Enviar pesquisa
Carregar
E gov security_tut_session_1
•
1 gostou
•
630 visualizações
Mustafa Jarrar
Seguir
Educação
Tecnologia
Denunciar
Compartilhar
Denunciar
Compartilhar
1 de 62
Baixar agora
Baixar para ler offline
Recomendados
Cert adli wahid_iisf2011
Cert adli wahid_iisf2011
Directorate of Information Security | Ditjen Aptika
101 Basic concepts of information security
101 Basic concepts of information security
SsendiSamuel
CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]
CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]
APNIC
CERT Certification
CERT Certification
Conferencias FIST
Ch01 Introduction to Security
Ch01 Introduction to Security
Information Technology
Applying the nist framework to transportation systems mod 1 nhi instructor de...
Applying the nist framework to transportation systems mod 1 nhi instructor de...
raymurphy9533
Noah Maina: Computer Emergency Response Team (CERT)
Noah Maina: Computer Emergency Response Team (CERT)
Hamisi Kibonde
GUL Network Infrastructure
GUL Network Infrastructure
Muhammad Zeeshan
Recomendados
Cert adli wahid_iisf2011
Cert adli wahid_iisf2011
Directorate of Information Security | Ditjen Aptika
101 Basic concepts of information security
101 Basic concepts of information security
SsendiSamuel
CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]
CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]
APNIC
CERT Certification
CERT Certification
Conferencias FIST
Ch01 Introduction to Security
Ch01 Introduction to Security
Information Technology
Applying the nist framework to transportation systems mod 1 nhi instructor de...
Applying the nist framework to transportation systems mod 1 nhi instructor de...
raymurphy9533
Noah Maina: Computer Emergency Response Team (CERT)
Noah Maina: Computer Emergency Response Team (CERT)
Hamisi Kibonde
GUL Network Infrastructure
GUL Network Infrastructure
Muhammad Zeeshan
National cyber security policy final
National cyber security policy final
Indian Air Force
مشروع الامن السيبراني
مشروع الامن السيبراني
meshalalmrwani
CTO Cybersecurity Forum 2013 Pierre Dandjinou Promoting Cybersecurity in Africa
CTO Cybersecurity Forum 2013 Pierre Dandjinou Promoting Cybersecurity in Africa
Commonwealth Telecommunications Organisation
Cybercrime Bill 2014: Due Diligence
Cybercrime Bill 2014: Due Diligence
Shiva Bissessar
Ethics and information security 2
Ethics and information security 2
PT Bank Syariah Mandiri
Cybersecurity and data privacy
Cybersecurity and data privacy
Katherine Cancelado
Its not ITs problem
Its not ITs problem
Shiva Bissessar
Chapter2 the need to security
Chapter2 the need to security
Dhani Ahmad
The Ultimate Guide To Cyber Security Certifications
The Ultimate Guide To Cyber Security Certifications
Mercury Solutions Limited
Overview of Information Security & Privacy
Overview of Information Security & Privacy
Nawanan Theera-Ampornpunt
Cisco ccna security
Cisco ccna security
Mt Mostafa
Information security
Information security
avinashbalakrishnan2
A network security policy group project unit 4 (1) july 2015
A network security policy group project unit 4 (1) july 2015
Jeffery Brown
Deep Learning for Cybersecurity Innovation Insights from Patents
Deep Learning for Cybersecurity Innovation Insights from Patents
Alex G. Lee, Ph.D. Esq. CLP
E gov security_tut_session_9
E gov security_tut_session_9
Mustafa Jarrar
Cyber defence sebagai garda terdepan ketahanan nasional
Cyber defence sebagai garda terdepan ketahanan nasional
Edi Suryadi
National policy and strategy
National policy and strategy
Bright Boateng
Cyber security # Lec 1
Cyber security # Lec 1
Kabul Education University
CCNA Security - Chapter 1
CCNA Security - Chapter 1
Irsandi Hasan
information security
information security
university of karachi
Pal gov.tutorial6.session3.introduction to ict and e government
Pal gov.tutorial6.session3.introduction to ict and e government
Mustafa Jarrar
E gov security_tut_session_12
E gov security_tut_session_12
Mustafa Jarrar
Mais conteúdo relacionado
Mais procurados
National cyber security policy final
National cyber security policy final
Indian Air Force
مشروع الامن السيبراني
مشروع الامن السيبراني
meshalalmrwani
CTO Cybersecurity Forum 2013 Pierre Dandjinou Promoting Cybersecurity in Africa
CTO Cybersecurity Forum 2013 Pierre Dandjinou Promoting Cybersecurity in Africa
Commonwealth Telecommunications Organisation
Cybercrime Bill 2014: Due Diligence
Cybercrime Bill 2014: Due Diligence
Shiva Bissessar
Ethics and information security 2
Ethics and information security 2
PT Bank Syariah Mandiri
Cybersecurity and data privacy
Cybersecurity and data privacy
Katherine Cancelado
Its not ITs problem
