework that provides in
Under these activities there are three essential Areas
Analysis of the components
System, e.g. Virtual
Communication
Secure.
Identity, Capture,
Internal
(ICT Asset
Environments
Environments
Technology
Process (Transport
E-government Security Model
Users
Components of the Models 1
J.Satyanarayana,2004 Model
Table 5.1 Analyses of Existing Models in e-Government Service Security. (J.Satyanarayana, 2004 & AGDS, 009)
88
88
Security
Management
Security
Collaboration
Components contained by
Model
E-government
2
AGDA 2009, Model
Management
System
of
e-government.
The
Secondly
organization to provide service management to the end users.
government system management and monitoring, enabling
Third one “System Management” which provides rich e-
responsible task managing, sharing information and etc. the
“Collaboration” are working side by side with e-government
components
Digital certificates, are the major security management
Detection and Access control and Incident response and
service are including ID and Authentication, Intrusion
services. Firstly “Security Management” of e-government
participated for security management in e-government
platform, these components are many and effectively
be considered important factors of security management
Security Management Model provides components those can
Analysis of the Components
89
89
90
Numbers of components were taken into consideration when analysis phases
took place on justifying the security model. Based on that, relevant and most suitable
components that fit to the case study were chosen. It is clear that user in any egovernment service and there is no doubt users need confidential, privacy and
security services from the government so they can promote and use e-government
without much worries. Security is an important factor for e-government, because
citizen’s information should be protected from an unauthorized people. Other
important factors are the Users accessibility to the service where citizen are required
to fellow up security procedure, their identity would be captured and digital signature
to prove the validity and verification of the user. We also need to protect ICT assets
in order to minimize the risk and threat sources from any attempt, by using
networking detection intrusion, virus protection and disaster recovery.
5.3
Derivation of the Proposed Model
The study on the literature review provided the basis components of egovernment service security model. A survey was conducted in order to verify the
importance of the components in improving the e-government services security. It
was an ultimately drafted model from two models in literature reviews namely, egovernment security developed (J.Satyanarayana, 2004) and model of security
Management Australian Government, the Department of Finance (AGDF). This also
is compared with the results of recommendation of proposed features from the
findings. The results of respondents pointed some features are important for egovernment service security model. The new proposed model contains: User,
Process, Technology and e-government Service Application component for security
management in e-government.
91
5.4 The Proposed Model
Significantly, result from the analysis, the proposed model is believed will
support the rapid grow on IT revolution and governments which are ready to provide
their secure online service to their citizen over information communication
technology. However, to promote trust on e-government transaction, communication
and interactions, government and its affiliated department are required
to
implements security, privacy and confidentiality in order to gain user trust on the egovernment service. Therefore, researcher proposes e-Government Security model
for Nusajaya ICT centre, which is mainly consist of four components: Users, Process
required technology and e-government application service which is illustrated in
Figure 5.1 shows the proposed model.
92
Figure 5.1 Proposed Model of E-government Service Security
5.4.1 E-government Users
In this section, the e-government user’s involvement of proposed model is
defined. There are two types of users in this model namely, citizens are the key users
of service providing and the government agencies. Government agency’s role is on
delivering e-service acceptance of the service; number of distributed through various
channels, usage of growth, and the information system supporting the service.
93
5.4.2 Process
In this section, there are three processes which user of e-government is
required: Identity Management, Access Management and Interaction Management.
The table 5.2 shows the process.
Table 5.2. User Required Process
Identity management system
Identity management is the process of of
users registration based on user profile by
using unique digital identity. User name
and Password.
Access Management Systems
Access Management is process which
enables user to access the departmental
User/ID, registration, this involves user
verifications of the identity. It also creates
User Authorization to predefined task or
transaction.
Interaction Management System
This process is acts mediatory of user and
the e-government systems which provide
access insurance of a complete security
element.
Including,
Authentication,
Confidentiality and Accountability.
94
5.4.3 Technology
In general, ICT assets are one most important and key sensitive for egovernment assets including, internet, hardware, software, database and knowledge,
which required security treatment. So, to measure their security there are two types
of security: physical and electronically. To secure ICT assets, it requires number of
security for further protecting the internet worm accidents, electrical shocks, network
intrusions and disasters and etc. to avoid the threats, security management
components is identified and summarized in Table 5.3.
