E-GOVERNMENT SERVICE SECURITY MODEL FOR NUSAJAYA ICT CENTRE Jama Mohamed Jama UNIVERSITI TEKNOLOGI MALAYSIA E-GOVERNMENT SERVICE SECURITY MODEL FOR NUSAJAYA ICT CENTRE JAMA MOHAMED JAMA A dissertation report submitted in partial fulfillment of the requirements for the award of the degree of Master of Science (Information Technology – Management) Faculty of Computer Science and Information Systems Universiti Teknologi Malaysia JUNE 2011 iii I dedicated this dissertation to my beloved family and my supervisor Assoc. Prof. Dr Othman Bin Ibrahim for their life-time sacrifice, love, encouragement and blessing and special thank goes to my beloved uncles and cousin, Omar Abdi Ali, Abdulrahman Mohamoud Ali and Degan Abdulrahman for their valuable support and assistance. iv ACKNOWLEDGEMENT First and foremost I thank Allah that I am able to complete my Master’s research Secondly; I wish to express my sincere appreciation to my supervisor, Assoc. Prof. Dr Othman Bin Ibrahim for his encouragement, Advice and guidance. He inspired me greatly to complete my dissertations and his willing to motivate me contributed tremendously to my research. Thank you for giving me the opportunity to experience this challenging field. I also would like to thank my respectful examiners for the initial and vive assessments and comments of this research that will keep me encouraged. I would also thankful to technical staffs of ICT Nusajaya for their collaboration. I would also like to express my appreciation to all the lecturers and my colleagues of MSc IT Management programs in UTM Campus Johor Bahru specially FSKSM post Graduate Studies’ Lecturers, staff for their support and encouragement. I would also like to express my appreciation to Kak Lijah with her support views and tips. v ABSTRACT E-government security is considered one of the crucial factors for achieving an advanced stage of government. As the number of e-government services introduced increases, higher level of e-government security is therefore required. In order to provide a highly secured yet responsive and economical access of government service for the citizens, security is seen as the primary goal for businesses and as their trusted partners. Over the past years, security has evolved from technology issues in the government institutions as it also affects the daily security related incidents such as network intrusion, hacking, viruses or denial of services attacks. The participants of this research are ICT technical staff of Nusajaya ICT department in Johor Bahru. Survey questionnaires instrument where chosen as the data collection method to study the risk and threats associates with e-government service and its security measures. The focus of the research relies on how egovernment service security will help citizens and analysis the current existing egovernment security. Via the initial planning using the suitable methodology for the analysis and design phase guided the research towards the development of proposed model which will help the existing e-government security. vi ABSTRAK Keselamatan E-Kerajaan merupakan salah satu faktor penting bagi mencapai kemajuan perlaksanaan E-Kerajaan. Oleh kerana jumlah perkhidmatan E-Kerajaan yang diperkenalkan kepada pengguna meningkat, maka tahap keselamatan EKerajaan yang lebih tinggi amat diperlukan. Bagi menyediakan keselamatan yang tinggi, responsif dan capaian yang menjimatkan terhadap perkhidmatan kerajaan kepada masyarakat, maka keselamatan ini juga menjadi perkara utama terhadap perniagaan dan rakan kongsi lain yang dipercayai. Oleh itu, peserta yang terlibat di dalam kajian ini adalah terdiri daripada kakitangan teknikal di Jabatan ICT Nusajaya Johor Bahru, dan penyelidikan ini adalah untuk mengkaji risiko yang berhubungkait dengan keselamatan perkhidmatan E-Kerajaan. Sepanjang tahun lalu, keselamatan telah berkembang dari isu-isu teknologi dalam kerajaan elektronik, malah agensi kerajaan juga dipengaruhi setiap hari oleh isu keselamatan berkaitan seperti gangguan rangkaian, pencerobohan, virus atau serangan terhadap penolakan perkhidmatan, dan beberapa kejadian telah dilaporkan tetapi kebanyakan daripada masalah tersebut tidak dilaporkan. Semasa kajian ini dijalankan, persoalan penting telah ditumpukan terhadap; bagaimana keselamatan perkhidmatan E-Kerajaan dapat membantu masyarakat, di samping menjalankan analisis terhadap keselamatan EKerajaan secara terkini dengan melakukan beberapa tinjauan. Metodologi kajian ini adalah merangkumi aspek perancangan awal, analisis dan rekabentuk penggembangan cadangan model yang dapat membantu keselamatan E-Kerajaan. vii TABLE OF CONTENTS CHAPTER 1 2 TITLE PAGE DECLERATION ii DEDICATION iii ACKNOWLEGMENT iv ABSRTACT v ABSTRAK vi TABLE OF CONTENTS vii LIST OF TABLES xi LIST OF FIGURES xii LIST OF APPENDIX xiii RESEARCH OVERVIEW 1 1.1. Introduction 1 1.2. Background of Study 2 1.3. Problem Statement 4 1.4. Objectives of the Study 5 1.5. Research Questions 5 1.6. Importance of the Study 6 1.7. Scope of the Study 6 1.8. Chapter Summary 7 LITERATURE REVIEW 2.1. Introduction 8 8 2.2. E-government Implementations 9 2.3. Value of E-governments initiative 11 viii 2.4 Benefits of E-government Initiative 2.5 Challenges of E-government 12 14 2.5.1 Access Issues 15 2.5.2 Technical Issues 15 2.5.3 Human Factors 15 2.5.4 Service Delivery Issues 16 2.5.5 Delivery Integrated Services 16 2.5.6 Resource Issues 17 2.5.7 Other Issues 17 2.6 Security of E-government Service 18 2.6.1 E-Government Security: a Citizen’s Perspective 19 2.6.2 The Government’s Perspective 19 2.6.3 Constituents of Trust in E-government 20 2.6.4 Domain of Trust in E-government 20 2.7 Importance of Security in E-government 21 2.7.1 Information Intercepting 21 2.7.2 Information Tampering 22 2.7.3 Services Denying 22 2.7.4 Information Faking 22 2.8 Common Security Principals in E-government 23 2.9 Procedure of Risk Analysis in E-government 25 2.9.1 Risk Identifying 25 2.9.2 Risk Analysis 26 2.9.3 Risk Controlling 29 2.10 Model of E-government Service Security 30 2.10.1 User Environment of E-government 32 2.10.1.1 Identity Management System 33 2.10.1.2 Access Management Systems 33 2.10.1.3 Interaction Management System 34 2.10.2 Transport Environment of E-government 37 2.10.3 ICT Assets Environments 38 2.11 E-government Security Management Framework 40 ix 2.12 Threats to E-government Services and Clients 2.12.1 E-government Service Assets 43 2.12.2 Internal Sources of Threat 44 2.12.3 External Sources of Threat 45 2.13 Service Security Environment of E-government 46 2.13.1 Environment Assumptions 46 2.13.2 Domain Model 46 2.13.3 External Security Policy Framework 47 2.14 Tools of Maintaining Information Security in Egovernment 2.14 1 Steganography 2.14.2 Steganalysis 2.15 Risk Factors of E-government 47 49 51 51 2.15.1 External & Internal barrier of E-government Implementation 2.15.2 Budget Barrier 53 2.15.3 Common Technical Frameworks and Infrastructure 54 2.15.4 Digital Divided 54 2.15.5 Privacy and Security Concerns 55 2.15.6 Rapid Technology Change 55 2.15.7 Citizen Expectation and Seamless Services 55 2.16 Discussions 2.16.1 Implementations of E-government 3 42 52 56 56 2.17 Chapter Summary 57 RESEARCH METHODOLOGY 58 3.1 Introduction 58 3.2 Research Strategy 59 3.2.1 Qualitative Research 59 3.3 Operational Framework 60 3.4 Data Collection 65 3.4.1 Primary Data 65 3.4.2 Secondary Data 66 3.5 Sampling and Respondents 66 x 3.6 Data Analysis 67 3.7 Project Validity and Reliability 67 3.7.1 Reliability 4 3.8 Project Schedule 68 3.9 Chapter Summary 69 DATA COLLECTION DATA ANALYSIS 70 4.1. Introduction 70 4.2. Survey Analysis 71 4.2.1. Survey Findings 5 6 68 72 4.3. Respondent’s Profile 73 4.4. Identifying Risk and Importance in E-government Security 75 4.5. Recommendation on E-government Service Security 83 4.6 Chapter Summary 85 E-GOVERNMENT SERVICE SECURITY MODEL FOR NUSAJAYA ICT CENTRE 86 5.1 Introduction 86 5.2 Analysis of Existing Model and Framework of Egovernment Security 5.3. Derivation of Proposed Model 87 90 5.4. The Proposed Model 91 5.4.1 E-government Users 92 5.4.2 Process 93 5.4.3 Technology 94 5.4.4 Security Components 94 5.4.5 E-government Application Services 97 5.5. User Acceptance Test of the Proposed Model 99 5.6. Chapter Summary 103 DISCUSSION AND CONCLUSION 104 6.1 Introduction 104 6.2 Achievements 105 6.3 Recommendation of How to Use the Proposed Model 106 xi 6.4 Constraints and Challenges 106 6.5 Aspirations 107 6.6 Chapter Summary 108 REFERANCES 109 APPENDIX A 112 APPENDIX B 113 APPENDIX C 121 xii LIST OF TABLES TABLE TITLE PAGE Table 2.1: Possible Threat Sources 27 Table 2.2: Definition of Risk Probability 29 Table 2.3: Description of the Model 32 Table 2.4: User Management Components 35 Table 2.5: Secure Communication System 38 Table 2.6: ICT Component Management 39 Table 2.7: Security Management Framework 41 Table 3.1: Details of Operational Framework 62 Table 4.1: Gender Profile 72 Table 4.2: Risk on E-government Services Delivery 76 Table 4.3: Cyber Crimes Against Assets 77 Table 4.4: Cyber crimes against government assets and states 78 Table 4.5: Security Components Appropriate of E-government Service 79 Table 4.6: Security Technology in E-government 80 Table 4.7: Security Components and Activities 81 Table 4.8: Methods of Securing E-government website 82 Table 5.1: Analysis of Existing Model in E-government Service Security 88 Table 5.2: Users Required Process 93 Table 5.3: Security Components 94 Table 5.4: ICT Security Components 96 Table 5.5: Current E-government Applications 98 Table 5.6: Verifying the Completeness of the Model 100 Table 5.7: Verifying the Consistency of the Proposed Model 101 Table 5.8: Benefits of the Proposed Model for Nusajaya ICT Centre 102 xiii LISTE OF FIGURES FIGURE NO LIST OF FIGURES PAGE Figure 2.1: E-government Implementations 10 Figure 2.2: E-government Security Model 31 Figure 2.3: Framework of Security Management 40 Figure 3.1: Project Operational Framework 61 Figure 4.1: Gender Profile 73 Figure 4.2: Respondents Age 73 Figure 4.3: Respondent’s Usage of e-Government Service 75 Figure 4.4: Utilization of E-government Security Technology 83 Figure 4.5: Any Related Security Technology E-government Service 84 Figure 5.1: Proposed Model of e-Government Service Security 92 Figure 5.2: Verifying the Completeness of the Model 100 Figure 5.3: Verifying the Consistency of the Proposed Model for Nusajaya 101 centre Figure 5.4: The benefits of the Proposed Model Nusajaya ICT Centre 102 xiv APPENDIX TITLE PAGE Appendix A Gantt chart 112 Appendix B Sample of Survey 113 Appendix C Sample of Questionnaires for User Acceptance Test 121 CHAPTER 1 RESEARCH OVERVIEW 1.1 Introduction The implementation of e-government service security framework is considered as one of the most important elements of government policy. It is designed with an aim of protection mechanisms for the government transactions over the Information Communication Technology (ICT). For several decades, governments have increased their level of protection for enhancement of efficiency and effectiveness on the functions. Therefore, security is still the key demand with high expectations of government to promote their defense systems to both internal and external threats in near future. The major goal of security in e-government is to minimize the risks associated with the government transactions that based on electronically networking. 2 The measurement for security risk management in e-government includes: risk highlighting, risk analyzing and risk controlling that included in the popularity of computer network technology. Eventually, there are no specific rules for e-government risk management, but it’s required an initial scan and detect on both internal and external environment of egovernment systems that include a further checking on the weakness of the system. Apparently, that follows a complete analysis of e-government security risk and then relevant security plan and measurements. Following that, tracking and monitor those predefined plan for the initial implementation stage will be added as in important task and finally adjustment on the risk management that involved any time based on environment changes and draw advance disaster recovery plan. Considering the essence of e-government security, it is therefore urgent to dispose on whole effective and purpose countermeasures which is to minimize the potential risk and security bugs. 1.2 Background of the Study E-government security provides benefits to the citizens and to public administrators at a number of levels. At its most basic level, e-government can connect modern technologies to enable the departments achieve efficiency. One of the most important issues that need to be addressed in e-government technology is to apply security measures which are mainly to increase the government productivity, accuracy, privacy and efficiency in business administrative operations. To achieve the overall mission, set security measure and defense to protect the e-government activities is crucially needed. It is mainly because, government’s assets are easy transferred by hackers, networking intrusions and viruses and also any possible threats that may have likely to happen. So, security measures are aimed to deliver 3 government services in electronic version safely. To support the purpose of the research, numerous studies on the effects of risk in e-government have been published. Studies showed that the number of risks associates the e-government are highly increasing every year, due to the inadequate security measures. There are scopes for even greater efficiencies in the future through greater sharing of processes within and between departments. Of all the security methods and issue that are common in e-commerce is understood can also be used to egovernment risk management subject, but e-government is different because it has direct network access to each other that is much better than business networks because most of them are linked for passing, transferring and sharing information. Moreover, business network accesses are competitors where they don’t allow their sensitive information to be shared publicity. The importance of e-government is to use electronic information technology to break boundary of government administrative organization to have virtual electronic government security (Kaur, 2003). Accesses have been government’s main target for the people towards information and service communication and delivery to each other through different kind of electronic media of both internal and external government organizations. However, there are still many problems in e-government services exposed to the spread of computer network technology and information sharing. Due to that problem, security became an important factor as result of fast development and egovernment systems. 4 1.3 Problem Statement In the e-government security development, which is mainly based on internet faces constant security problem due the complicated and vulnerability of the network. It is the complete invalidation of the network and server systems of increasing or growing risk. Its often comes from attacks of the hackers, viruses, stealing and manmade destruction of the device. Nusajaya ICT department has experienced a dramatic risk growth in egovernment fields which became the key issues of the government security committees. E-government related risks are happening all the time and some cases are receiving significant publicity. The range of incidents varies in greatly and can include events such as network intrusion, viruses, and denial of services or identity thefts. Given the situations, it’s the suitable period that the associated with governments, to take serious efforts in studying the possible dangers of risks in egovernments that may arises in the form of this useful technology. Many developed nations have not only invested into research programs to study the effects of risk in e-governments but also shared with public on the research findings on how the risks can affect the electronic governments operations in general. E-government services face a lot of security problem such as: identity theft, hacking and denial of service. These aspects are related with e-government users, or invader who steals the information from the government or other users. So, protecting the citizen’s privacy, security and giving them assurance that their information will be violated or changed became the important aspect of service success. It is to avoid the mass retention of e-service user of e-government. 5 Apart from the studies conducted on the short term effects of the e-government risk security, there is a growing need to determine direct security association of government operations. Recently, investigation done showed that the issues on security risk is increasing more and more, where unauthorized user are keen to steal the properties of the government. Hence, e-government security became a strategic approach to protect both internal and external threats. 1.4 Objectives of the Study In order to achieve the objectives of the research, researcher has listed here below: i. To study the e-Government risks and threats. ii. To identify e-government security dimensions and methods that can be managed in e-government services. iii. To propose an effective e-Government service security model in order to improve security measures. 