Its not ITs problem
Shiva Bissessar
Chapter2 the need to security
Chapter2 the need to security
Dhani Ahmad
The Ultimate Guide To Cyber Security Certifications
The Ultimate Guide To Cyber Security Certifications
Mercury Solutions Limited
Overview of Information Security & Privacy
Overview of Information Security & Privacy
Nawanan Theera-Ampornpunt
Cisco ccna security
Cisco ccna security
Mt Mostafa
Information security
Information security
avinashbalakrishnan2
A network security policy group project unit 4 (1) july 2015
A network security policy group project unit 4 (1) july 2015
Jeffery Brown
Deep Learning for Cybersecurity Innovation Insights from Patents
Deep Learning for Cybersecurity Innovation Insights from Patents
Alex G. Lee, Ph.D. Esq. CLP
E gov security_tut_session_9
E gov security_tut_session_9
Mustafa Jarrar
Cyber defence sebagai garda terdepan ketahanan nasional
Cyber defence sebagai garda terdepan ketahanan nasional
Edi Suryadi
National policy and strategy
National policy and strategy
Bright Boateng
Cyber security # Lec 1
Cyber security # Lec 1
Kabul Education University
CCNA Security - Chapter 1
CCNA Security - Chapter 1
Irsandi Hasan
information security
information security
university of karachi
Mais procurados
(20)
National cyber security policy final
National cyber security policy final
مشروع الامن السيبراني
مشروع الامن السيبراني
CTO Cybersecurity Forum 2013 Pierre Dandjinou Promoting Cybersecurity in Africa
CTO Cybersecurity Forum 2013 Pierre Dandjinou Promoting Cybersecurity in Africa
Cybercrime Bill 2014: Due Diligence
Cybercrime Bill 2014: Due Diligence
Ethics and information security 2
Ethics and information security 2
Cybersecurity and data privacy
Cybersecurity and data privacy
Its not ITs problem
Its not ITs problem
Chapter2 the need to security
Chapter2 the need to security
The Ultimate Guide To Cyber Security Certifications
The Ultimate Guide To Cyber Security Certifications
Overview of Information Security & Privacy
Overview of Information Security & Privacy
Cisco ccna security
Cisco ccna security
Information security
Information security
A network security policy group project unit 4 (1) july 2015
A network security policy group project unit 4 (1) july 2015
Deep Learning for Cybersecurity Innovation Insights from Patents
Deep Learning for Cybersecurity Innovation Insights from Patents
E gov security_tut_session_9
E gov security_tut_session_9
Cyber defence sebagai garda terdepan ketahanan nasional
Cyber defence sebagai garda terdepan ketahanan nasional
National policy and strategy
National policy and strategy
Cyber security # Lec 1
Cyber security # Lec 1
CCNA Security - Chapter 1
CCNA Security - Chapter 1
information security
information security
Semelhante a E gov security_tut_session_1
Pal gov.tutorial6.session3.introduction to ict and e government
Pal gov.tutorial6.session3.introduction to ict and e government
Mustafa Jarrar
E gov security_tut_session_12
E gov security_tut_session_12
Mustafa Jarrar
Pal gov.tutorial6.session0.outline
Pal gov.tutorial6.session0.outline
Mustafa Jarrar
Pal gov.tutorial6.session5.privacy and data protection
Pal gov.tutorial6.session5.privacy and data protection
Mustafa Jarrar
Chapter 1 introduction(web security)
Chapter 1 introduction(web security)
Kirti Ahirrao
E gov security_tut_session_3
E gov security_tut_session_3
Mustafa Jarrar
Cyber security general perspective a
Cyber security general perspective a
marukanda
ICION 2016 - Cyber Security Governance
ICION 2016 - Cyber Security Governance
Charles Lim
NGN integrated information security v3 DetikNas
NGN integrated information security v3 DetikNas
Emyana Ruth
NEC-IBM_Event_093015
NEC-IBM_Event_093015
Alexis Bernardino
THE GOOD SEED DROP-IN, Website - (goodseedcdc.org) MISSION.docx
THE GOOD SEED DROP-IN, Website - (goodseedcdc.org) MISSION.docx
rtodd33
Migrating Critical Applications to the Cloud - isaca seattle - sanitized
Migrating Critical Applications to the Cloud - isaca seattle - sanitized
UnifyCloud
Migrating Critical Applications To The Cloud - ISACA Seattle - Sanitized
Migrating Critical Applications To The Cloud - ISACA Seattle - Sanitized
Norm Barber
E gov security_tut_session_0
E gov security_tut_session_0
Mustafa Jarrar
E gov security_tut_session_8_lab
E gov security_tut_session_8_lab
Mustafa Jarrar
5G Wireless Security Training : Tonex Training
5G Wireless Security Training : Tonex Training
Bryan Len
Creating a Culture of Security
Creating a Culture of Security
TechSoup
Cybersecurity and continuous intelligence
Cybersecurity and continuous intelligence
NISIInstituut
IoT Security and Privacy Considerations
IoT Security and Privacy Considerations
Kenny Huang Ph.D.