5.4.4
Security Components
Table 5.3 Security Components
User Security tools
Descriptions
User Authentication
User Authentication is a process of identifying and
individual based on user profile, User name and
Password in security system. Authentication
usually ensures proper authorization and access to
systems and services; it can be conducted through
the use of logon passwords, single sign-on (SSO)
systems.
95
Digital Identity
Is general used for online system, the term is
refers in computer based with symbol of manual
identification, ID card, Credit cards, this is to
ensure user’s verification by matching to their ID
with the system.
Access control list
An access control list is board of computer file
that internal operating system has which give
permission to every user to particular system,
either with file or directory. Each one of the entity
have security characteristics that recognizes its
access control, it also has access/ entity for every
computer user with high access rights.
Biometric device
is popular device used to comprise technique for
exceptionally recognizing individual based upon
one or tow inherent physical or behavioral
individuality. These features are captured at the
time of registration, converted in to a code using
certain algorithms and stored for comparison at
the time of authentication in IT; especially,
biometrics can be used as a figure of identity
accessing management and accessing control.
Government Gateways
This gives a communication access to the user so
they could have permission to use the information
and provided service to the citizens. Verification
will be done by using ID and Electronic Signature
and User’s privacy will be secured protected.
96
Table 5.4 ICT Security Components
Description
Firewall
A firewall is a part of a computer system or
network
that
unauthorized
is
access
designed
while
to
block
permitting
authorized communications.
Network Intrusion detection system
NID is a process of detecting malicious
attacks made by users to the network system,
including, Denial of service, scanning by
controlling and monitoring network traffics.
Virtual Private Network
Virtual private network (VPN) is defined as a
network that utilizes telecommunication,
including the Internet, to supply distant
offices or one user with highly protected and
secured access to their institution network.
This will help the government to have special
Ethernet in which its security is highly
reliable.
Viruses protection
To protect, detect and remove malware
including computer viruses Trojan horse and
any viruses from entering to the government
information system, Anti viruses must be
installed the entire computer to prevent
remove adware, spyware, and other forms of
malware.
97
Data backup system
Data back system is a process of making
copies of data, so these copies may be used
to restore the original after the data lost or
accidental deleted or corrupted as security
purpose of e-government service. this will
help government to keep track on its service
for high reliable and secure.
Internet Security
Internet security is one of the most important
to security measure of online service being
providing the government. Internet security
is I/S security specifically related to the
internet. Government must establish reliable,
secure internet to measure to use against
attacks, and frauds on the internet.
5.4.5 E-government Application Services
A secure e-government has emerged as critical goal of public administration
across the world while e-government brings the promise of efficient online services
to improve both government as well as delivery of services to the citizens.
Nusajaya ICT centre has been successful in implementing e-government projects
where large numbers of citizens are utilizing it. To obtain a secure e-government
service, is by increasing their productivity as well as their customer’s satisfaction.
Some of current government projects are summarized in table 5.5.
98
Table 5.5 Current e-Government Projects
Current E-government Project
Electronic Services (E-Services
Benefits of Secure e-government.
9 Secure E-service enable citizen business
to transaction,
9 provides multiple delivery channels
9 Enhanced efficient and effectiveness of
government service.
Electronic
Labor
Exchange To get better the recruitment of the state and
(ELX)
human resource and offer one end centre
designed
for
employment
marketplace
information.
9 Systematic marketing of job seeker to
job vacancy
9 Accurate real time labor market data.
E-procurement (Government to
Business)
9 Allows
government
to
conduct
procurement activities via desktop and
online.
9 Make the government to became smart
buyers, cost saving to the government
and supplier
9 Online submission of supplier and
registrations.
Human Resource Management
Provides interface to government employees to
Information System (HRMIS)
perform human resources.
9 Facilitate human resource management.
99
Generic
Office
Environment
(GOE)
9 Enable
transparency.
And
timely
decision making.
9 Enabling right information to the right
people for the right time.
e-Syariah
Provides effective and quality management of
Syariah courts.
9 Speed up judicial process and Syriaha
law
9 Facilitate Management of Syraiha low
and information hub of Syraiha Court
community.
Project Monitoring System
9 Monitoring
and implementation of
development projects
9 Paper less monitoring system.
5.5
User Acceptance Test of the Proposed Model
In this section, the respondents were asked three questions. The questions
consists three points scale. In this scale, users were asked to rate their acceptance of
the proposed model. The respondents’ questions are shown below.
100
Q1 Do you agree to the point that the components of the model are complete?