1.5 Research Questions The research questions are: i. What is the security issue in e-government service elements? ii. What are the elements of risk analysis? iii. How risk and threats can be minimized in e-government services? 6 1.6 Importance of the Study Due to the problems that dwell with the increases for e-government service both internal and external activities in Nusajaya ICT, this study expresses risk of egovernment services and security methods that is used today. The e-government security service is a process of measuring security to e-government service and keeps track on user’s demand and government online performance. Findings of this study will help both authority and customers to identify egovernment risk and source of threats and notices e-government security risk so that user and authority may have experience to investigate publicly and raise public level awareness and more extensive studies have be planned in the near future. 1.7 Scope of the Study In order to achieve the scope of the study, researcher has selected sample of respondents. The respondent of this research study will be the technical staffs in Nusajaya, in ICT department in Johor Bahru who has basic and wide knowledge and background of e-government service will be respectively selected. This study is believed will improve the existing securities of e-government accessibility including delivery of e-government services to its end users. 7 1.8 Chapter Summary This chapter provides a brief description about e-government security and risk associated with e-government systems. The researcher has strived hard to understand the problems and risks on security measurements in the e-governments service systems. The problem statement gives clear guidelines for identifying the research questions and research objectives, altogether drawn the scope of the research and finally the importance of the study was briefly discussed. CHAPTER II LITERATURE REVIEW 2.1 Introduction This chapter covers on the areas that define the e-government risk security philosophy and analyses on risks associates with e-governments. The most important parts of this chapter is on security of e-government service, types of threats of egovernments, characteristic of risk, regarded to e-government service and challenges of e-governments services and then analyzes the best approach of e-governments risk security measures which provides government to handle their service to customers, citizens, government and businesses. A collection from various resources is done by doing on literature reviews such as books, journals, conferences, research reports and thesis, the internet and so on. 9 2.2 E-government Implementations E-government is the basic element of modernization and transformation of government in to technology. It provides common framework and direct across both public and private sector to increase and enhance the collaboration with and among public sector, organizations, between government institution and business community and between government to citizens that serve and helps in implementation government police. It also defines different way to come up with new skill that is needed by public servant to recognize the new opportunity given by the ICT advancement such as internet, online access services. Likewise, different combination of use of ICT, specially online, internet access and the support of way of thinking and working public and private administration, both together with the increase of information shared, interactive accessible over different channels is the basis of e-government pass on to the access of by the government departments of Technology usage (Internet, web browser, mobile technology) that have potential to change relation with customer, citizens, business organizations and other arms of the government( Patricia J. Parcual,2003). Similarly, technology can supply variety of technology ends, giving high quality of information delivery of government service to end users, improving and upgrading interaction with trade partner and industry, citizen freedom through the accessibility of information more well-organized administration management. These benefits can be less corrupted, increase effectiveness, precision, great convenience, revenue growth and/or cost reduction. Previously, the communication between citizens or business and government agency was limited and usually takes place in government office. With the advancement of the technology and emerging information communication, it’s now probably to locate service center very close to the client. Such centers may be consisting of unattended cabin in government agency. Service window located to the client or use of personal computer in their homes or office without requiring presence in the office. 10 In general, analogous of e-government, which permits business partner to interact with each other more capably (B2B) and carry client be close to the trade (B2C) government purposes to make interaction between the government and its citizens for direct communication. (G2C) government and business companies (G2B) and inter-agency relationship (G2G) acts more friendly, convenient, transparent and inexpensive Figure 2.1 shows e-government implementation system. Government E-government Citizens G2G Business G2C G2B G2C Figure 2.1: E-government Implementations (Source: Patricia, 2003) There are some special types of service delivered through e-government according to the theory of Patricia (2003) as she categorized e-government service into four main types: Government-to-Citizens (G2C), Government-to-Business (G2B), Government-to-Employee (G2E), and Government-to-Government (G2G). i. G2C: information regard to the community, basic and normal citizens such as paying taxes, request birth/death/ certificates, death papers, license renewal, 11 and citizens’ assistance for such basic service, health care system hospitals, inquires, libraries, education. ii. G2B: transactions includes different service exchange among the government agencies and business partners, including distribution of policy, memos, set of laws and regulations, business offered includes getting current information and downloading application forms, renewal of contracts, registering business, getting allows and payment of taxes, these service offered by G2B transaction also helps big business growth, more particularly the development of all companies. Facilitating application actions that will helps the approval of the process SME request would be support to commerce improvement. iii. G2E: mainly covers G2C services and specialized services that related to government staffs, such as staff training programs and development, which aimed to improve the system of controlling and managing daily basis jobs and dealing with citizens. iv. G2G: services that involves between local and the international level. G2G services are the interaction or transaction among state level and local level government department and among the departmental level of functions and close related centers or bureau. Likewise, G2G is used to for maintaining international relationship with other government in diplomacy way. 2.3 Value of E-governments Initiative According to Mitchell E.Danail (2002), e-governments provide various opportunities to enhance the service quality to the citizen. People obtain information in lesser time, versus today’s stander of the days or weeks. Citizens, business domestic/ state government require a report file without calling or hire accountant or lawyers, government employee can do their daily basis job effortlessly well and successfully compared to their friends in other parts of the world. 12 A useful plan will improve the federal government on: i. Easy delivery of services to the citizens and simplifying the online service. ii. Dividing levels of government administrations to different sectors. iii. Enabling services for citizens, business e-government and government levels, federal employee to share and find information from the federal government. iv. Enhancing achievement to the elements of the president’s agenda on federal government. v. Rapid responds from government to the citizen’s needs and operation guaranteed service. vi. Citizen: Government to Citizens (G2C) is an easy way to built highly reliable communication which gives citizens an access with high quality government services. vii. Business: Government to Business (G2B): decrees government weight and heavy business by removing repeated data collection and better control ebusiness technology for communications. viii. Between governments: Government-to Government(G2G) is a process of easier transactions for state and domestic to meet report and participates as full co-partner with government in citizens service as it generally will enables better performance measurement. 2.4 Benefits of E-government Initiative J Pascual, P. (2003) has categorized e-government into to five broad areas for goals of commonly pursued service success: i. To create better and efficient business environment. ii. To get customer online service. iii. To strengthen and make stronger government broaden public participation. iv. To enhance productivity, transparency of government agencies. 13 v. To improved and upgrade the quality of life stander of the communities. E-government can be defined as accomplishment of wide social purpose, purpose that has moved ahead of mere competence, transparency of government reform and development process. The overall goals of above mention tips are not any particular order of importance, every country has to set and determine its main priority in e-government depends on environmental basis, due the difficulty economic times have led to significant government budget overruns. Local and State government of US have had substantial budget shortfall in the past years and the trend are expected to continues for the fiscal year (2004) budget short fall all US. According to National Governor Association Report (2003) states may extend to YS$80 Million. In fiscal year survey in 2002 stated, as the state still struggling to balance the budget, the solution currently available is them are to increase the dire, and some of the most tough fiscal decision have made it yet. The USA budget crisis has seeped and losing to crash local government, when the National League of Citizens (NLC) Survey 145 cities in April, 2003 out of 100 75% reported and said that there were less able to meet their financial need in 2002harshly. Up from the 55% responded to the question in NLC’s 2002 Survey in 2003, 74% of the Survey respondent estimated being able to meet their financial needs in the cities, where 54% percent predicted even weaker local economies. According to Kertesz (2003) improving and upgrading both operational and effectiveness of the organizational correspond to primary objective for many governments whom trying to stabilize their financial pressures. Nevertheless, many investment options still on exist - too many that selected among them is a complicated task, choosing the right option mainly depends on realizing which initiative best meets the key stakeholder 25 needs, precisely predicting outcomes and benefits, and perhaps most significantly how to be careful manage the implementation to achieve the desired return of the investment. 14 According to Robert H Smith, Scholl of Business, University of Maryland, a study conducted by Gresham and Andrulis (2002) to better understanding the relationship between for both government and operational efficiency benefits or IBM. Total of 412 US Public agency professionals (both primary state and local government agent participated survey being conducted in Web based survey and rated a range of initiative on operational and efficiency organizational effectiveness. in addition, Interview of decision makers. On behalf on business and technology leaders of government institutions, such as social, public safety and taxes, and egovernment. The survey resulted that the research particularly evaluates the objectives of eleven common government initiatives. Finally, the study found that state and local government are building important investment but their results are not satisfying up the expectation. With no end sight to financial obstacles, this is a constant need to optimize on investment of every initiative. The full prospective of government will not achieved yet realized until both business process and cultural changes with alignment of technology implementations. Planning for complete transformation that gets rid of organizational process and technology barrier could be ways to enhance major important payoff. 2.5 Challenges of E-government According to Jennifer O'Neill (2000), there are different challenges in hider in the success deployment of e-government in any country. The following are the major issues while considering about e-government challenges. 15 2.5.1 Access Issues This provides direct access of your information, as it may need e conversion in to digital form on ensuring your security and the privacy issue to protect your citizen’s privacy is by measuring complete private security for all e-government information system. 2.5.2 Technical Issues Integral Legacy System, old computer systems need to be integrated in to newer internet based platform. This conversion may waste of time and costly and will need technical experts. By changing new technology and maintenance in this part will need to keep updated on current technology trend. 2.5.3 Human Factors On measuring citizen’s satisfaction, it is a compulsory element to ensure that the application developed is based on satisfaction level. Besides that, changes on current technology toward the future advancement also may cause dissatisfaction. Hence, it’s important for the government to look closer to enhance solution. 16 2.5.4 Service Delivery Issues Financial transaction are particularly tough issues and many people aware of provided that credit cards information through the internet you want to get the trust of your customers which can be done by ensuring sufficient protection of egovernment transaction. The service Delivery issues are aimed to increase the efficiency, effectiveness and accountability of government departments. Technological advancement has placed both producer and distributor under increasing pressure to introduce new service delivery to: i. Enhance customer choice ii. Improve service efficiency and quality, and iii. Ensure that the government is operating effectively, efficiently and transparently. 2.5.5 Delivery Integrated Services A well know Delivery Integrated Service (DIS), is a service that has been integrated between department and state level agency which has been initiated to be integrated in government services of value of services integrated. 17 2.5.6 Resource Issues Human resource availability is part of any e-government implementation, staff whom should get adequate training and knowledge retooling skills, if the staffs are lack of training on the new technology, where there is a need to hire IT professional staff to train the current staffs and built their knowledge of the new technology. 2.5.7 Other Issues Government officials are concerning about suggestion of e-government and government often makes important changes of the organization. Some of egovernment changes are licenses and permits which are seem to become increasingly important in the country or state government. These centralize challenges traditional role of and may change role of local government officials. There are concerns of egovernment may have influence job that local government official need reduce the staff job reformation (loss of bookkeeping staff, and getting IT staff) or retrain current staff. 18 2.6 Security of E-government Service Security in government isn’t a new theory, because the ancient times, politician government officials and military leaders had tried their best to measure protection mechanism for important information from an authorized, unintentional loss, deletion, denial of service and misuse (Tessabehji, 2005). Information systems are the basis of e-government are called social-technical infrastructure that many people trusts. This is generally fact and true in terms of security structure, where people interaction causes have always been foremost part in numerous security failures (Werich and Sasse, 2002). Such best way to measure security management requires holistic organizational advancement with incorporates companies’ business process and controls policies, business government, human resource management and training, and organizational traditional approaches and technological infrastructure (Higgins, 1999; Tassabehji, 2005). Along with security methods of users privacy information or citizen is the primary security measures (Patton and Josang 2004) which is recognized in ecommerce as a main challenge in the growth and adoption of e-business (Tassabehji, 2005); Yousafzia, (2005) .Nevertheless, in e-government issues and methods of security measurement are highly important compared to e-commerce because egovernment is held to superior standard than the commercial companies, because of the pure scale of operation. 