Ethiopia reba paper
Ethiopia reba paper
Wesen Tegegne
Semelhante a E gov security_tut_session_1
(20)
Pal gov.tutorial6.session3.introduction to ict and e government
Pal gov.tutorial6.session3.introduction to ict and e government
E gov security_tut_session_12
E gov security_tut_session_12
Pal gov.tutorial6.session0.outline
Pal gov.tutorial6.session0.outline
Pal gov.tutorial6.session5.privacy and data protection
Pal gov.tutorial6.session5.privacy and data protection
Chapter 1 introduction(web security)
Chapter 1 introduction(web security)
E gov security_tut_session_3
E gov security_tut_session_3
Cyber security general perspective a
Cyber security general perspective a
ICION 2016 - Cyber Security Governance
ICION 2016 - Cyber Security Governance
NGN integrated information security v3 DetikNas
NGN integrated information security v3 DetikNas
NEC-IBM_Event_093015
NEC-IBM_Event_093015
THE GOOD SEED DROP-IN, Website - (goodseedcdc.org) MISSION.docx
THE GOOD SEED DROP-IN, Website - (goodseedcdc.org) MISSION.docx
Migrating Critical Applications to the Cloud - isaca seattle - sanitized
Migrating Critical Applications to the Cloud - isaca seattle - sanitized
Migrating Critical Applications To The Cloud - ISACA Seattle - Sanitized
Migrating Critical Applications To The Cloud - ISACA Seattle - Sanitized
E gov security_tut_session_0
E gov security_tut_session_0
E gov security_tut_session_8_lab
E gov security_tut_session_8_lab
5G Wireless Security Training : Tonex Training
5G Wireless Security Training : Tonex Training
Creating a Culture of Security
Creating a Culture of Security
Cybersecurity and continuous intelligence
Cybersecurity and continuous intelligence
IoT Security and Privacy Considerations
IoT Security and Privacy Considerations
Ethiopia reba paper
Ethiopia reba paper
Mais de Mustafa Jarrar
Clustering Arabic Tweets for Sentiment Analysis
Clustering Arabic Tweets for Sentiment Analysis
Mustafa Jarrar
Classifying Processes and Basic Formal Ontology
Classifying Processes and Basic Formal Ontology
Mustafa Jarrar
Discrete Mathematics Course Outline
Discrete Mathematics Course Outline
Mustafa Jarrar
Business Process Implementation
Business Process Implementation
Mustafa Jarrar
Business Process Design and Re-engineering
Business Process Design and Re-engineering
Mustafa Jarrar
BPMN 2.0 Analytical Constructs
BPMN 2.0 Analytical Constructs
Mustafa Jarrar
BPMN 2.0 Descriptive Constructs
BPMN 2.0 Descriptive Constructs
Mustafa Jarrar
Introduction to Business Process Management
Introduction to Business Process Management
Mustafa Jarrar
Customer Complaint Ontology
Customer Complaint Ontology
Mustafa Jarrar
Subset, Equality, and Exclusion Rules
Subset, Equality, and Exclusion Rules
Mustafa Jarrar
Schema Modularization in ORM
Schema Modularization in ORM
Mustafa Jarrar
On Computer Science Trends and Priorities in Palestine
On Computer Science Trends and Priorities in Palestine
Mustafa Jarrar
Lessons from Class Recording & Publishing of Eight Online Courses
Lessons from Class Recording & Publishing of Eight Online Courses
Mustafa Jarrar
Presentation curras paper-emnlp2014-final
Presentation curras paper-emnlp2014-final
Mustafa Jarrar
Jarrar: Future Internet in Horizon 2020 Calls
Jarrar: Future Internet in Horizon 2020 Calls
Mustafa Jarrar
Habash: Arabic Natural Language Processing
Habash: Arabic Natural Language Processing
Mustafa Jarrar
Adnan: Introduction to Natural Language Processing
Adnan: Introduction to Natural Language Processing
Mustafa Jarrar
Riestra: How to Design and engineer Competitive Horizon 2020 Proposals
Riestra: How to Design and engineer Competitive Horizon 2020 Proposals
Mustafa Jarrar
Bouquet: SIERA Workshop on The Pillars of Horizon2020
Bouquet: SIERA Workshop on The Pillars of Horizon2020
Mustafa Jarrar
Jarrar: Sparql Project
Jarrar: Sparql Project
Mustafa Jarrar
Mais de Mustafa Jarrar
(20)
Clustering Arabic Tweets for Sentiment Analysis
Clustering Arabic Tweets for Sentiment Analysis
Classifying Processes and Basic Formal Ontology