There are several components that make up the proposed model. In order to
achieve the purpose of the model, it is important to verify its completeness. The
Table 5.6 and Figure 5.2 demonstrate this issue.
Table 5.6 Verifying the Completeness of Model
Frequency
Percent
Disagree
0
0
Agree
8
20
Strongly Agree
2
80
10
100.0
Total
Figure 5.2 Verifying the Completeness of Model
Q2. Do you agree that the components are consistent?
You may have possible components that make up your model but another challenge
is how to make sure that these are consistent.
101
The consistence is meant the relationship between different components and how
they can work together. Table 5.7 and Figure 5.3 show the users’ opinions about
consistency of the components.
Table 5.7. Verifying the Consistency of the Proposed Model
Frequency
Percent
Disagree
0
0.0
Agree
5
50.0
Strongly Agree
5
50.0
100
100.0
Total
Figure5.3 Verifying the Consistency of the Proposed Model
Q3. Do you believe that the Proposed Model is beneficial for Nusajaya ICT Centre?
Nusajay ICT Centre is taken as a case study for this research. The results of
this research should benefit for Nusajaya ICT centre. The users were asked the above
questions in order to identify the model is beneficial for Nusajaya ICT centre.
102
Table 5.8 and Figure 5.4 show users’ opinions about the benefits of the model for
Nusajaya ICT Centre.
Table 5.8 The benefits of the Proposed Model
Frequency
Percent
Agree
1
10.0
Strongly Agree
6
60.0
Total
3
30.0
Figure 5.4 The benefits of the Proposed Model for Nusajaya ICT Centre
103
5.6 Chapter Summary
In this chapter, importances of e-government security model were discussed.
The first was about the best security approach that can be measured on e-government
services. The previous security environment consists of three different environments
User Environment, Transport Environment, ICT assets.
This needs complete
security treatment. The second model gives complete picture about the e-government
security model. The researcher presented his own proposal model and the proposed
model mainly consist of four parts Users, process, ICT. Security components, the
Current Secure E-government Service being provided by the Nusajaya ICT. Lastly
User Acceptance Test was conducted to evaluate the model.
CHAPTER VI
DISCUSSION AND CONCLUSION
6.1
Introduction
In this chapter, discussion and conclusion of the research will be discussed.
The research was written with objectives of finding an efficient e-government
security measurement for Malaysia government. More specifically, the researcher
analyzed risks impact and the importance of security approaches in e-government
services in terms of achieving organizational and operational performance. The main
points this chapter discusses on:
i. Achievements
ii. Recommendation of how to use the Proposed Model
iii. Constraints & Challenges
iv. Aspirations.
105
6.2
Achievements
After collecting data from secondary data’s such as books, research papers,
conference papers, reports, documentations and etc, the concept of e-government
service and the importance of security management systems has been clearly
identified. The list below will show the main achievements of this research:
i.
Finding out the basic concept of e-government security requirement, methods
and issues regarding to the accessing, interacting with e-government systems
and services especially in Nusajaya ICT.
ii.
Identifying the current risks impact on e-government service delivery in
Nusajaya ICT.
iii.
A survey was conducted for different technical staff members of Nusajay ICT
department in Johor Bahru, regarding to the e-government security policy in
Malaysia.
iv.
Finding out the importance of e-government security policy, requirement and
techniques which can be used to manage citizen privacy and security in
Malaysia.
v.
Analyzing e-government security models from the literature review and
derive a model from them that can be used for protection mechanisms in egovernment service delivery.
106
6.3 Recommendation of How to Use the Proposed Model
The model is unique in the comprehensive inclusion of all known security
issues in a form that can be used by e-government service security. Using the new
model will assist Nusajaya ICT department to achieve the following:
i.
First the model will introduce to Nusajaya in comprehensive inclusion of known
security in form that can be used in e-government.
ii.
Once the organization fully understand the concept and the concrete realization
of the security model.
iii.
They will achieve the basic rating security complete, level of security expected
from government department.
iv.
They will agree and determine by e-government authority and its affiliates to be
set and standardize the model based on discussion and consensus among all
participates and e-government security and e-service provisioning.
v.
Influence the management of the e-government in testing the model and
contribute in the validity process.
6.4 Constraints and Challenges
While conducting this research, there were some constrains and challenges
faced by the researcher. The constraints that the researcher faced during the research
are listed below:
i.