19 2.6.1 E-Government Security: a Citizen’s Perspective When assessing the core understanding in e-government from the angle of the citizens, the common subject is their understanding of e-government security methods. In particularly, confidence founded to play impact to the users implementation, transparency and effectiveness and achievement of e-government (Patton and Josang, 2004). Similarly, that contributed to significance of citizens’ reliance and recognizing through the connections among the loom growth on egovernment approval in general (Mercuri, 2005) and lack of confident by the citizens proves that confidence is always an issue to determine and assess of user awareness in the superiority of e-government service delivered in the Web as in case of Videgen’s (2004) on the E-Qual model. Gilbert et al (2004) suggested rising user confidence and civic connection should be planned purpose of e-government as resources of including all people and process, they require be prepared so as this to happened, there should be desires and deep and down understanding of trust. 2.6.2 The Government’s Perspective The barrier of implementation is the major complexity of the government agencies and departments in monitoring security issues. Poor IT infrastructure and human resource obstacles such as lack of professional and unskilled staffs, lack of budgeting and unwillingness and fright of sharing information, sources between the department and organizations (Clark, 2003; Norris and Moon, 2005; OECD, 2003; Rohelnder and Jupp, 2004; Shetty, 2004; Swartz, 2004) are some of the reported obstacles. Another study complemented the barriers are done by O’Harr (2004) where he stated that the main driver is to show approach to enhance client satisfaction with online government service where client has asked to get better service in statement released . The studies resulted that more than 92% government 20 executive that had responded on rate of great service, as business essential for egovernment was to reform how government department functioning within with citizens. 2.6.3 Constituents of Trust in E-government The major concern regarding user trust on e-government service as veritable assurance: the security and privacy of information being delivered to government system is preserved. The online interaction including, financial and other important communication are protected, e-government is highly consistent and deliver information and their assurance and always meet user expectation, user involvement in e-government will be confidential and no interruption by government. 2.6.4 Domain of Trust in E-government According to Chopra Wallace (2003) on theory of domain trust in egovernment, confidence in the background of electronic environments needed to be considered. Four main domain of electronic environment in which confidence is observed: i. Information: stored information in website or database, or any electronic device should be truthful and reliable. ii. IS (Information System): the scientific infrastructure is reliable and constant. 21 iii. E-commerce: agent or business partner whom we exchange, transacted electronically are consistent, more secure, and offer guarded mechanism against swindle and elicit access that have been measured to keep privacy and security of the users interaction via one to one mode, inter-department and government institutions and citizen. iv. On-line relationships: the users are creating relationship with online through electronically community, social media, and chatting, discussion, e-learning are not aimed with any kind of misbehavior, abusive, and whether user are responsible identity fraud. 2.7 Importance of Security in E-government According to Zhang Chongbin (2002) e-government service faces a lot of security problem, including, the following aspects, these aspect are related with egovernment users, or invader who steals the information from the government or other users, so protecting the citizen’s privacy, security. Some of these problems are described below. 2.7.1 Information Intercepting Information intercepting is process of theft information from the users and government or any other. Hacker can do this kind of intercepting to make fraud of egovernment systems. 22 2.7.2 Information Tampering Information Tampering which regards to the internet interfere by add, modify or erase original data in the course of different technical issues, and pass to the destinations in order to damage the essential of data. The malicious user can find or navigate the date base and retrieve and modify the content. 2.7.3 Services Denying Denial of service is a method of trying to make the computer resource busy, meaning that hacker will send more date packet to the system to get stack and jam, the server of the computer will stop and service will be unavailable. Its mainly comes from the attacker or viruses or artificial destruction of the devices. 2.7.4 Information Faking Meaning that after attacker recognizes the regulations of the networking system information or else they have interpret to the sensitive information allows them to act as an authorized user or build fake information to deceive other. This technique is used to obtain unlawful certifications or to make faking emails. 23 E-government is the successful revolution of information system technology to support operations connects citizens, and supply government services. In order to provide high secured, responsive and economical access to government service for citizens, security became the key ambition businesses and trusted partners, for the recent years, security has evolved from technology issues in electronic government, government sectors affected every day by security related incidents such as network intrusion, viruses or denial of services attacks, some of the these accidents have been reported but many problems not. 2.8 Common Security Principals of E-government E-government became gradually more reliant on technology and internet to the point where activities performs online system. Therefore, security plays a significant role of e-government for defending from an authorized user, unintentional loss, destructions, leak, modifications, and misuses or accesses both. This is principally right in terms of security, where people have involved a main part in numerous security breakdowns (Weirich and Sasse, 2002). The most excellent method of security management and control takes holistic organizational approaches which incorporates an e-government process, manages and policies, business governance; human resource management and training. The primary selection for assessing security measures in e-government are mainly based on the general security values which are: Confidentiality Privacy, Accessibility: total protection mechanism that protect information of users as it promises greater satisfaction. Integrity: In e-government security integrity described as data that can’t be update, modified without permissible. 24 Accountability/Non-repudiation: Making sure that when data is send to a receiver neither beneficiary nor sender can reject having received or sent the data. The non repudiation involves one purpose to perform their obligations to contract, it’s also mean that only of transactions cannot deny having received transaction or can the other party refuse having send a transactions. Authentication: Authentication is the technique in which the electronic identity of a user is emphasis to, and legalize by, an information method for an accurate occasion via a permit issued following a registration process. It possibly will also engage establishing that the user is the true owner of that credential, by means of a password or biometric. Trust: the major perception about trust of e-government is about terms of real assurances of privacy of information’s being passed to the government system is preserved; online communications together with economic and other dealings are extremely protected for e-governments services are dependable carry what the promises and rally up citizens hope and citizens joining in e-governments will face any interruption by governments. 25 2.9 Procedure of Risk Analysis in E-government According to Zhang Chongbin (2002) risk analysis refers as method of identifying risks, analyzing risks, and making up risk managing plans. The measures of security risk analysis of electronic government are mainly includes three stepladders: risk identifying, risk analyzing, and risk controlling. 2.9.1 Risk identifying Security necessities to electronic government are established by the system assessment of risks. Risk indentifying is initial footstep of risk managing plane so as allege the security risk of e-government. Risk detection normally related or gathering different significant threats, risk problems and their related countermeasure and then acknowledge some feasible risk and threat of electronic government system. Commonly there are a lot of various kind of ways to categorize risk, the overall purpose of e-government identification is to be known with risk existing network environment in information exchange one. One main crisis ought to be addressed is risk recognition or identification cannot applied for all the electronic government system risk. Risk identification could only locate previously known risk which is based on unknown risk. We used risk analysis and risk managing to handle and reduce the most unknown risk. 26 2.9.2 Risk Analysis Risk analysis through different kind of qualitative analysis, evaluate and so on is to determine the importance for every aspect of e-government risk, first we categorize the factor and assess every highly possible result to the every government risks and threats which initiate accidently by the threat source or the attacker bother the vulnerability of the system deliberately. So the procedure of the risk, we have to notice and explain where the threat is coming from or, threat source became and could be only thing including environments, people and nature and so on, which damage the system encounters always related its geographical locations, depends on location wise, however, threat source from citizens have may possibly no purpose on target. To recognize threats of the system, we may be able to use several ways such brainwashing in Delphi and scenarios analysis. Some of the examples are shown Table 2.1. 27 Table 2.1 Possible Threat Sources (Zhang Chongbin 2002) Threats Possible Sources Intentional Threats Terrorist Criminals Hackers Cyber internet attack Viruses Fraud Theft of resources Denial of service Mis operational from system users Unintentional Threats. Mis-operational from Administrators and protectors. system Earth Quick, Electricity shock Floods Natural Threats Thunder and lighting We can extract information about vulnerabilities throughout investigation, staff investigation system and networking scanning, testing related with document analysis. If the system is under design or already being implemented, we have to analyze some particular information such as designing document, if the computer is in accessing, we are required to make more analysis, such as information system security function, genuine effect security control, etc. 28 Finally, propose of risk analysis is to evaluate risk probability factor that has influence risks including awareness of actors of the threats system vulnerability and consequence of associated security actions. Evaluating risk possibility is path way with extremely tough subjectivity as there may possibly be some previous report in story regarding to neutral threats occurred but those pass report be capable of helping to analyze the possibility and probability that natural threat occurred and we are not aware of the previous report and past information about scientific/ technical and operational threat that mainly from the public so as to assess risk possibility. We may be able to utilize and apply analogy their practiced experience on the field, we can have here proposed methods of risk probability are categorized based on rank, high, medium and low. Table 2.3 explains the definitions of risk possibility. 29 Table 2.3 Definitions of Risk Probability (Zhang Chongbin 2002) Probability Description High Threat source have high incentive and capability, security actions are unacceptable. Medium Threat source have some incentive and capability, but security resolve have effect; or threat source does not have inspiration; or it does not have Clear ability. Low Threat source is with out of motivation and capability, security actions can maintain vulnerability. 2.9.3 Risk Controlling Risk controlling has been selected widely to minimize, ensure risks egovernment for acceptable level. Risk controlling is the most appropriate footstep in risk management planes. It’s also the fundamental base to verify whether the risk analysis has been achieved or not. The objective of maintaining e-government safety risk control is to decrease risk level and measure with electronic government project suffering. Commonly, there are two broad of risk controlling technique and primary are risk controlling measure, including risk falling, avoiding, or transmitting and fatalities managing. We regularly apply risk passing and losses managing in electronic government security management. Second some types are measures 30 financial support for risk reimbursement that includes ensuring, or assuming by one self in e-government security management, manager require to choose which measure to select appropriate assuring or taking risk of their own. Additionally, to formulate a suitable choice, one must catch risk coast into consideration. We be able to also disregard other effects such as government performance and reputation, one of the most useful and possible risk controlling methods for e-government security is to set all security plane to minimize risk, mastering some crucial knowledge for security assurance and became to prepare solution that electronic government adopt when specific security accident occurred. 2.10 Model of E-government Service Security According to J.Satyanarayana (2004) security of e-government systems has to be managed systematical and continuously. It has to be created necessary level of confidence and trust among the stake holder, citizens, business, and government. It must be also stander of security practices and implement in e-government. These securities model mainly consist of three different areas and each of them is subjected to various types of threats and for each area requires security measures: User Environment, Transport Environment and the ICT Assets Environment. Figure 2.2 shows the model. 31 Figure 2.2 E-governnment Service Security Model (Source: J.Satyyanarayana, 2004) 32 Table 2.3 Description of Model (J.Satyanarayana, 2004) Environments Management Management tools 1. User Environment Identity Management x Passwords x Internal User Access Management x Digital identity tokens x External User Interaction Management x Access Control Lists(ACL) 2. Transport Environment x With LAN, WAN x Over the Internet Security Communication x PKI x Biometrics x Government secure System Internet x Virtual private networks x Government Secure Internet(GSI) 3. ICT Assets Environment Cryptography Systems x Encryption Physical Security x Firewalls Electronic Security x Anti-virus systems x Tangible assets x Disaster recovery site x Intangible assets x Server and work station security. 2.10.1 User Environment of e-Government The user environment of e-government is mainly focuses on internal and external user who has had great impact of accessing e-government services, so we need to identify who is user of e-government. In user environment we have two 33 broad users internal and external, there for to manage and security the users environment, there are three type of user management categorizes. 2.10.1.1 Identity Management System The purposes of identity Management system is to: i. Create Unique Digital identity and credential to all legal persons and citizens, identifying them base on reference name, date of birth. ii. Create directory with link to the digital identity and provides for their accessibility to who want to communicate with it. Examples are User name and password. iii. Set up ICT system which ensures the digital identity more secure. 2.10.1.2 Access Management Systems Access Management system is serving the followings: i. To gain access to the departmental, a registration that involves verifications of identity and attributes related to user. ii. It authorizes the user to perform only those tasks and transaction that are predefined as per the privilege granted by the system administrations. iii. It also maintains intelligence with users as an authorized access. 34 2.10.1.3 Interaction Management System The objective of interaction management system is by the far the most comprehensive, it includes access assurance of complete security which are a way to measuring high security elements: i. Authentication: the procedure of creating the legality .Verification approach includes: user name and password; biometrics; digital certificates (PKI, smart cards). ii. Access Control (or authorization): the method of preventive users’ admittance to resources and data. iii. Confidentiality: ensuring that information is not accessed by an Authorized user. iv. Accounting: the practice of creating a pathway for a user's action while using the resource, services or the network resources. v. User management: the process of activating and de-activating users’ identities and access permissions. Some of user management components have been shown in Table 2.4. 