Classifying Processes and Basic Formal Ontology
Discrete Mathematics Course Outline
Discrete Mathematics Course Outline
Business Process Implementation
Business Process Implementation
Business Process Design and Re-engineering
Business Process Design and Re-engineering
BPMN 2.0 Analytical Constructs
BPMN 2.0 Analytical Constructs
BPMN 2.0 Descriptive Constructs
BPMN 2.0 Descriptive Constructs
Introduction to Business Process Management
Introduction to Business Process Management
Customer Complaint Ontology
Customer Complaint Ontology
Subset, Equality, and Exclusion Rules
Subset, Equality, and Exclusion Rules
Schema Modularization in ORM
Schema Modularization in ORM
On Computer Science Trends and Priorities in Palestine
On Computer Science Trends and Priorities in Palestine
Lessons from Class Recording & Publishing of Eight Online Courses
Lessons from Class Recording & Publishing of Eight Online Courses
Presentation curras paper-emnlp2014-final
Presentation curras paper-emnlp2014-final
Jarrar: Future Internet in Horizon 2020 Calls
Jarrar: Future Internet in Horizon 2020 Calls
Habash: Arabic Natural Language Processing
Habash: Arabic Natural Language Processing
Adnan: Introduction to Natural Language Processing
Adnan: Introduction to Natural Language Processing
Riestra: How to Design and engineer Competitive Horizon 2020 Proposals
Riestra: How to Design and engineer Competitive Horizon 2020 Proposals
Bouquet: SIERA Workshop on The Pillars of Horizon2020
Bouquet: SIERA Workshop on The Pillars of Horizon2020
Jarrar: Sparql Project
Jarrar: Sparql Project
Último
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdf
chloefrazer622
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
National Information Standards Organization (NISO)
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot Graph
Thiyagu K
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdf
Jayanti Pande
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The Basics
TechSoup
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
TechSoup
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3
JemimahLaneBuaron
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Krashi Coaching
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
EduSkills OECD
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
GeoBlogs
The byproduct of sericulture in different industries.pptx
The byproduct of sericulture in different industries.pptx
Shobhayan Kirtania
Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1
Maestría en Comunicación Digital Interactiva - UNR
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy Reform
Chameera Dedduwage
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impact
dawncurless
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across Sectors
Association for Project Management
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
PECB
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory Inspection
SafetyChain Software
9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service
discovermytutordmt
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SD
Thiyagu K
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
VS Mahajan Coaching Centre
Último
(20)
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdf
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot Graph
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdf
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The Basics
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
The byproduct of sericulture in different industries.pptx
The byproduct of sericulture in different industries.pptx
Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy Reform
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impact
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across Sectors
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory Inspection
9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SD
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
E gov security_tut_session_1
1.
