e-government Agency Delivering Secure, Public-Oriented e-government Facilities in Africa A Holistic Approach

Transcription

1 THE UNITED REPUBLIC OF TANZANIA President s office, Public Service Management e-government Agency Delivering Secure, Public-Oriented e-government Facilities in Africa A Holistic Approach Dr. Jabiri Kuwe Bakari Bsc. Computer Sc., Msc. (Eng.) Data comm., PhD. (CEO) e-government Agency (ega) 1

2 Agenda 1. Introduction 2. e-government Facilities in a Nutshell 3. Delivering Secure, Public-Oriented e-government Facilities 4. Issues and Challenges - African perspective 5. Suggestions to Address the Challenges 6. Conclusion

3 e-government Introduction The use of ICT, and particularly the internet, as a tool to achieve better government. The process involves people, hardware (computers, networks gadgets), software (operating systems and application systems) and systems (combination of hardware, software and people). The arrangement requires reliable and secure communication infrastructure to facilitate exchange of information, skilled staff and presence of appropriate e- legislations e-government Facilities These are general systems and components needed to create the necessary e- government offerings, such as software, hardware, infrastructure and other e- services platforms. ICT/e-Government Security The protection of information systems against unauthorised access to or modification of information, whether in storage, processing or transit, and against the denial of or absence of service to authorised user or the provision of service to unauthorised users, including those measures necessary to detect, document, and counter such threats. It covers information, infrastructure, processes, systems, services and technology.

4 e-government in a Nutshell Public getting various services through Various platform/ service providers / operators Public services available through Various platform/service providers Private Cloud Use of Shared resources, systems, Data centres, secured infrastructure etc Infor. System in Various Public Institutions 1-Secured information systems within The public institutions 2 Secured infrastructure between the public institutions e-government Agency

5 e-government Facilities in a Nutshell Applications Operating system Hardware Ethical/Culture Legal/Contractual Administrational Managerial Operational Procedural Mechanical/Electronic Store Process Collect Database (Various business records etc. ) Communi cate Software (Operating systems, Application software) set of instructions ICT egov Private Cloud Communi cate Ethical/Culture Legal/Contractual Administrational Managerial Operational Procedural Mechanical/Electronic Store Process Collect Database (Various business records etc. ) Applications Operating system Hardware Valuable asset of public Institution-Information Valuable asset of Public 5 institution -Information It is about business processes, enabled by ICT, taking place within and between different public institutions It is about collecting, processing, storing and exchanging information within and between different public institutions

6 Information security is about protection of ICT assets/resources in terms of Confidentiality, Integrity and Availability (information and services) Authorised user abusing his/her privileges e.g. Disgruntled staff Delivering secure, public-oriented e-government facilities Ethical/Culture Legal/Contractual Malicious software (Virus, worm or denial-of-service attack, Backdoors, salami attacks, spyware, etc.) can be introduced here! Ethical/Culture Legal/Contractual Holistic Approach required Administrational Managerial Operational Procedural Administrational Managerial Operational Procedural Mechanical/Electronic Mechanical/Electronic Applications Operating system Hardware Store Process Collect Communi cate Communi cate Store Process Collect Applications Operating system Hardware Database (Various business records etc. ) Valuable asset of the public institutions-information Physical security of the hardware Database (Various business records etc. ) 6 Valuable asset of the Public institutions -Information

7 Issues and Challenges 1. Cultural and Ethical Challenges User behaviour - Culture of sharing Unethical behaviour, 2. Legal Challenges Lack of Legal framework necessary to avail e- government services to citizenry 7

8 Issues and Challenges 3.Administrative and Managerial Challenges Existence of perception gap between the decision makers and technical staff on ICT security. Thus, difficult in getting Strategic Management's Backing. Inadequacy of well structured ICT departments/units, with appropriate skills and strategically positioned within public institutions. Lack of competent and vetted human resource to effectively deal with ICT security. Inadequate collaboration between the ICT departments in public institutions and the e- Government entity Acquisition of e-government solutions which are not derived from institutions requirement (vendor driven) 8

9 Issues and Challenges 4) Operational Procedure Challenges Absence of ICT security policies, standards and guidelines both at national and organizational levels 5) Technical Issues Software, hardware and network vulnerabilities coupled with Inadequate management, control and maintenance of ICT E-Government systems not integrated exchange of information between one system and another system is facilitated by user 9

10 Suggestions to address the Challenges At a Strategic Level Knowing and acknowledging the problem/ issue Bridging the gap between decision makers and technical staff ICT security concerns should be addressed in the initial planning of e-government initiatives Formulating ICT Security strategies at national and organizational levels ICT security challenges should not be dealt in isolation, instead holistic approach is required. Putting in place coherent legal and regulatory frameworks - Whole process of e-government need to be guided by sound legal and regulatory environment.

11 Suggestions to address the Challenges At Tactical and Operational Level HR: Involving skilled and ethical personnel during acquisition, installation and operationalization of e- government Capacity building and awareness raising Implementing ICT Security strategies at national and organizational levels Use Standards and Best Practices

12 A Holistic Approach for Managing ICT Security in Organisations Presented in a book: ISBN Nr The Environment The Organisation Standards and Best Practises The Organisation s structure Strategic (Top) Management s Backing (GL-01) Technical Management's Backing (GL-02) INTRODUCTION OF ICT SECURITY MANAGEMENT PROCESS (INITIALISATION) Form Project Team & Plan (GL-03) Quick Scan (GL-04) General Management s attention & Backing (GL-05) Review/Audit ICT Security (GL-06) Awareness & Backing of General staff (GL-07) Risk Assessment/ Analysis (GL-08) Maintenance (Monitor the Progress) (GL-12) Mitigation Planning (GL-09) Develop Counter Measures (GL-10) Operationalisation (ICT Security Policy, Services & Mechanisms) (GL-11) The Organisation s culture & behaviour Public infrastructures INTERNALISED & CONTINUOUS PROCESS The Organisation s goal & services Stakeholders 12

13 Each process maps the Holistic View of the security challenge Holistic view of ICT Security Problem (SBC) Ethical/Culture Legal/Contractual Administrational Managerial Social Process (GL - X) Operational Procedural People Users Mechanical/Electronic Applications Operating system Hardware Store Process Collect Commu nicate Technical Database (Various business records etc. ) Valuable asset- Information

14 A holistic approach for managing ICT security is required for public-oriented e- Government facilities to be secure! This is a technical problem Holistic view of ICT Security Problem (SBC) Ethical/Culture General Management This is a business Problem Legal/Contractual Administrational Managerial Social Operational Procedural Users Perception Problem People Lets have the best Firewall, Antivirus etc. General Management Depending on organisation structure - The general management team may comprise of CEO, Assistant to CEO, All Directors, and all CXOs from major units which are not Directorates Mechanical/Electronic Applications Operating system Hardware Store Process Collect Commu nicate Technical Database (Financial, customer records etc. ) IT managers & Security Personnel Valuable asset- Information

15 END Thank You for Listening 15