35 Table 2.4 User Management Component (J.Satyanarayana, 2004) Users Management Components in Descriptions E-government Password Password a casual string of typescript select by a user or {system administrator} and used to validate the user when he tries to log on, in order to prevent unauthorized access to his account. Digital Identity The electronic symbol of a real-world entity. The word is typically taken to mean the online equal of an individual human being, which participates in electronic communication on behalf of the individual in question form. Access Control List Access Control is The electronic symbol of a real-world thing. The expression is regularly in use to mean the online matching of an individual human being, which participates in electronic transactions on behalf of the person in question. 36 PIK Public key infrastructure: (PKI) is more advance system that gives users of a essentially unsecure public network, such as the Internet to securely and privately exchange data and through the use of a public and a private cryptographic key pair that is obtained and shared through a trusted authority. The infrastructure public gives certificate that for a key digital can recognize an individual or an organization and directory services that can store and, when necessary. Biometric devices Biometric is popular machine used to hold process for exclusively recognizing individual based leading one or more inherent physical or behavioral character These features are captured at the time of registration, converted in to a code using certain algorithms and stored for relationship at the time of verification in information technology; in particular, biometrics is used as a figure of identifying right to use management and access control. 37 2.10.2 Transport Environment of E-government Transport e-environment is often provides common security services to the clients’ confidentiality, integrity and privacy of the particular information for the time of security points. The administrator has very limited control in physical and electronically. According to J.Satyanarayana (2004) transport environment mainly consist of LAN, WAN, WIRLESS, VSAT beside Internet. These are very important aspects for the transport environment. Protecting the environment that covers all the mentioned components, the following security measures are identified: i. (VPN) Virtual Private Network is process of setting up information system network that is implemented in a supplementary logical layer (cover) on top of an accessible network. It has the function of making a private capacity of computer communications or giving a secure extension of a private network into an insecure network such as the Internet. ii. Firewall is also another element of a supercomputer system and system which is intended to bane illegal use while authorizing allowed connections for egovernment services. It is a machine or set of devices intended to authorize, refuse, encrypt, decrypt, or proxy all (in and out) system traffic among diverse security domains support with set of policy and other criteria. Firewalls can be applied in either hardware or software, or a grouping of both. Firewalls are habitually used to stop illegal Internet users from using private networks linked to the Internet, particularly intranets. All messages passing in or leaving the intranet pass through the firewall, which examines each message and blocks those that do not meet the specified security criteria. iii. Encrypting Date: is improvement of changing information (known to as plaintext) via an algorithm (called cipher) to create un unreadable formate to anyone apart from who those have special familiarity, frequently referred to as a key. The result of the method is encrypted information (in cryptography, referred to as ciphertexta. A lot of contexts, the statement encryption also completely 38 tells to the reverse process, decryption (e.g. “software for encryption” can naturally also carry out decryption), to make the encrypted information readable again (i.e. to make it an encrypted). Some of security components in transport Table 2.5 explain on Secure Communication System. Table 2.5 Secure Communication System (J.Satyanarayana, 2004) Security components of Descriptions Transport Environment Government Secure Intranet Network is organizations enables to electronically and connected communicate securely, its intended to use and have an access only the government departments for security issue. Virtual; private network (VPN) is used a public communication, such as internet, to give an access remote centers, offices with highly secure access to their organization’s network, it provide good communication with no interruption. 2.10.3 ICT Assets Environments In general, ICT assets are the most important and key sensitive when it comes for e-government assets including, hardware, software, database and knowledge. 39 These all assets are required security treatment. So, to measure their security there are two types of security: physical and electronically. To secure ICT assets it requires a number of securities for further protecting the internet worm accidents, electrical shocks, network intrusions, disasters and etc. There are the security management components. Table 2.6 shows some of ICT components. Table 2.6 ICT Components Management (J.Satyanarayana, 2004) Security Descriptions Management Components of ICT Assets Firewall Firewall is component of computer system intended to ban an authorized access, it can only allows those who have permission to access the communication. Ant viruses System Computer software that is designed to tope, detect and remove any harmful viruses which including attacks computer you system, viruses, worms, trojan.etc. Disaster Recovery Sites DRS is special system and plan that is aimed to make a copy for the information system operation after an accidents, or natural disaster happened, such as Power off, fire and earth quick, it includes, back up planes, restarting new system for another locations. Server and Work station Security Work station is PC that is controlling and observation software, that stops defenseless, endpoint accessing your sharing I/S or even you’re PC .vulnerable endpoints accessing your shared network or you personal computers, suitable for monitoring staff in your workplace. 40 2.11 E-government Security Management Framwork Security management is definitely broad field of management related with asset in e-government services and systems. There are enabling technologies that help e-government to be protected and secured. Security management is also set of function that protects communication network and system from an authorized access acts, or influences and that includes many sub functions, such as creating, deleting, and controlling security services and mechanisms; Australian Government, the Department of Finance provides framework that illustrates how these different technologies work together. Figure 2.3 shows Security Management technologies. Figure 2.3: A Framework for e-Government Security Management (AGDS, 2009) 41 Table 2.7 Security Management Framework (AGDS, 2009) Service Component Defines the set of capabilities that Identification and Authentication Support obtaining information about those parties attempting to log on to a system or application for security purposes and the validation of those users. Access Control Support the management of permissions for logging onto a computer, application, service or network; management includes and user role/privilege management. Cryptography Support the use and management of ciphers, including decryption encryption processes, to and ensure confidentiality and integrity of data. Digital Signature Management Support the use and management of electronic signatures to support authentication and data integrity; includes Public Key Infrastructure (PKI). Intrusion Prevention Include penetration testing and other measures to prevent unauthorised access to a government information system. Intrusion Detection Support the detection of unauthorised access to a government information system. Incident Response Provide active response and remediation to a security incident that has allowed unauthorised access to a government information system. 42 Audit Trail Capture and Analysis Support the identification and monitoring of activities within an application, system, or network. Certification and Accreditation Support the certification and accreditation of Australian Government information systems. ISM Management and Reporting Support management and reporting of compliance with the Australian Government Information Security Manual (ISM – formerly ASCI 33). Virus Protection Provide anti-virus service to prevent, detect and remediate infection of government computing assets. 2.12 Threats to E-government Services and Clients In view of the defensive measure that should be put in place with e-government information system, a risk study has to be performed. This risk analysis must take in to account the intern, incentive and ability of source of threats, the possibility and prospective frequency of method of attacks, the consequences of the successful attacks, the cost of to any opponents. Threat analysis tests the devices that require safeguard, the possible sources of threat and the likely ways of attack. 43 2.12.1 E-government Service Assets Consequently, property of the e-government based on service that needs security on the individual data of customer for e-government service which must be protected against lost, break, or unnecessary leak in line with the related data security and privacy. It is significant to identify that personal date, once passed to the Client Network Domain (CND) from the e-government services, is exterior of the range of the e-government service that can get and accountable. Customer will take the responsibility of protecting their personal details, when it’s under their personal control. The business information base of government in general and organizations contributing e-government services must be measured security against accidental loss, unnecessary disclosure or introduction of invalid content. The e-government service (include the applications and delivery stage) must be measured security against risk, threats to its availability and the integrity of the service presented verification ID must be protected against fake or unwarranted use. Objects that correspond to financial or any other important value must be protected against swindle. Hacking, some of the e-government transactions are likely to result in cashable orders, which must be appropriately controlled can relate to the delivery of goods that can be misappropriated. 44 2.12.2 Internal Sources of Threat Some of the possible risk that been identified by Andrew (2002) are the agents that can be in the form of customer, e-government service staffs’ with those for whom system is authorized and have few responsible and can manipulate. The details are as below: i. Legitimate Clients: the threats that been created by governmental staffs which have major technological resources and skills with a tough enthusiasm towards the service which leads to misuse the rights on the service system for the purpose of economic gain. ii. Government Customers Agents: who are in charge for the service provision of daily basis functions of e-Government service system may look to be swindle or private disturbance that is gladly subjected to a sanction in the event of security breaches which are observable. iii. Insider: Whom is not related of the e-government service provision, however may share access to the E-government Service Provision Domain (ESPD) with no accountability of e-government service provision but may rise an attack from within ESPD or Trusted Service Provision Domain (TSPD) and may possess a strong motivation to do so. 45 2.12.3 External Sources of Threat Some of the possible threat agents that are defined by Andrew (2002) strangers and are ahead of the control of the system establishment such as: i. Criminal organizations including organized crime people, petty criminals that may be involved by the potential for large-scale fraud accessible by eGovernment services. ii. Foreign intelligence services that may request to use e-government services as a means of getting information on the workings of administration or on bases on individuals of interest. iii. Profitable organizations that may request information about challenging companies, clients, debtors etc from e-government related sources. iv. Investigation agencies that may request to use e-Government systems as a source of information on targets of interest for example economic information or other individual details. v. Terrorist organizations that may need to access e-governments systems as a source of focusing information on person or an organization for future disaster. 46 2.13 Service Security Environment of E-government E-governments security plays an important role for the activities in governments and based on environments and the community being accessing the egovernments. Therefore these followings are some of the service security environments. 2.13.1 Environment Assumptions To assemble the objective of e-government, it’s implicitly derivable that the best delivery of government service will share the same public network that is being designed in the community at large. In particularly, for the internet will defined by which society will use to government to government services will high successes through other such interactive digital television and call centre will used. 2.13.2 Domain Model A classic e-government services usually involves large figure of management regimes referred to as security domain, special security measure will be applied to every domain. Single security domain may be under control of customer as another one might be controlled by the service provider. 47 2.13.3 External Security Policy Framework The development and completion of government should takes place legislation that applies of tackling both domestic and international, commercial and individual data within civic and private corporate networks as well as computer system servers. Departments, public sectors or other local administration body will have their own sharing information managing and security policy strategies that will highly impacts and give more detailed interpretation of national government and corporate policy, legislative framework and business requirement of the companies. Organization policy are not cited clearly but still assumed to state requirements of the high-quality business performance. In addition, government proposed to direct in setting and ensuring high quality of executive in its control of publicity owned resources and information. 2.14 Tools of Maintaining Information Security in E-government Conventional government design is at times regarded as very huge, though with global advancement of computer network and the growth of information technology. Now, it’s highly possible to transfer or exchange huge amount of data at light speed much greater than distance. These technologies gives the opportunity for government to change themselves form hug monster to compact and efficient organization, and recognizing the huge improvement of IT, over 2000 summary 198 governments has recently in progress their electronic government strategy to built technology and internet based of their government functions (West, 2004). 48 The most important elements of technology based and electronic government is the communication and broadcast of secret data and information through the information system on network system related on importance of the information. Security of this information must be measured with high security actions compared to national security though every government has their own specific network. Government can’t refuse the internet partly because it would be wasting of resources. Nevertheless, the internet technology is an unlock location that is protecting information and data smooth on the internet from the hacker/ attacker, therefore vital e-government service issues. All government departments requested assistance from cryptographers and it cost a lot of time and investment to develop a special information system design for advanced cryptosystem to support information security in the e-government service system. Unfortunately, cryptography is not sufficient in a number of applications, as computer power keeps rising and the method of cryptanalysis keeps. West (2004) provided two main types of steganology known as stegnography and steganalysis which mainly and widely explored the area of e-government security. 