أﻛﺎدﯾﻣﯾﺔ اﻟﺣﻛوﻣﺔ اﻹﻟﻛﺗروﻧﯾﺔ
اﻟﻔﻠﺳطﯾﻧﯾﺔ The Palestinian eGovernment Academy www.egovacademy.ps Security Tutorial Session 1 PalGov © 2011 1
2.
About This tutorial is
part of the PalGov project, funded by the TEMPUS IV program of the Commission of the European Communities, grant agreement 511159-TEMPUS-1- 2010-1-PS-TEMPUS-JPHES. The project website: www.egovacademy.ps Project Consortium: Birzeit University, Palestine University of Trento, Italy (Coordinator ) Palestine Polytechnic University, Palestine Vrije Universiteit Brussel, Belgium Palestine Technical University, Palestine Université de Savoie, France Ministry of Telecom and IT, Palestine University of Namur, Belgium Ministry of Interior, Palestine TrueTrust, UK Ministry of Local Government, Palestine Coordinator: Dr. Mustafa Jarrar Birzeit University, P.O.Box 14- Birzeit, Palestine Telfax:+972 2 2982935 mjarrar@birzeit.eduPalGov © 2011 2
3.
© Copyright Notes Everyone
is encouraged to use this material, or part of it, but should properly cite the project (logo and website), and the author of that part. No part of this tutorial may be reproduced or modified in any form or by any means, without prior written permission from the project, who have the full copyrights on the material. Attribution-NonCommercial-ShareAlike CC-BY-NC-SA This license lets others remix, tweak, and build upon your work non- commercially, as long as they credit you and license their new creations under the identical terms. PalGov © 2011 3
4.
Tutorial 5:
Information Security Session 1 Outline: • Session 1 ILO’s. • Introduction E-governments and Security • Introduction to Information Security and Threats (CIA) • ISO 27000 Standards. PalGov © 2011 4
5.
Tutorial 5: Session
1 - ILO’s This session will contribute to the following ILOs: • A: Knowledge and Understanding • a1: Define the different risks and threats from being connected to networks, internet and web applications. • a2: Defines security standards and policies. • a3: Recognize risk assessment and management • a4: Describe the Palestinian eGovernment infrastructure and understand its security requirements. • B: Intellectual Skills • b1: Illustrate the different risks and threats from being connected. • b2: Relates risk assessment and management to e-government model. • b3: Design end-to-end secure and available systems. • C: General and Transferable Skills • d3: Analysis and identification skills. PalGov © 2011 5
6.
Tutorial 5:
Information Security Session 1 Outline: • Session 1 ILO’s. • Introduction to E-governments and Security • Introduction to Information Security and Threats (CIA) • ISO 27000 Standards. PalGov © 2011 6
7.
Introduction to Palestinian
E- governments and Security • The Palestinian e-Government Architecture • Security Framework • Missing Knowledge and Skills: PalGov © 2011 7
8.
The Palestinian e-Government
Architecture (1) • Palestinian e-government architecture developed in cooperation with the Estonian government. • The architecture connects all ministries together through a government service bus, called “x-road Palestine”. • This service bus, represents standard service oriented architecture , • Provision of secure services. • Not yet implemented, PalGov © 2011 8
9.
The Palestinian e-Government Architecture
(2) PalGov © 2011 9
10.
The Palestinian e-Government
Architecture (3) • Public services can be accessed by citizens or entrepreneurs through the portal component. • It allows users first to login and authenticate themselves through smart-card and/or passwords; • The portal then provides the list of services that the authenticated user is allowed to access. • Then, the server communicates with the server of the ministry of interior or the server of the ministry of health and so on. PalGov © 2011 10
11.
The Palestinian e-Government
Architecture (4) • Several frameworks should be established to enable these interoperations, • Each organization develops and operates its services and data. • An organization can be a ministry, a governmental agency or a private firm. • In Palestine, there are 23 ministries, 55 governmental agencies, and many private firms that may all join the e- government at a certain stage. PalGov © 2011 11
12.
The Palestinian e-Government
Architecture (4) • Hence, five frameworks are needed to implement the aforementioned e- government architecture –i) infrastructure framework, –(ii) security framework, –(iii) interoperability framework, –(iv) legal framework, –(v) policy framework. PalGov © 2011 12
13.
Pal. E-gov Security
Framework After establishing the network between governmental institutions, this network needs to be secure: both point to point network security and end-to-end security service are required: – Data Confidentiality, Data Integrity, Authenticity. – No surreptitious forwarding – Non-repudiation – Access Control – timeliness (to avoid replay attacks) – Accounting and Logging: – Availability. PalGov © 2011 13
14.