It took a long time to identify and analyze the best security approach of that
can solve e-government service delivery problems.
107
ii.
The limited time to identify more in-depth research and studying is another
challenge to collect the complete information of understanding of the
research study area.
iii.
It is hard to choose respondents of the survey since e-government is
confidential and government business.
iv.
The researcher distributed the survey questionnaires to Nusajaya ICT Centre
as whole ICT staff departments and he had reserved an appointment for
collection, thus the researcher is not able to classify the category of the
Nusajay ICT staffs.( weather they are technical or other staffs).
The challenges the researcher faced are listed below:
i.
Different models from different authors were used in the literature review for
reviewing e-government security model. However, it is somehow
complicated in deriving a model for e-government security model from them.
ii.
It is quite challenging in choosing which model is more suitable to use for
developing e-government security in Nusajaya ICT Centre and how it will
look like?
iii.
The other challenging thing is that choosing the most appropriate security
approach of e-government service model in Nusajaya ICT.
6.5 Aspirations
There are some key points that have been achieved during this project research.
These achievements include reviewing the literature about the research, identifying
models for managing policies, deriving a model from these models, and coming up
with the idea of developing e-government service security model for Nusajaya.
108
At the end of research, the achievements of the research that the researcher has
done are as follows:
i.
All the project objectives that have been highlighted in the introduction chapter
will be successfully achieved.
ii.
A good looking e-government security model for Nusajaya ICT Centre will be
developed and this will be the model of the research.
iii.
The proposed e-government service security model for Nusajaya ICT Centre
will provide to the full privacy, security, trust and confidentiality to the citizens,
government agencies to have an access the government online service through
the internet any time and where with no worries.
iv.
The proposed Model will also help for the Nusajaya ICT Centre to manage
user’s privacy and security issues whenever problem happens, this will increase
users demand of the services.
v.
The proposed e-government security model will also provide clear
understanding of the security requirement of e-government service delivery.
6.6 Chapter Summary
This chapter presented the overall discussion of the research and all the
activities that should be completed in research have been discussed. It also discussed
the proposed e-government service security model in Nusajaya ICT Centre for better
achieving citizen’s privacy, security and trust on e-government service.
109
REFERENCES
Celik, M. U., Sharma, G. and Tekalp,
A.M. (2004).Collusion-Resilient
Fingerprinting by Random Pre-warping.Signal Processing Letters, 11(10), 826830.
Chopra K. Wallace W. A. (2003). Trust in electronic environments. In 36th
AnnualHawaii International Conference on System Sciences (HICSS'03), pages
331-340, BigIsland,Hawaii.
Clark (2003).Managing the transformation to e-government: An Australian
perspective(Article published online: 27 Jun2003 DOI: 10.1002/tie.10087.
Edwin Lua(2003). Challenges for e-government Development 5Th Global Forum on
Reinenting Government. Mexico City.
Gilbert D., Balestrini P. and Littleboy D. (2004).Barriers and benefits in the
adoption of e-government.The International Journal of Public Sector
Management,17(4):286-3.
Gresham, M. T. and Andrulis, J. (2002). Operational efficiency and organizational
effectiveness: IBM Institute for Business Value executive brief in association
withRobert H. Smith School of Business, University of Maryland. (p. 1-4).
Herodotus. (1992).Maintaining Information Security in E-Government through
Steganology. The Histories, London, PA: J. M. Dent & Sons Ltd.
Higgins, H. N. (1999). Corporate system security: towards an integrated
management approach. Information Management and Computer Security,7(5):
217-222.
110
J Pascual, P. (2003). E-government UNDP e-Asia Pacific Development information
program (UNDP-APDIP). R. C. Bangkok. Bangkok. 08: 101.
J Pascual, P. (2003).E-government-Asian –Pacific Development Information
Program.(E-ASEAN TASK FORCE (UNDP-APDIP).
Access
from
http://www.apdip.net/publications/iespprimers/eprimer-egov.pdf
J. Satyanarayana (2004). E-government: The science of the possible. New Delhi,
Prentice-HallPrivate.
Jennifer O’Neill (2000) Introduction to e-Government Archive Technical
Information Series, #158.
Kaur (2003).Malaysian e-government Implementation Framework. (Accessed from
http://www.mendeley.com/research/malaysian-egovernment-implementationframework).
Kertesz(2003).E-government Effectiveness and E-taxation.No. 31E/2010 pp. 48-57.