49 2.14.1 Steganography According Markus Kahn (1995) steganography is an art and science of communicating in ways which hides the existence communication. In contrast to Cryptography, where the enemy is allowed to detect, intercept and modify messages without being able to violate certain security premises guaranteed by a cryptosystem, the goal of steganography is to hide messages inside other harmless messages in a way that does not allow any enemy to even detect that there is a second message present. The overall goals of stenanography is aimed to cover message inside other innocent message that didn’t permit any other users or yet notice that is next message there, the term description is globally conventional with information security related environments. The application of steganography is generally used if traced back on the old days B.C Histiaus shaved the head of his slave and tattooed an important message on his scalp When the slave’s hair grown, the information was hidden and the slave was sent to Aristagoras, when the shaved the slave’s head. According to the Herodotus (1992) who told the message that, he taught him to uprising against the persain which is considered as one of the oldest example of steganography, As the system advanced, imperceptible ink and microfilm come out in the latest application. He water mark on bank notes is the most important and general modern example of steganography. In this present technology, steganography is a secreted message that permits top secret information to be hidden to cover up communication/media on the presented communication with the out of sight information is known as the stego message. Steganography methods are mainly divided into two main categories: digital watermarking and digital figure printing, digital watermarking targets on the embedding algorithms and is used for the objective of copyright protection, 50 authentication and integrity verification. The hidden information is called the watermark; in digital water marking is comparatively. Some other frequent assets of steganography methods are including: Simplicity the twist introduced by the embedding procedure ought to be hardly noticeable to humans so that the impact on the perceptual quality is reduced. Robustness: Most of the application programs such copyright protection, the survivability of against all types of malicious attack and Incidental manipulation, such as lossy compression, format trans-coding, must be handled and maintained unless the manipulations have rendered the content in some sense. Payload (i.e., the embedding capacity) is significant for digital finger printing. Since the function of the fingerprint is to recognize the individual recipient buyer, the fingerprint should with adequate to provide space to keep the 5 uniqueness when a massive number of copies of the cover message are to be distributed. In this case, embedding capacity is the deterministic factor of an effective fingerprinting scheme (Su et. al, 2000): x Digital Watermarking Digital watermarking is a process of setting in small amount of secret information the watermark, to the computer and media to achieve goals like copyright, assertion, authentication and content of integrity verification, etc. The superiority of digital water marking over cryptography is that the latter give no protection soon after the content is decrypted. This includes the measurement of transparency and robustness to avoid any detectable artifact and any other important assets to meet this particular application, its all dependant to the design of this hidden algorithm. x Digital Fingerprinting Digital figure print is unique process which allows message to be embedded in the computer to recognized, identify the receipt, digital printing can’t oppose against the law copying but it provides the copyright and media to mark out the recipients who leak redistribute the figure printed media. Therefore, additional condition for 51 digital fingerprinting is anti-collusion, meaning that even after the attackers have collected an adequate figure of officially permitted copies, they still cannot notice and satisfy the fingerprints. Further technical information concerning to this course was establish in as stated (Trapp et.al, 2003; Celik et. al, 2004). 2.14.2 Steganalysis As mentioned previously, steganlysis is one of the security measures of egovernment information as the e-government is responsible of observing public data flow. At present, most governments strongly believe restricting the power of community cryptosystem or preventing them entirely is not sufficient to guarantee national security. For example, companies like Microsoft and PGP has been restricted to sell their internet explorer software with the highest encryption (128bits). It’s a proven fact, that the point of views of the government in this might be for logical way for national security is high concerning, yet it impacts the greater part of the internet client to expose to privacy breaches. This condition makes the community to remedy to steganography for their privacy defense. 2.15 Risk Factors of E-government The successful implementation of e-government concept always related with the capability of the government to raise electronic service, by providing the disaster communications through advancing, inform the country institution and supporting it 52 by the latest communication technology to help in support of electronic services, and helps government institution in using e-government conception and in digital form. 2.15.1 External and Internal Barriers to E-government Implementation The purpose of e-government achievement is slight growing in effectiveness, transparency and enhancing the communication between the business and citizens and improved communication system and to get good governance tools. The customer needs to see the public services if it isn’t applied or will there be problems of interior and exterior obstacles to electronic government accomplishment which influence citizens and businesses to utilize commence and electronic services (Edwin and Lua, 2003) The internal problem is primarily up-coming which includes most frameworks that are located in one place. These problems are related of realizing of better understanding of the common vision and mission of e-government. Providing leadership to a various levels to turn vision in to action, where leader will be trained on how to ensure the accurate administrative system to help organization in e-government accomplishment. The institution cant operates in remoteness so it is required for assistance to make sure interoperability passed-up copy services to make sure that this still government official possesses knowledge to develop the operation, and to estimate victory. Government faces obstacles from exterior in developing e-government due to the fast technological change. However, choosing the best stander technology and the 53 other challenges is that people having no PC or doesn’t use to the internet and people who make use of the online systems needs full assurance of privacy and protection that their information records will not violated or changed. The achievement of egovernment procedure mainly depends on framework for their function. For an example, digital signatures are used for submission electronic service. Risk is an identifiable, possible what matter or negatively impacts with egovernment initiative is that the stakeholder must practice some assess control risk management regarded with of e-government activates programs, which has some ability to mitigate accountability of the program. The major risk in developing of egovernment plan to mitigate each risk has listed as fellow (Lau and Edwin, 2003). 2.15.2 Budget Barrier The government operates with funding arrangement on the development price of e-government that is extremely high for the government. Therefore, both longer term financial support and teamwork among the government institution should be consider and predefined. This problem can only solved by the following steps: i. Developing direct project that could be leveled presently based on demand of the project. ii. Convince the user of the new technology and innovation commercial arrangements to private sectors to fund in electronic government. iii. Supporting planned business partnership with expert international dealer to fund e-government. iv. Practical well progression phases for e-government rollout. 54 2.15.3 Common Technical Framework and Infrastructure Challenges incur from the failure of government organization to be in touch from one another and inconsistent decision between the government agencies. Government can do a lot to help and provide common shared rules and stander and this can be easy solved by using shared inter agency working group side by side or with obvious governs to supervise and enforce government policy and stander. 2.15.4 Digital Divided Resource with Nusajaya ICT Center doesn’t have the basics knowledge to apply e- government strategic and this can be solved by: i. Maintenance of government bodies for IT training and other required skillfulness on the staffs. ii. Hire professional staff with required skills. iii. Motivation for government agencies to fund in rising ICT proficiency internally. iv. Provide and make links local universities and colleges on job preparation to the students. v. Promote maintenance of trained professionals in collaboration with other programs. 55 2.15.5 Privacy and Security Concerns Government is responsible to offer role and regulation in developing of civic polices, and divide imperative position with business, organizations, business and individual for guarantee protected access of the computer. This crisis can only be resolved by increase responsiveness among the shareholders, lift up accountability and improve modify management. 2.15.6 Rapid Technology Change The government faces problems in expect future policy impact in details of the fast moving technological changes. These issues can be solved by: i. Extreme performance requirement rather than specifications. ii. Participation of shareholder in one process. iii. Looking for international cooperation. iv. Re-arranging e-government strategy with political and change. 2.15.7 Citizen Expectation and Seamless Services Governments are offering high quality electronic service to their customers, but they failed to understand citizens need. This kind of crisis is resolved by general responsiveness of e-government initiative among the shareholders. These obstacles 56 needs to be understood and sense of mission shared across all level of government institutions. 2.16 Discussions E-government service system is used by the government authority of information and communication technology (ICT) to provide general service for citizen and business which in particular, meant for service to the public participation. E-government became the international phenomenon since last twenty years of technology development. Many governments around globe have implemented egovernment in the belief that its ability of improving efficiency, transparency, cost effectiveness in government, therefore security of e-government has also became key hot issues. 2.16.1 Implementations of E-government In this chapter, many e-government security aspect and implementations were presented. The implementation of e-government was discussed. In this case, ICT plays an important role in e-government implementations particularly internet which provides new way of working with public administrations together with enhanced provision. This regards with IT communication and how to protect and measure security of electronic government became hot, this chapter from the approach of security threat supervision analyzes the measures of electronic government security risk managing and the corresponding countermeasures are proposed. 57 i. Service Security of e-government: several e-government services are covered which plays of crucial in promoting services quality. E-government services are the access of IT, and the internet to improve public access, customer’s service efficiently. However, it’s also recognized that customer and citizen have the right to choose how service is delivered either directly used in web and mobile phone whatever. ii. Threats of e-Government: threats of e-government research described two types of threats that associates with e-governments: internal and external where threats analysis examines the assets that need protections and potential sources of the threats. In contrast, security is the protection mechanism of ICT assets of egovernments as these assets are the portfolio of the organizations. External assets that lies out of the organizations including assets on clients’ remote users and business partners who need to communicate and collaborations with organizations. On the other hand, internal assets are whose inside of the e-government systems includes data, information, knowledge resource and programmers. 2.17 Chapter Summary This chapter provides widely in e-government implementations process and risk security aspects. It also covers much of the security importance and the roles that security plays in e-government, benefits of e-government, values, and risk factors of e-governments. This chapter has made a ground work for conceptual risk security of e-governments and major challenges that arise in information communication technology. CHAPTER III RESEARCH METHODOLOGY 3.1 Introduction The purpose of this chapter is to present and justify research methodology used in this study. In this chapter, we will present and describe how the data will be collected. The presentation of the chosen technology includes discussions concerning the research approach, research strategy and research method.Finally the chapter discusses on the quality of the research undertaken. The main purpose of this research is to identify risks security in e-governments and activities associates with transactions related to the e-governments. The study also investigates manners in which e-government security can provide more efficient and effective customer’s centric services and extended e-government reliability. On the other hand, this research also looks the different types of risks and threats, challenges that encountered of e-government and how to ensure security measures to these threats as well. 59 3.2 Research Strategy The choice of research approach is not only dependant on research’s epistemological position and pre knowledge but also influenced by the research questions that were set out to illuminate (Morse,et. al,1994). Quantitative research: This research is used to respond questions about relationship between precise variables with the point of describing, generating and controlling phenomenon. This approach is sometimes called traditional, experimental positive approach. Quantitative research seeks explanations and production that will generalize to the other persons and places. This intended is to establish confirm or validate relationship to develop generalizing that contributes. 3.2.1 Qualitative Research This research is normally used to respond questions regarding to the complex nature of phenomenon, frequently with the point of explaining and consideration with the phenomenon from the applicant concepts. The qualitative approach is used as the interpretative, constructivist, or post positivist approach. The qualitative research seeks a better understanding of complex situation their work is often exploratory in nature, and they may use their observations to build theory from the ground up. The qualitative and quantitative process refers to the technique one selects to treat and study the chosen data/ selectivity and remoteness to the entity of research characterize a quantitative approach. While, a qualitative 60 approach is characterized by closeness to the object of research both have their power and weakness, and neither one of the approaches can be. 3.3 Operational Framework To make sure that all research activities are well-organized, research methodology is needed to guide these activities to the right direction. However, to gather all the information relevant to the study, the researcher build a methodology or operational framework to make sure that all the tasks of the research have been done clearly. Figure3.1 shows research methodology frameworks. AndTable 3.1 shows the operational framework. 