Pal. E-gov Security
Framework • To deal with these issues, the following mechanisms are needed: – Authentication services – Confidentiality services – Data integrity and non-repudiation services – Authorization services – Intrusion detection and prevention. – Malicious software and virus protection. – Denial of service and distributed denial of service detection and prevention. – Firewall systems. – Risk assessment and management. – Policy making and enforcement. – Training and awareness building. PalGov © 2011 14
15.
Missing Knowledge and
Skills: • Missing Knowledge and Skills: – For all: • Understand the types of risks and threats from being connected. • Understand security standards and policies including risk assessment and management • Be aware of the threats of connecting to the internet and using web applications and social networks • Ability to protect themselves and applications from security threats PalGov © 2011 15
16.
Missing Knowledge and
Skills: • Missing Knowledge and Skills: – For IT professionals: • Ability to design, implement and deploy user authentication services. • Ability to design, implement and deploy end- to-end security systems. • Ability to design, implement and deploy authorization services. • Ability to design, implement, and deploy confidentiality services., • Ability to design and deploy security policies PalGov © 2011 16
17.
Tutorial 5:
Information Security Session 1 Outline: • Session 1 ILO’s. • Introduction E-governments and Security • Introduction to Information Security and Threats (CIA) • ISO 27000 Standards. PalGov © 2011 17
18.
Introduction to Information
Security and Threats • Overview • Basic Security Concepts • Computer Security Issues • Vulnerabilities / Attacks PalGov © 2011 18
19.
Overview
Computer Security: “ protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability and confidentiality of information system resources (includes hardware, software, firmware, information/data, and telecommunications).” 1. [1] Definition taken Computer Security: Principles and Practice, by William Stallings and Lawrie Brown. Published by Pearson/Prentice Hall, © 2008. ISBN: 0-13-600424-5. PalGov © 2011 19
20.
Key Security Concepts
PalGov © 2011 20
21.
Understanding the Importance
of Information Security • Prevents data from being stolen • Maintains productivity • Prevents cyber-terrorism • Prevents theft of identities • Maintains competitive advantage • Prevents modifying data, forging data, masquerading and impersonating users, etc. PalGov © 2011 21
22.
Computer Security Issues
/ Challenges 1. Not simple 2. Must consider potential attacks 3. Procedures used counter-intuitive 4. Involve algorithms and secret info 5. Battle of wits between attacker / admin 6. Not perceived as benefit until things fail… 7. Requires regular monitoring 8. Regarded as impediment to using system PalGov © 2011 22
23.
Security Terminology
Lecture slides by Lawrie Brown PalGov © 2011 23
24.
Secure Communication with
an Untrusted Infrastructure PalGov © 2011 24
25.
Secure Communication with
an Untrusted Infrastructure • Ali may send a message to Sara… • A devil may take Ali credentials and claim he is Ali and resend a message to Sara claiming he is Ali. PalGov © 2011 25
26.
Secure Communication with
an Untrusted Infrastructure • E- government usually has communication between different parties over secure and unsecure infrastructures. PalGov © 2011 26
27.
CIA and AAA
Concepts •CIA •Confidentiality. •Integrity. •Availability •AAA •Authentication (password). •Authorization (Access Control). •Auditing (Accounting and Logging). PalGov © 2011 27
28.
Tutorial 5:
Information Security Session 1 Outline: • Session 1 ILO’s. • Introduction E-governments and Security • Intro to Information Security and Threats (CIA) • ISO 27000 Standards. PalGov © 2011 28
29.
ISO 17799 • We
will learn about: – ISO 17799 (2000 and 2005) precursor of ISO 27002 (2007) – Originally Based on BS 7799 part 1 (1995) – “Information Technology – Code of Practice for Information Security Management” – ISO 27001 (2007), originally BS 7799 Part 2 is a practical application of ISO 27002 and specifies requirements for establishing an Information Security Management System ISMS, as a precursor to being certified by a certification body) PalGov © 2011 29
30.
ISO 27002 (2007) •
Includes: –Risk Assessment & Treatment –Security Policies –Organization –Asset Management –HR PalGov © 2011 30
31.
ISO 27002 (2007) •
Includes: – Communications and Operations – Physical and Environmental – Access Control Information – Systems Acquisition, Development and Maintenance – IS Incident Management – Business Continuity Model BCM – Compliance PalGov © 2011 31
32.
