Transcription of E-Governance: Information Security Issues
1 International Conference on Computer Science and Information Technology (ICCSIT'2011) Pattaya Dec. 2011. E-Governance: Information Security Issues Shailendra Singh Member, IEEE; D. Singh Karaulia to transform the efficiency, effectiveness, transparency and Abstract The rise of e-government has been one of the most accountability of informational and transactional exchanges striking developments of the web. As the Internet supported digital with in government, between government and government communities evolve, and assuming that they do indeed grow to agencies of National, State, Municipal and Local levels, incorporate individuals around the country (and globe), they citizen & businesses and to empower citizens through present the national governments with a number of challenges and access and use of Information .
2 "e-government" or electronic opportunities. In an e-government project, a substantial amount of documentation is done like maintenance of land records, police government refers to the use of Information and records and so on. Each department is critical so that only Communication Technologies (ICTs) by government authorized people get into the network and access the Information . agencies for any or all of the following reasons: An understanding of the Information Security technology and the need for its implementation is key for safer, secured and smooth Speedier and more efficient delivery of public functioning of e-governance undertaking. services Improving internal efficiency Keywords- E-Government, Information Security Technology.
3 Exchange of Information with citizens, businesses or other government departments I. INTRODUCTION Reducing costs or increasing revenue Re-structuring of administrative processes G LOBAL shifts towards increased deployment of IT by governments emerged in the nineties, with the advent of the World Wide Web. The technology as well as e- There are similarly endless ways to utilize Information governance initiatives have come a long way since then. and communication technologies to provide efficient and With the increase in Internet and mobile connections, the transparent solutions to citizens without Security threats. citizens are learning to exploit their new mode of access in wide ranging ways.
4 They have started expecting more and II. Information Security . more Information and services online from governments and Any e-governance initiative will remain venerable to corporate organizations to further their civic, professional Security breaches in absence of a well articulated Security and personal lives, thus creating abundant evidence that the policy. Information Security Policies are the cornerstone of new e-citizenship is taking hold. While the emphasis has Information Security effectiveness. The Security Policy is been primarily on automation and computerization, state intended to define what is expected from an organization governments have also endeavored to use ICT tools into with respect to Security of Information Systems.
5 The overall connectivity, networking, setting up systems for processing objective is to control or guide human behavior in an Information and delivering services. At a micro level, this attempt to reduce the risk to Information assets by accidental has ranged from IT automation in individual departments, or deliberate actions. Information Security policies underpin electronic file handling and workflow systems, access to the Security and well being of Information resources. They entitlements, public grievance systems, service delivery for are the foundation, the bottom line, of Information Security high volume routine transactions such as payment of bills, within an organization.
6 In an organization, having the right tax dues to meeting poverty alleviation goals through the Information at the right time can make the difference promotion of entrepreneurial models and provision of between success, and failure. Data Security will help the market Information . The thrust has varied across initiatives, user to control and secure Information from, inadvertent or with some focusing on enabling the citizen-state interface malicious changes and deletions or unauthorized disclosure. for various government services, and others focusing on There are three aspects of data Security : bettering livelihoods. Every state government has taken the Confidentiality: refers to protection of Information from initiative to form an IT task force to outline IT policy unauthorized disclosure to the press or to release document for the state and the citizen charters have started through improper disposal techniques, or to those who are appearing on government websites.
7 The term e-government not entitled to have the same. [1] is of recent origin and there exists no standard definition Integrity: is about protecting Information from since the conceptual understanding is still evolving. The unauthorized modification, and ensuring that Information , generally accepted definition is: E-governance is the such as a beneficiary list, can be relied upon and is accurate application of Information & communication technologies and complete. Availability: is to ensure that the Information is available Shailendra Singh is with the National Institute of Technical Teachers' when it is required. Training and Research, Bhopal, India (Phone: +91-755-2661600-395; fax: +91-755-2661996; e-mail: ).
8 Thus, three basic Security concepts, important to Karaulia, National Institute of Technical Teachers' Training Information on the Internet are confidentiality, integrity, and and Research, Bhopal, India (e-mail: availability. When Information is read or copied by someone 120. International Conference on Computer Science and Information Technology (ICCSIT'2011) Pattaya Dec. 2011. not authorized to do so, the result is known as loss of software tool, an individual seeking personal gain, or a paid confidentiality. For some types of Information , spy seeking Information for the economic advantage of a confidentiality is a very important attribute. Examples corporation or foreign country.)
9 An incident may also be include research data, medical and insurance records and caused by a disgruntled former employee or a consultant government investment strategies. In some locations, there who gained network Information while working with a may be a legal obligation to protect the privacy of company. An intruder may seek entertainment, intellectual individuals. This is particularly true for banks and loan challenge, a sense of power, political attention, or financial companies; debt collectors; businesses that extend credit to gain. Thus, the networks providing data to the end users of their customers or issue credit cards; hospitals, doctors' the e-Government remain vulnerable to variety of threats offices, and medical testing laboratories; individuals or such as packet sniffing, probing etc.
10 Agencies that offer services such as psychological counseling or drug treatment; and agencies that collect A. Packet Sniffer taxes. Information can be corrupted when it is available on an insecure network. A packet sniffer, sometimes referred to as a network When Information is modified in unexpected ways, the monitor or network analyzer, can be used legitimately by a result is known as loss of integrity. This means that network or system administrator to monitor and unauthorized changes are made to Information , whether by troubleshoot network traffic. Using the Information captured human error or intentional tampering. Integrity is by the packet sniffer an administrator can identify erroneous particularly important for critical safety and financial data packets and use the data to pinpoint bottlenecks and help used for activities such as electronic funds transfers, air maintain efficient network data transmission.