61 Phase 1 Research Initiation & Planning Phase 2 Literature Review Preliminary survey Survey Analyze Data Phase 3 Preparing E-government Security Model Evaluate Model Yes No Phase 4 Report Writing Research Presentation Figure 3.1 ResearchMethodology Frameworks 1 project scope. statement).determine research question (problem Objectives from the x To determine project question. x To identify Research Security in e-government x To understand the Risk. Initiation and Planning x Understand problem x To plan project. Project the problem. domain and existence of TASKS OBJECTIVES PHASES METHOD NTS / INSTRUME Table 3.1: Details of Operational Framework x Project scope. x Project objectives. x Project proposal. DELIVERABLES 62 62 Literature x Survey x Review 2 respondents’ reflections research by observing x To obtain viability of the opinions. Bahru. ICT department in Johor special Staffs in Nusajaya accessibility in Malaysia, government service analyzes to obtain result. x Using respondents’ people involved with e- To conduct survey about gather the related data and x To conduct survey and x Survey through Survey. x Data Collected service security. government of the e- understanding to the research objectives. papers, etc. x Proud The whole concept collected materials, and security methods. research perspective study. resources according to sources, sorting the government service articles, from different x Collecting ideas the and other reliable previous research on e- journals x Books, selecting appropriate material form internet x Collecting related related to topic issues and x To study and get opinion 63 63 4 3 Project presentation final report x Writing the Model understandable way. analyzed the date carefully. to take place. Project outcome. with others. share your projectresult projectpresentation to x Prepare organizing all the data in to the research and Final report writing going Combining and x Write the report by requirement. government security model based on e- x By designing the security for Malaysia. Service Security model x Designing E-government survey results in it. model by integrating the x Revising the proposed relevant information regard After collecting all the x Present the complete x security framework. Government Security x To design and develop survey results in it. model by integrating the x To revise the proposed data x To analyze the collected x Preparing e- Analyze Data skills. writing report x Using Software. x SPSS x report. Complete final model. service Security x E-government 64 64 65 3.4 Data Collection Data collection is an expression that is generally used to explain a method for preparing and gathering data and the objective of data gathering is to get information. In data collection phase, the task for the researcher is to collect all relevant data about the research topic. These are the following sources that date has been collected.Data can be divided in to two categories: primary data and secondary data. 3.4.1 Primary Data In this research, the main primary data drafted from: x Survey Survey is a research mechanism consisting of a sequence of questions and other prompts for the point of collecting information from respondents. Questions will be distributed to particular group of respondents through sampling. The researcher will set questionnaires with various ways, like survey, mail and internet, or faxes. The researcher will write the questions properly and provides concise instructions. Finally after the question being prepared, the researcher will test the questionnaires and distribute to the selected number of samples to find the research weakness. 66 3.4.2 Secondary Data There are different sources for secondary data including: i. Books ii. Journals iii. Articles. iv. Electronic Documents o Websites. o Online materials. o E-journals. 3.5 Sampling and Respondents The respondents were collected from Nusajaya and ICT department in Johor and questionnaires are distributed to e-government users, Government Employees at deferent levels’. A total of 70 people from various positions were selected, so as to provide in depths information about the topic through survey and sessions.These respondents were chosen as random from the above list to complete the study their perception of the e-government security system and policies in Malaysia. 67 3.6 Data Analysis Upon completion of data collection, process of analysis will be conducted to analysis data and information extraction.Several steps are required including personal data,activities of e-government risk security, and implementations of egovernment systems. Later, by using SPSS software, data will be edited and a result will be presented in graphics, tables and charts with detailed information to provide relevant information for the study. 3.7 Project Validity and Reliability Validity: when we judge the strength of research study we require to ask two basic questions, first does the study have adequate controls to make that the termination we illustrate are really warranted by the data. Secondly, isn’t possible that we can utilize thing that we have view in the research condition, to build the generalization on world beyond that exact situation. The answers to these 2 questions deal with the subject of interior validity and exterior validity respectively (Leady andOrmrod, 2001). 68 3.7.1 Reliability Reliability of measurements is to extend to which it yields consist result when the characteristic being measures has changed. A researcher can enhance the reliability in several ways; first the instrument should be monitored in constant fashion and should be standardization in uses of the instrument from situation or a person to text.Secondly, to extend the subjective judgment are requited, third any researcher assistance that are using instrument should be well trained so they can obtain similarly story. 3.8 Project Schedule Project schedule will list down the overall project schedule including the project start date and end date, and the activities that needed to do during the research according to the objectives of the project. The details of the project schedule are shown in Gantt chart attached in Appendix A. 69 3.9 Chapter Summary This chapter provided brief description of the methodology used for this research activities were organized using operational framework, data collection was defined to be a process of collecting data from different sources. There are two sample of population consist of 70 people will be respondents of the research. Data is analyzed by using SSPS software and project activities are scheduled to be completed with a limited time is presented. CHAPTER IV DATA COLLECTION AND DATA ANALYSIS 4.1 Introduction Provided that, the research design has be successfully developed the nest phase would be necessary on the matter of data collection and analysis. A set of survey instrument for data collection purpose is chosen. A survey questionnaires consisting of ten questions which were divided into three main sections, different question types, such as scale ranking; Yes/No questions were used. The different section of the question was, i) Respondents profile, ii) Identifying risks and importance of egovernment service security. iii) Recommendation and commits. 71 Technical staffs from Nusajaya ICT (Johor Bahru) were chosen as the respondent of this study as they have basic background of e-government service and security appropriate methods. Besides that, priority was also placed on the respondents in the sense that the respondent must be a staff member of Nusajaya ICT centre. This will give the researcher wider and better understanding of the research questions. Later, the completed surveys were analyzed using SPSS software. The descriptive procedures in SPSS provide mean value and Standard Deviations (SD) for variables. It also provides the minimum and maximum value. It is a good practice in Likert Scale questions to print means value, since the number that is obtained can provide an indication of what average answer is. The SD is also important because it gives us an indication of the average distance from the mean value. The low SD means value upshot the most observations center on the means value. Conversely, higher SD means value that there were a lot of variations in the answers. SD of zero is obtained when all responses to a question give the same answer. 4.2 Survey Analysis As mention above, only one set of questionnaire were used in this research. It was designed for technical staffs and citizens to extract implicit information from them. 72 4.2.1 Survey Findings Based on the studies objectives, 70 copies of survey set was distributed fairly to the ICT Centre but returned were only 21 copies. The design of this questionnaire was divided into three sections and is categorized below. The design of this questionnaire is divided into three sections: Section A: Respondent Details. Section B: Identifying Risks and Importance of E-government Service Security. Section C: Recommendation of E-government Service Security. 4.3 Respondent’s Profile Table 4.1: Profile Gender Gender No. of respondents Percent Male 36 60 Female 24 40 Total 60 100 73 Gender 0 F Female 40% Male 60% 0 Figure4. 1: Gender Profile The figure 4.1 shows the details of survey respondents byy gender, there are more males in compaarison of female, out of 21 respondents who ggives their feedback 60% were Males while 40% are female. QA2. Respondents Age A 12 50% 10 8 6 22% 22% Frenquence percent 4 2 0 18-25 5 26-30 More than 30 Figure 4.2 Respondent’s Age 74 Figure 4.2 above shows the details of survey respondent’s age; researcher found an increase of respondent’s dependence on e-government service, age ranges was occurred. Majority of the respondents were between 26-30 years. The finding also illustrate that, younger citizens possess the skills and knowledge necessary to use the computer and internet. The older age group consist of respondents who have little basic on accessing e-government service by online. Out of 21 respondents who give their feedback 22% are under 25 years, where 50% are 26-30 years old and another 22% are above more than30 years. Here below are summarized. i. 18-25 years: 22% ii. 26-30years: 50% iii. More than 30 yrs 22% QA3. How long have you been using e-government service (please rate you answer 1 less important, 5 most important)? Respondents were given number of years being using e-government service, 1-5 years and 5-10 years as can be seen chart below. 75 90% 80% 70% 60% 50% 40% 30% 20% 10% 0% 81% 13% % 1-5years 5-10yeaars Figure 4.3 4 Respondent’s Usage of e-Government Seervices The figure 4.3 showed, s that the majority of the respondents have been using egovernment in betweeen 1-5 years while some of them stated more than five years. 4.4 Identifying Rissk and Importance of E-government Securrity QB.1 which of the following are severe (more dangerous) rissk to e-government service delivery (pleaase rate your answer 1 less important and 5 m most important)? Respondents were w given list of e-government risks includiing, hacking, cyber attacks, internet worm m, denial of service and viruses. 76 Table 4.3 Risk on e-Government Service Delivery E-government risks Number of Min Max Mean SD Respondent Hacking 21 1 5 3.33 1.065 Cyber Attack 21 2 5 3.48 .981 Internet Worm Attack 21 1 5 3.05 .921 Denial of service 21 2 5 3.38 1.024 Viruses 21 2 5 4.19 .928 Table 4.3 shows great varies among e-government risk. Five risks were examined in this survey. To present the outcome of the survey, mean and Standard Deviation was used. Five-point scale is used whereas 1 =Not important, 2=less important, 3 =neutral, 4= important, and 5 = most important. As it shows in the table 4.3 viruses has a higher mean value which is 4.19. There is also a significant increase in cyber attack, denial of service. Conversely, internet worm attacks (3.33) have lower ratings. Based on this important statistics, it can be concluded that viruses, cyber attack and denial of service are the highest risk on e-government services delivery and could be considered seriously. Similarly, internet of worms and hacking could be another source of threats but have lower rate. 77 QB2. Which of the following is cyber crime against ICT assets (please rate your answer 1 less important and 5 most important)? Table 4.4 Cyber Crimes against Assets Contents Number of Min Max Mean SD Respondent Theft of resources 21 2 5 3.71 1.007 Fraud and Swindle 20 2 5 3.55 .826 21 2 5 3.48 1.078 21 1 5 3.57 1.207 20 2 5 3.85 1.040 Black mailing and Cyber Extortion An authorized system access Hacking Government Website Table 4.4 shows the cyber crimes against e-government assets. Roughly, there are five cyber crimes were tested in this survey. Respondent’s feedback greatly varies based on the five scales “1” less important and “5” most important. Normally mean and Stander Deviation used to display the result. As can be seen on the table 4.4 hacking government websites has the highest mean value which 3.85. There is also significant increasing in theft of resources, an authorized system access and fraud/swindle. It also shows that black mail and cyber extortion has the lowest rate based on the survey. 78 QB3. Which of the following are cyber crime against government institution and states (please rate your answer 1 less important and five most important)? Table 4.4 Cyber Crimes against Governments and States Contents Hacking websites Cyber threat against states Information Warfare Hacking critical website Environmental Risk No of Respondents 20 Mini 2 Max 5 Mean 3.85 Std. Deviation 1.040 21 1 5 3.67 1.278 21 2 5 3.71 .902 21 1 5 3.57 1.207 21 2 5 3.81 .873 The table 4.4 above shows, all respondent’s feedback is positive yield and provided the highest priority to the cyber crimes against states. For instance, the mean values of all first three components shown above. Hacking websites 3.85, environmental risk 3.81 and Information warfare 3.75 having the highest mean values. Similarly cyber threat 3.67 and hacking critical website are increasing as well. 79 QB4. Which one the of the following security management components are the most appropriate for e-government services (please rate your answer 1 less important and 5 more important)? Table 4.6 Security Components Appropriate to e-Government Services Contents Password Digital Identity Biometric device Access Control E-government Gateway No of Min Respondent 21 1 Max Mean SD 5 4.29 1.146 21 21 21 1 2 1 5 5 5 3.86 3.81 3.71 1.153 .928 1.189 21 1 5 3.76 1.261 Table 4.6 showed respondent’s perception on security management component appropriate of e-government service. All respondent answered positive to the security components applicable in e-government service. As observed on the table 4.6, the mean value on password passed 4.29 along with Digital Identity 3.88 and biometric device 3.81. Respondents also indicated that there is increase on egovernment gateways 3.76 and access control 3.71 respectively. 80 QB5. Which of the following security technology does your organization uses (please rate your answer 1 less important and 5 most important)? Table 4.7 Security Technologies in e-Government Contents No of Respondent Min Max Mean SD Data Backup System 21 2 5 4.33 .966 Encryption Methods 21 2 5 3.90 .995 21 2 5 4.19 .981 21 3 5 4.33 .856 21 1 5 3.57 1.165 User Security ID Management Internet Security IDS/ and other detection Table 4.7 resulted the research with five types of technologies that organization uses as security purpose, respondents got positive yield. Based on the table’s contents majority of the respondents believe that data backup system 4.33, internet security 4.33 and user security ID 4.19 are most widely used security technology in e-government. There is lower decrease in mean value of encryption 3.90 and IDS 3.57 and much lower than the other security technologies. 81 QB6. How important are the following security components and activities of egovernment service (please rate your answer 1 less important and 5 most important)? Table 4.8 Security Components and Activities Contents Network firewall Network Intrusion Detector Network Access Control Server & work station security Anti viruses No of Respondent Min Max Mean SD 21 2 5 3.95 .921 21 2 5 4.00 1.000 21 2 5 3.76 .944 21 2 5 4.05 .865 21 2 5 4.10 .944 Table 4.8 indicated, researcher asked respondents perception on network security components and their role of security in e-government service. By using scale 1 less important, and 5 most important. Most of the respondents strongly believe that Antivirus 4.10, server work station security. Network Intrusion detector 4.00 are most reliable network security components which plays an vital role of monitoring traffics and prevent an authorized access. It also shows that there is low decrease in mean value. Network firewall 3.95 and network access 3.76 which are lower than other components. 82 QC7. In your opinion, how state governments can security on their website (please rate your answer 1 less important and 5 most important)? Table 4.8 Methods of Securing e-Government Websites Contents Privacy Policy being presented on egovernment sites Authentication log in Encryption Using SSL Monitoring traffics Deliver best Practices Security rights No of Respondent Min Max Mean SD 21 2 5 3.52 .981 21 21 21 1 2 1 5 5 5 3.90 4.00 3.14 1.091 1.000 1.236 21 1 5 3.57 1.326 Table 4.8 shows contents that can be used for securing e-government website. There are five different methods of security e-government websites based on the table. That was examined in this survey. How government can secure their website by scaling as can seen on the table. Encryptions protocol 4.0 was the highest value to protect the transmission. User name and password, authentications 3.90 are second highest mean value to protection privacy and security of websites. Deliver security rights 3.57 shows the third category of measuring security. Using server management software to monitor traffic 3.14 and privacy policy being presented on e-government website are the lows rating. 83 4.5 Recommendatioon on E-government Service Security QC8. Do you believee that Nusajaya ICT Centre has utilized otheer Technology of egovernment Security Services? 13% Yes No 81% Figure 4.4 Utilizattion of e-Government Security Technologies in Nusajaya ICT Centre The figure 4.99 indicates that 81% of the respondents sttrongly agreed that Nusajaya ICT Centree has utilized other technology on e-governm ment service security and 13% disagree this. It shows that respondent is highly optimisttic on e-government security technology thhat Nusajaya provides to it citizens. 