Leedy, P. D., and Ormrod, J. E. (2001). Practical Research: Planning and design (8th
ed.). Upper Saddle River, NJ: Prentice Hall.
Markus
Kahn.
Information
(1995)
Steganology.Mailing
List,
5
Security
July
in
E-Government
1995.
through
Accessed
from
http://www.petitcolas.net/fabien/stegnography/mailing.list.html
Mercuri R.T. (2005). Trusting in Transparency.Communications of the ACM,
48(5):1519.
Mitchell
E.
Daniels
(2003).
E-Government
Strategy
Implementing
the
President's Management Agenda for E-Government.
Morse, Michael Barrett, Maria Mayan, Karin Olson, Jude Spiers(1994).Verification
Strategies
for
Establishing
Research.International
Reliability
Journal
of
and
Validity
in
Qualitative
Qualitative
Methods
Volume: 1, Issue: 2, Pages: 13-22.
O’Harr, R. (2004).No Place to Hide. New York: Free Press.
OECD (2003).The e in e-government.Organizations for Economic Co-operation and
Development.The OECD Observer, Sep 2003(239):45.
Patton, M.A. and Josang, A. (2004).Technologies for Trust in E-commerce.
Electronic Commerce Research, 4(1-2):9-21.
111
Su, J. K., Eggers, J. J. and Girod, B. (2000).Capacity of Digital Watermarks
Subjected to an Optimal Collusion Attack. Proceedings of European
Signal.Publications of Joachim Eggers.
Tassabehji,
R.,
2005(a).
Information
Security
Threats.Encyclopedia
of
MultimediTechnology and Networking, Pagani, M. Ed.pp.404-410.Idea Group
Reference.
Trappe, W., Wu, M., Wang, Z. J., and Liu, K. J. R. (2003).AntiCollusionFingerprinting for Multimedia. IEEE Transactions on Signal
Processing, 51(4), 1069– 1087.
Weirich, D. and M. A. Sasse(2002).Pretty Good Persuasion: A first step towards
effective password security in the real world. ACM/SIGSAC New Security
Paradigms Workshop, New Mexico.
West. D. M. (2004)Maintaining Information Security in E-Government through
Steganology.Global
E-Government,
2004
Full
Report.Accessed
from
http://www.insidepolitics.org/e-govt04int.html.
Yousafzai,S., Pallister, J.G. and Foxall, G.R., (2005). Strategies for Building and
Communicating Trust in Electronic Banking: A Field Experiment. Psychology
& Marketing, 22(2):181-202.
Zhang Chongbin, 2002. The Application of Information Security Technology in EGovernment System Netinfo Security. No.9. 45-46. (In Chinese).
112
APPENDIX A
GAINT CHART
113
APPENDIX B
SAMPLE OF SURVEY
Dear Respondents.
I’m Doing Master’s thesis in IT Management under FSKSM, University Technology
Malaysia (UTM).
The purpose of survey is to identify risk, and importance of security in eGovernment services. So your responses will play great role of building egovernment service security Model.
This survey is divided into three sections.
x
x
x
Section A: Demography of Respondent.
Section B: Identifying risk, and importance of security in e-government
services.
Section C: Recommendation of e-government security service.
All your valuable information is confidential and can only be used for this research,
please take few minutes for these questions, “Thanks you” for your co-operations
Supervisor:
Assoc.Prof. Dr Othman Bin Ibrahim
Department of Information Systems
Faculty of Computer Science
and Information Systems
81310 UTM Skudai, Johor, Malaysia
Tel: +601-27477698
Email: othmanibrahim@utm.my
Jama Mohamed Jama
Master Candidate
Faculty of Computer Science
and Information Systems,
81310 UTM Skudai, Johor,
Malaysia
Tel: +6017-3150783
Email: gooraf88@yahoo.com
114
Section A. Respondent profile
1. Gender:Male
2. Age
Female
18-25
26-30
more than 30
3. How long have you been using e-government service delivery, such as E-paymentcommerce, e-business, health and education?
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Section B: Identifying risk, and importance of security in e-government service
Definition: E-government security is considered one of the crucial factors for
achieving advanced stage of e-government. As the number of e-government services
introduced to the user increases, a higher level of e-government security is required.