84 QC9. Give your comment, c any related technology of e-goovernment Service Security? Related technoloy 7% 22% D Digital Identity 70% FFingure prints N No commet, Figure 4.5 Anyy Related Security Technology of e-governm ment Services. Figure 4.10 inddicates that 70% of the respondent strongly bbelieves that digital identity and biometricc devices could be the latest technology can improve for further security of e-governnment services, while 22% of the respoondents give their comments on figure print p technology. Only 7% did not respond onn the question. 85 4.6 Chapter Summary A set of survey questions designed and distributed to conduct an analysis to identify risk on e-government services and security importance of e-government as well. Data was collected by randomly distributed questionnaires to 70 technical staffs and citizen on Nusajaya ICT department in Johor Bahru. The chapter has discussed the respondent’s profile: i. All respondent identified risk and threats impact on e-government service. ii. All respondents agreed the importance of e-government service security. iii. For e-government service, respondents highlighted that cyber attacks, hacking and viruses are the most sever risks on e-service applications. iv. For e-government service security components, respondents prioritized to password, digital identity token, biometric device. A considerable number of the respondents also believe the importance e-government Gateway and Access control are highly effective security tools for e-government service accessibility for further protection mechanisms. v. Out of 21 respondents 81% percent believes that Nusajaya ICT Centre has utilized other technology on e-government service security and 13% does not believe. CHAPTER V E-GOVERNMENT SERVICE SECURITY MODEL FOR NUSAJAYA ICT CENTRE 5.1 Introduction Currently, Nusajaya ICT department is an agency that operates for the coordination of the social development of government organization, especially information communication technology (ICT). The objective of the case study in Nusajaya was to get information regarding to the e-government service security perceptions, in order to improve the previous security measure in e-government service for Nusajaya ICT centre. This chapter provides e-government service security and identifies risk and threats towards Nusajaya e-government services security. Furthermore, based on the result and the key findings from the 21 respondents of Nusajaya ICT staffs and study of previous models from the literature review, an enhanced e-government service security model for Nusajaya will be proposed and the analysis of the previous model is described.. 87 5.2 Analysis of Existing Models and Frameworks in E-government Security There have been various studies been resulted on the analysis for e-government models that focuses on security. Researcher described in detail on the models which has be introduced in previous chapter in Table 5.1. Access Management, Interaction Control, & External. the importance e- security, Assets Requires Security Treatment. including, Hardware, Software and Databases. These sensitive when it comes for e-government assets third Is “ICT Asset Environment” which is the key protected from any harmful security failure. The environment is needed to be full secured and require confidentiality, integrity and privacy. This transport that Private Network. communication “Transport Environment” which is the channels of who are using the E-government service, Second is first component is the “User” User are the citizens specified area but through many different angles, the government security will be measured not only provided deep information about the how the e- government service security. The Components has about the Electronic. Security and Physical and general information of e-government security framework that provides in Under these activities there are three essential Areas Analysis of the components System, e.g. Virtual Communication Secure. Identity, Capture, Internal (ICT Asset Environments Environments Technology Process (Transport E-government Security Model Users Components of the Models 1 J.Satyanarayana,2004 Model Table 5.1 Analyses of Existing Models in e-Government Service Security. (J.Satyanarayana, 2004 & AGDS, 009) 88 88 Security Management Security Collaboration Components contained by Model E-government 2 AGDA 2009, Model Management System of e-government. The Secondly organization to provide service management to the end users. government system management and monitoring, enabling Third one “System Management” which provides rich e- responsible task managing, sharing information and etc. the “Collaboration” are working side by side with e-government components Digital certificates, are the major security management Detection and Access control and Incident response and service are including ID and Authentication, Intrusion services. Firstly “Security Management” of e-government participated for security management in e-government platform, these components are many and effectively be considered important factors of security management Security Management Model provides components those can Analysis of the Components 89 89 90 Numbers of components were taken into consideration when analysis phases took place on justifying the security model. Based on that, relevant and most suitable components that fit to the case study were chosen. It is clear that user in any egovernment service and there is no doubt users need confidential, privacy and security services from the government so they can promote and use e-government without much worries. Security is an important factor for e-government, because citizen’s information should be protected from an unauthorized people. Other important factors are the Users accessibility to the service where citizen are required to fellow up security procedure, their identity would be captured and digital signature to prove the validity and verification of the user. We also need to protect ICT assets in order to minimize the risk and threat sources from any attempt, by using networking detection intrusion, virus protection and disaster recovery. 5.3 Derivation of the Proposed Model The study on the literature review provided the basis components of egovernment service security model. A survey was conducted in order to verify the importance of the components in improving the e-government services security. It was an ultimately drafted model from two models in literature reviews namely, egovernment security developed (J.Satyanarayana, 2004) and model of security Management Australian Government, the Department of Finance (AGDF). This also is compared with the results of recommendation of proposed features from the findings. The results of respondents pointed some features are important for egovernment service security model. The new proposed model contains: User, Process, Technology and e-government Service Application component for security management in e-government. 91 5.4 The Proposed Model Significantly, result from the analysis, the proposed model is believed will support the rapid grow on IT revolution and governments which are ready to provide their secure online service to their citizen over information communication technology. However, to promote trust on e-government transaction, communication and interactions, government and its affiliated department are required to implements security, privacy and confidentiality in order to gain user trust on the egovernment service. Therefore, researcher proposes e-Government Security model for Nusajaya ICT centre, which is mainly consist of four components: Users, Process required technology and e-government application service which is illustrated in Figure 5.1 shows the proposed model. 92 Figure 5.1 Proposed Model of E-government Service Security 5.4.1 E-government Users In this section, the e-government user’s involvement of proposed model is defined. There are two types of users in this model namely, citizens are the key users of service providing and the government agencies. Government agency’s role is on delivering e-service acceptance of the service; number of distributed through various channels, usage of growth, and the information system supporting the service. 93 5.4.2 Process In this section, there are three processes which user of e-government is required: Identity Management, Access Management and Interaction Management. The table 5.2 shows the process. Table 5.2. User Required Process Identity management system Identity management is the process of of users registration based on user profile by using unique digital identity. User name and Password. Access Management Systems Access Management is process which enables user to access the departmental User/ID, registration, this involves user verifications of the identity. It also creates User Authorization to predefined task or transaction. Interaction Management System This process is acts mediatory of user and the e-government systems which provide access insurance of a complete security element. Including, Authentication, Confidentiality and Accountability. 94 5.4.3 Technology In general, ICT assets are one most important and key sensitive for egovernment assets including, internet, hardware, software, database and knowledge, which required security treatment. So, to measure their security there are two types of security: physical and electronically. To secure ICT assets, it requires number of security for further protecting the internet worm accidents, electrical shocks, network intrusions and disasters and etc. to avoid the threats, security management components is identified and summarized in Table 5.3. 5.4.4 Security Components Table 5.3 Security Components User Security tools Descriptions User Authentication User Authentication is a process of identifying and individual based on user profile, User name and Password in security system. Authentication usually ensures proper authorization and access to systems and services; it can be conducted through the use of logon passwords, single sign-on (SSO) systems. 95 Digital Identity Is general used for online system, the term is refers in computer based with symbol of manual identification, ID card, Credit cards, this is to ensure user’s verification by matching to their ID with the system. Access control list An access control list is board of computer file that internal operating system has which give permission to every user to particular system, either with file or directory. Each one of the entity have security characteristics that recognizes its access control, it also has access/ entity for every computer user with high access rights. Biometric device is popular device used to comprise technique for exceptionally recognizing individual based upon one or tow inherent physical or behavioral individuality. These features are captured at the time of registration, converted in to a code using certain algorithms and stored for comparison at the time of authentication in IT; especially, biometrics can be used as a figure of identity accessing management and accessing control. Government Gateways This gives a communication access to the user so they could have permission to use the information and provided service to the citizens. Verification will be done by using ID and Electronic Signature and User’s privacy will be secured protected. 96 Table 5.4 ICT Security Components Description Firewall A firewall is a part of a computer system or network that unauthorized is access designed while to block permitting authorized communications. Network Intrusion detection system NID is a process of detecting malicious attacks made by users to the network system, including, Denial of service, scanning by controlling and monitoring network traffics. Virtual Private Network Virtual private network (VPN) is defined as a network that utilizes telecommunication, including the Internet, to supply distant offices or one user with highly protected and secured access to their institution network. This will help the government to have special Ethernet in which its security is highly reliable. Viruses protection To protect, detect and remove malware including computer viruses Trojan horse and any viruses from entering to the government information system, Anti viruses must be installed the entire computer to prevent remove adware, spyware, and other forms of malware. 97 Data backup system Data back system is a process of making copies of data, so these copies may be used to restore the original after the data lost or accidental deleted or corrupted as security purpose of e-government service. this will help government to keep track on its service for high reliable and secure. Internet Security Internet security is one of the most important to security measure of online service being providing the government. Internet security is I/S security specifically related to the internet. Government must establish reliable, secure internet to measure to use against attacks, and frauds on the internet. 5.4.5 E-government Application Services A secure e-government has emerged as critical goal of public administration across the world while e-government brings the promise of efficient online services to improve both government as well as delivery of services to the citizens. Nusajaya ICT centre has been successful in implementing e-government projects where large numbers of citizens are utilizing it. To obtain a secure e-government service, is by increasing their productivity as well as their customer’s satisfaction. Some of current government projects are summarized in table 5.5. 98 Table 5.5 Current e-Government Projects Current E-government Project Electronic Services (E-Services Benefits of Secure e-government. 9 Secure E-service enable citizen business to transaction, 9 provides multiple delivery channels 9 Enhanced efficient and effectiveness of government service. Electronic Labor Exchange To get better the recruitment of the state and (ELX) human resource and offer one end centre designed for employment marketplace information. 9 Systematic marketing of job seeker to job vacancy 9 Accurate real time labor market data. E-procurement (Government to Business) 9 Allows government to conduct procurement activities via desktop and online. 9 Make the government to became smart buyers, cost saving to the government and supplier 9 Online submission of supplier and registrations. Human Resource Management Provides interface to government employees to Information System (HRMIS) perform human resources. 9 Facilitate human resource management. 99 Generic Office Environment (GOE) 9 Enable transparency. And timely decision making. 9 Enabling right information to the right people for the right time. e-Syariah Provides effective and quality management of Syariah courts. 9 Speed up judicial process and Syriaha law 9 Facilitate Management of Syraiha low and information hub of Syraiha Court community. Project Monitoring System 9 Monitoring and implementation of development projects 9 Paper less monitoring system. 5.5 User Acceptance Test of the Proposed Model In this section, the respondents were asked three questions. The questions consists three points scale. In this scale, users were asked to rate their acceptance of the proposed model. The respondents’ questions are shown below. 100 Q1 Do you agree to the point that the components of the model are complete? There are several components that make up the proposed model. In order to achieve the purpose of the model, it is important to verify its completeness. The Table 5.6 and Figure 5.2 demonstrate this issue. Table 5.6 Verifying the Completeness of Model Frequency Percent Disagree 0 0 Agree 8 20 Strongly Agree 2 80 10 100.0 Total Figure 5.2 Verifying the Completeness of Model Q2. Do you agree that the components are consistent? You may have possible components that make up your model but another challenge is how to make sure that these are consistent. 101 The consistence is meant the relationship between different components and how they can work together. Table 5.7 and Figure 5.3 show the users’ opinions about consistency of the components. Table 5.7. Verifying the Consistency of the Proposed Model Frequency Percent Disagree 0 0.0 Agree 5 50.0 Strongly Agree 5 50.0 100 100.0 Total Figure5.3 Verifying the Consistency of the Proposed Model Q3. Do you believe that the Proposed Model is beneficial for Nusajaya ICT Centre? Nusajay ICT Centre is taken as a case study for this research. The results of this research should benefit for Nusajaya ICT centre. The users were asked the above questions in order to identify the model is beneficial for Nusajaya ICT centre. 102 Table 5.8 and Figure 5.4 show users’ opinions about the benefits of the model for Nusajaya ICT Centre. Table 5.8 The benefits of the Proposed Model Frequency Percent Agree 1 10.0 Strongly Agree 6 60.0 Total 3 30.0 Figure 5.4 The benefits of the Proposed Model for Nusajaya ICT Centre 103 5.6 Chapter Summary In this chapter, importances of e-government security model were discussed. The first was about the best security approach that can be measured on e-government services. The previous security environment consists of three different environments User Environment, Transport Environment, ICT assets. This needs complete security treatment. The second model gives complete picture about the e-government security model. The researcher presented his own proposal model and the proposed model mainly consist of four parts Users, process, ICT. Security components, the Current Secure E-government Service being provided by the Nusajaya ICT. Lastly User Acceptance Test was conducted to evaluate the model. CHAPTER VI DISCUSSION AND CONCLUSION 6.1 Introduction In this chapter, discussion and conclusion of the research will be discussed. The research was written with objectives of finding an efficient e-government security measurement for Malaysia government. More specifically, the researcher analyzed risks impact and the importance of security approaches in e-government services in terms of achieving organizational and operational performance. The main points this chapter discusses on: i. Achievements ii. Recommendation of how to use the Proposed Model iii. Constraints & Challenges iv. Aspirations. 105 6.2 Achievements After collecting data from secondary data’s such as books, research papers, conference papers, reports, documentations and etc, the concept of e-government service and the importance of security management systems has been clearly identified. The list below will show the main achievements of this research: i. Finding out the basic concept of e-government security requirement, methods and issues regarding to the accessing, interacting with e-government systems and services especially in Nusajaya ICT. ii. Identifying the current risks impact on e-government service delivery in Nusajaya ICT. iii. A survey was conducted for different technical staff members of Nusajay ICT department in Johor Bahru, regarding to the e-government security policy in Malaysia. iv. Finding out the importance of e-government security policy, requirement and techniques which can be used to manage citizen privacy and security in Malaysia. v. Analyzing e-government security models from the literature review and derive a model from them that can be used for protection mechanisms in egovernment service delivery. 106 6.3 Recommendation of How to Use the Proposed Model The model is unique in the comprehensive inclusion of all known security issues in a form that can be used by e-government service security. Using the new model will assist Nusajaya ICT department to achieve the following: i. First the model will introduce to Nusajaya in comprehensive inclusion of known security in form that can be used in e-government. ii. Once the organization fully understand the concept and the concrete realization of the security model. iii. They will achieve the basic rating security complete, level of security expected from government department. iv. They will agree and determine by e-government authority and its affiliates to be set and standardize the model based on discussion and consensus among all participates and e-government security and e-service provisioning. v. Influence the management of the e-government in testing the model and contribute in the validity process. 6.4 Constraints and Challenges While conducting this research, there were some constrains and challenges faced by the researcher. The constraints that the researcher faced during the research are listed below: i. It took a long time to identify and analyze the best security approach of that can solve e-government service delivery problems. 107 ii. The limited time to identify more in-depth research and studying is another challenge to collect the complete information of understanding of the research study area. iii. It is hard to choose respondents of the survey since e-government is confidential and government business. iv. The researcher distributed the survey questionnaires to Nusajaya ICT Centre as whole ICT staff departments and he had reserved an appointment for collection, thus the researcher is not able to classify the category of the Nusajay ICT staffs.( weather they are technical or other staffs). The challenges the researcher faced are listed below: i. Different models from different authors were used in the literature review for reviewing e-government security model. However, it is somehow complicated in deriving a model for e-government security model from them. ii. It is quite challenging in choosing which model is more suitable to use for developing e-government security in Nusajaya ICT Centre and how it will look like? iii. The other challenging thing is that choosing the most appropriate security approach of e-government service model in Nusajaya ICT. 6.5 Aspirations There are some key points that have been achieved during this project research. These achievements include reviewing the literature about the research, identifying models for managing policies, deriving a model from these models, and coming up with the idea of developing e-government service security model for Nusajaya. 108 At the end of research, the achievements of the research that the researcher has done are as follows: i. All the project objectives that have been highlighted in the introduction chapter will be successfully achieved. ii. A good looking e-government security model for Nusajaya ICT Centre will be developed and this will be the model of the research. iii. The proposed e-government service security model for Nusajaya ICT Centre will provide to the full privacy, security, trust and confidentiality to the citizens, government agencies to have an access the government online service through the internet any time and where with no worries. iv. The proposed Model will also help for the Nusajaya ICT Centre to manage user’s privacy and security issues whenever problem happens, this will increase users demand of the services. v. The proposed e-government security model will also provide clear understanding of the security requirement of e-government service delivery. 6.6 Chapter Summary This chapter presented the overall discussion of the research and all the activities that should be completed in research have been discussed. It also discussed the proposed e-government service security model in Nusajaya ICT Centre for better achieving citizen’s privacy, security and trust on e-government service. 109 REFERENCES Celik, M. U., Sharma, G. and Tekalp, A.M. (2004).Collusion-Resilient Fingerprinting by Random Pre-warping.Signal Processing Letters, 11(10), 826830. Chopra K. Wallace W. A. (2003). Trust in electronic environments. In 36th AnnualHawaii International Conference on System Sciences (HICSS'03), pages 331-340, BigIsland,Hawaii. Clark (2003).Managing the transformation to e-government: An Australian perspective(Article published online: 27 Jun2003 DOI: 10.1002/tie.10087. Edwin Lua(2003). Challenges for e-government Development 5Th Global Forum on Reinenting Government. Mexico City. Gilbert D., Balestrini P. and Littleboy D. (2004).Barriers and benefits in the adoption of e-government.The International Journal of Public Sector Management,17(4):286-3. Gresham, M. T. and Andrulis, J. (2002). Operational efficiency and organizational effectiveness: IBM Institute for Business Value executive brief in association withRobert H. Smith School of Business, University of Maryland. (p. 1-4). Herodotus. (1992).Maintaining Information Security in E-Government through Steganology. The Histories, London, PA: J. M. Dent & Sons Ltd. Higgins, H. N. (1999). Corporate system security: towards an integrated management approach. Information Management and Computer Security,7(5): 217-222. 110 J Pascual, P. (2003). E-government UNDP e-Asia Pacific Development information program (UNDP-APDIP). R. C. Bangkok. Bangkok. 08: 101. J Pascual, P. (2003).E-government-Asian –Pacific Development Information Program.(E-ASEAN TASK FORCE (UNDP-APDIP). Access from http://www.apdip.net/publications/iespprimers/eprimer-egov.pdf J. Satyanarayana (2004). E-government: The science of the possible. New Delhi, Prentice-HallPrivate. Jennifer O’Neill (2000) Introduction to e-Government Archive Technical Information Series, #158. Kaur (2003).Malaysian e-government Implementation Framework. (Accessed from http://www.mendeley.com/research/malaysian-egovernment-implementationframework). Kertesz(2003).E-government Effectiveness and E-taxation.No. 31E/2010 pp. 48-57. Leedy, P. D., and Ormrod, J. E. (2001). Practical Research: Planning and design (8th ed.). Upper Saddle River, NJ: Prentice Hall. Markus Kahn. Information (1995) Steganology.Mailing List, 5 Security July in E-Government 1995. through Accessed from http://www.petitcolas.net/fabien/stegnography/mailing.list.html Mercuri R.T. (2005). Trusting in Transparency.Communications of the ACM, 48(5):1519. Mitchell E. Daniels (2003). E-Government Strategy Implementing the President's Management Agenda for E-Government. Morse, Michael Barrett, Maria Mayan, Karin Olson, Jude Spiers(1994).Verification Strategies for Establishing Research.International Reliability Journal of and Validity in Qualitative Qualitative Methods Volume: 1, Issue: 2, Pages: 13-22. O’Harr, R. (2004).No Place to Hide. New York: Free Press. OECD (2003).The e in e-government.Organizations for Economic Co-operation and Development.The OECD Observer, Sep 2003(239):45. Patton, M.A. and Josang, A. (2004).Technologies for Trust in E-commerce. Electronic Commerce Research, 4(1-2):9-21. 111 Su, J. K., Eggers, J. J. and Girod, B. (2000).Capacity of Digital Watermarks Subjected to an Optimal Collusion Attack. Proceedings of European Signal.Publications of Joachim Eggers. Tassabehji, R., 2005(a). Information Security Threats.Encyclopedia of MultimediTechnology and Networking, Pagani, M. Ed.pp.404-410.Idea Group Reference. Trappe, W., Wu, M., Wang, Z. J., and Liu, K. J. R. (2003).AntiCollusionFingerprinting for Multimedia. IEEE Transactions on Signal Processing, 51(4), 1069– 1087. Weirich, D. and M. A. Sasse(2002).Pretty Good Persuasion: A first step towards effective password security in the real world. ACM/SIGSAC New Security Paradigms Workshop, New Mexico. West. D. M. (2004)Maintaining Information Security in E-Government through Steganology.Global E-Government, 2004 Full Report.Accessed from http://www.insidepolitics.org/e-govt04int.html. Yousafzai,S., Pallister, J.G. and Foxall, G.R., (2005). Strategies for Building and Communicating Trust in Electronic Banking: A Field Experiment. Psychology & Marketing, 22(2):181-202. Zhang Chongbin, 2002. The Application of Information Security Technology in EGovernment System Netinfo Security. No.9. 45-46. (In Chinese). 112 APPENDIX A GAINT CHART 113 APPENDIX B SAMPLE OF SURVEY Dear Respondents. I’m Doing Master’s thesis in IT Management under FSKSM, University Technology Malaysia (UTM). The purpose of survey is to identify risk, and importance of security in eGovernment services. So your responses will play great role of building egovernment service security Model. This survey is divided into three sections. x x x Section A: Demography of Respondent. Section B: Identifying risk, and importance of security in e-government services. Section C: Recommendation of e-government security service. All your valuable information is confidential and can only be used for this research, please take few minutes for these questions, “Thanks you” for your co-operations Supervisor: Assoc.Prof. Dr Othman Bin Ibrahim Department of Information Systems Faculty of Computer Science and Information Systems 81310 UTM Skudai, Johor, Malaysia Tel: +601-27477698 Email: othmanibrahim@utm.my Jama Mohamed Jama Master Candidate Faculty of Computer Science and Information Systems, 81310 UTM Skudai, Johor, Malaysia Tel: +6017-3150783 Email: gooraf88@yahoo.com 114 Section A. Respondent profile 1. Gender:Male 2. Age Female 18-25 26-30 more than 30 3. How long have you been using e-government service delivery, such as E-paymentcommerce, e-business, health and education? ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Section B: Identifying risk, and importance of security in e-government service Definition: E-government security is considered one of the crucial factors for achieving advanced stage of e-government. As the number of e-government services introduced to the user increases, a higher level of e-government security is required. 1. Which of the following are sever risk to the e-government services delivery? Risk of e-government Rate of appropriation 1= Less important 5= More important 1 Hacking : Cyber attacks: Internet worm accident Service denial Viruses 2 3 4 5 115 2. Which of the following is cyber crime against ICT assets? Cyber crime against ICT Assets Rate of appropriation 1= Less important 5= More important 1 2 3 4 5 Theft of resources (data and information) Fraud and Swindle Blackmailing and cyber extortion An authorized or illicit system access 3. Which of the following are cyber crime against government institution and states? Cyber crime against ICT Assets Rate of appropriation 1= Less important 1 2 Hacking government websites Cyber threat against States Information warfare Hacking critical websites Environmental Risk 5= More important 3 4 5 116 4. Which one the of the following security management component are the most appropriate for e-government services? Activity Password Digital Identity Token Biometric Device Access control Egovernme nt Gateway Description An arbitrary string of characters chosen by a user or {system administrator} and used to authenticate the user when he attempts to log on, in order to prevent unauthorized access to his account Digital identity is the network or internet that equivalent to the real identity of the person. when used for identification in connections or transaction Biometric are automated methods of recognizing a person based on physiological or behavioral characteristics among the features measured are, face, figure print, hand geometric, hand writing, iris, and retinal. Network Access Control (NAC) is a computer networking solution that uses a set of protocols to define and implement a policy that describes how to secure access to a network nodes by devices when they initially attempt to access the network Provides an infrastructure whereby the citizens can have secure access to the information and services they need. Through this platform, where ID verification will be done through password and e-signature and the privacy of personal information will be protected, . Rate of appropriation 1= Less important 5= More important 1 2 3 4 5 117 5. How important are the following security components and activities of e-government? Security component Description A firewall is a part of a Network computer system or network that firewall is designed to block unauthorized access while permitting authorized communications NID is an intrusion detection Network system that tries to detect Intrusion malicious activity such as denial detection( of service attacks; port scans or alerting or even attempts to crack into alarming computers by monitoring network traffic Network Access Control (NAC) Network Access is a computer networking control solution that uses a set of protocols to define and implement a policy that describes how to secure access to a network node by devices when they initially attempt to access the network. Server & work Workstation Security offers Station security proven, workstation PC monitoring and surveillance software to protect vulnerable endpoints accessing your corporate network or even your desktop PC. Perfect for monitoring employees in your workplace Antivirus systems Software that is used to prevent, detect, and remove malware, including computer viruses, worms, Trojan.etc . Rate of appropriation 1= Less important 5= More important 1 2 3 4 5 118 6. .Which of the following security technology does your organization use? Security technology of e-government services Rate of appropriation 1= Less important 5= More important 1 2 3 4 5 Data Backup systems Encryption methods User Security ID management Internet Security IDS/A and other detections . 119 7. Other E-government service security issues and methods, Please describe ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 8. In your opinion, how important are state government security measure on their website? E-government security measures on their websites Rate of appropriation 1= Less important 5= More important 1 2 3 4 5 Privacy policy being presented on e-government sites Authentication Log in to protect account privacy Encryption using SSL encryption to protect data transmission Monitoring using software program to monitor traffic Delivers best practices security right out of the box . 120 9. Do you believe that Malaysia has utilized other technology y of E-government Security services? Yes No - if no, skip to 10. Any comments relating technologies for e-government service security? ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Thanks you” for your co-operations --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Thank you for your cooperation ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ “Thank you” 121 APPENDIX C SAMPLE OF QUESTIONNARIES User Acceptance Test: User Acceptance Test was conducted in order to evaluate the validity of the new proposed Model. So, respondent of Nusajay ICT Centre were requested to answer these questions below. Respondent profile: 1. Gender: Male Female Q1 Do you agree to the point that the components of the model are complete? Disagree Agree strongly agree Q2 Do you agree that the component of the model is consistent? Disagree Agree strongly agree Q3 Do you agree that the proposed model is beneficiary for Nusajaya ICT Centre? Disagree Agree strongly agree “Thank you”