1. Which of the following are sever risk to the e-government services delivery?
Risk of e-government
Rate of appropriation
1= Less important
5= More important
1
Hacking :
Cyber attacks:
Internet worm accident
Service denial
Viruses
2
3
4
5
115
2. Which of the following is cyber crime against ICT assets?
Cyber crime against ICT Assets
Rate of appropriation
1= Less important 5= More important
1
2
3
4
5
Theft of resources (data and information)
Fraud and Swindle
Blackmailing and cyber extortion
An authorized or illicit system access
3. Which of the following are cyber crime against government institution and states?
Cyber crime against ICT Assets
Rate of appropriation
1= Less important
1
2
Hacking government websites
Cyber threat against States
Information warfare
Hacking critical websites
Environmental Risk
5= More important
3
4
5
116
4. Which one the of the following security management component are the most
appropriate for e-government services?
Activity
Password
Digital
Identity
Token
Biometric
Device
Access
control
Egovernme
nt
Gateway
Description
An arbitrary string of characters
chosen by a user or {system
administrator}
and
used
to
authenticate the user when he
attempts to log on, in order to prevent
unauthorized access to his account
Digital identity is the network or
internet that equivalent to the real
identity of the person. when used for
identification in connections or
transaction
Biometric are automated methods of
recognizing a person based on
physiological
or
behavioral
characteristics among the features
measured are, face, figure print, hand
geometric, hand writing, iris, and
retinal.
Network Access Control (NAC) is a
computer networking solution that
uses a set of protocols to define and
implement a policy that describes how
to secure access to a network nodes
by devices when they initially attempt
to access the network
Provides an infrastructure whereby
the citizens can have secure access to
the information and services they
need. Through this platform, where
ID verification will be done through
password and e-signature and the
privacy of personal information will
be protected,
.
Rate of appropriation
1= Less important 5= More
important
1
2 3
4
5
117
5.
How important are the following security components and activities of e-government?
Security
component
Description
A firewall is a part of a
Network
computer system or network that
firewall
is
designed
to
block
unauthorized
access
while
permitting
authorized
communications
NID is an intrusion detection
Network
system that tries to detect
Intrusion
malicious activity such as denial
detection(
of service attacks; port scans or
alerting or
even attempts to crack into
alarming
computers
by
monitoring
network traffic
Network Access Control (NAC)
Network Access is a computer networking
control
solution that uses a set of
protocols
to
define
and
implement
a
policy
that
describes how to secure access
to a network node by devices
when they initially attempt to
access the network.
Server & work
Workstation Security offers
Station security proven,
workstation
PC
monitoring and surveillance
software to protect vulnerable
endpoints
accessing
your
corporate network or even your
desktop
PC.
Perfect
for
monitoring employees in your
workplace
Antivirus
systems
Software that is used to prevent,
detect, and remove malware,
including computer viruses,
worms, Trojan.etc
.
Rate of appropriation
1= Less important 5= More
important
1
2
3
4
5
118
6. .Which of the following security technology does your organization use?
Security technology of e-government
services
Rate of appropriation
1= Less important 5= More important
1
2
3
4
5
Data Backup systems
Encryption methods
User Security ID management
Internet Security
IDS/A and other detections
.
119
7. Other E-government service security issues and methods, Please describe
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
8.
In your opinion, how important are state government security measure on their website?
E-government security measures on their
websites
Rate of appropriation
1= Less important 5= More
important
1
2
3
4
5
Privacy policy being presented on e-government
sites
Authentication Log in to protect account privacy
Encryption using SSL encryption to protect data
transmission
Monitoring using software program to monitor
traffic
Delivers best practices security right out of the box
.
120
9. Do you believe that Malaysia has utilized other technology y of E-government
Security services?
Yes
No - if no, skip to
10. Any comments relating technologies for e-government service security?
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Thanks you” for your co-operations
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Thank you for your cooperation
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
“Thank you”
121
APPENDIX C
SAMPLE OF QUESTIONNARIES
User Acceptance Test: User Acceptance Test was conducted in order to evaluate the
validity of the new proposed Model. So, respondent of Nusajay ICT Centre were
requested to answer these questions below.
Respondent profile:
1. Gender:
Male
Female
Q1 Do you agree to the point that the components of the model are complete?
Disagree
Agree
strongly agree
Q2 Do you agree that the component of the model is consistent?
Disagree
Agree
strongly agree
Q3 Do you agree that the proposed model is beneficiary for Nusajaya ICT Centre?
Disagree
Agree
strongly agree
“Thank you”