Why is Information
Security Important • Information and its supporting processes are business assets to governments and orgs. • Some businesses and orgs (e.g. Banks and governments), deal with information. • Information CIA /AAA are needed. PalGov © 2011 32
33.
Information Security Requirements •
These are determined by considering – Risk assessment of information loss to organisation. – Legal, statutory, regulatory and contractual requirements placed on the organisation. – Information processing needs of the organisation to support its operations. PalGov © 2011 33
34.
IS Controls (1) •
Controls can be: – Policies – Practices – Procedures – Organisational Structures/Roles – Software Functions • Controls are selected based upon their cost of implementation vs. loss to organisation of money, time, reputation and functionality. PalGov © 2011 34
35.
IS Controls (2) •
The following controls are ESSENTIAL from a legislative point of view – Data protection and privacy of personal information – Protection of Organisational records e.g. financial data. – Protection of Intellectual Property Rights (including those of business partners) • The following controls are BEST practice – Information security policy document – Allocation of information security responsibilities – Education and Training of staff in Information Security – Reporting security incidents – Business continuity management PalGov © 2011 35
36.
Related IS Issues •
Security Policy • Organisational Security • Asset Classification and Control • Personnel Security • Physical and Environmental Security • Communications and Operations Security • Access Control • System Development and Maintenance • Business Continuity Management (BCM) • Compliance PalGov © 2011 36
37.
Security Policy • Objective:
To provide management support and direction for information security in the organisation. • Policy should have an owner, and should be regularly reviewed and enhanced. • Do we have policies for Palestine ?? PalGov © 2011 37
38.
Internal Organisational Security •
Objective: – to manage information security in the organisation – Appoint owners to every information asset and make them responsible for its security • Our Orgs require – Have an expert advisor (internal or external) – Have an authorisation process for all new systems – Have an independent reviewer to assess compliance with security policy PalGov © 2011 38
39.
Asset Classification and
Control • Objective: to maintain protection of information assets. –Assets include: hardware, software, electronic data and documentation. –Very Important to our e-gov project. PalGov © 2011 39
40.
Personnel Security • Objective:
to reduce risks of human errors, theft, fraud, misuse of Information Systems – Should be integrated with the Legal Tutorial of our project PalGov © 2011 40
41.
Physical and Environmental
Security • Objectives: To prevent unauthorised access, loss, damage, and theft of IS resources – Equipment Disposal. Remove all confidential information or destroy the media – Protect/restrict physical access to equipment PalGov © 2011 41
42.
Communications and Operations
Security • Related areas to be covered: – Operational procedures and responsibilities – System planning and acceptance – Malicious software e.g. viruses – Housekeeping (backups, archives etc) – Network management – Handling of media – Exchange of information and software PalGov © 2011 42
43.
Communications and Operations
Security – Procedures • Objective: Ensure correct and secure operation of IS facilities – Document operating procedures for each system (and keep them up to date!) – Separation of operational and development systems PalGov © 2011 43
44.
Communications and Operations
Security – System Acceptance • Objective: to minimise risk of system failure PalGov © 2011 44
45.
Communications and Operations
Security – Malicious software • Objective: To protect the integrity of software and information – Need to protect against viruses, worms, logic bombs, Trojan horses etc. – Policy should require software to be licensed and authorised before use – WHAT ABOUT FREE LICENSING. – Policy should require safe methods for import of files from media and networks – Anti-virus software should be regularly updated – Documented procedures for reporting and recovering from virus infections – Educate staff about viruses and protection methods (training) PalGov © 2011 45
46.
Communications and Operations
Security – Housekeeping • Objective: To maintain the availability of information and software – Use of Raid Technology – Regular backups of data should be taken, kept securely, and tested for correct recovery – Operational staff should keep a log of their activities e.g. times systems started, failed, recovered, and logs should be independently inspected for conformance to procedures – Support staff should log all user fault reports and their resolutions PalGov © 2011 46
47.
Communications and Operations
Security – Network Management • Objective: To safeguard the network and information on it – Protect from unauthorised access e.g. use of firewalls – Protect disclosure of confidential information e.g. VPN – Ensure availability e.g. by having backup networks/links – Prevent Disclosure PalGov © 2011 47
48.
Communications and Operations
Security – Media Handling • Objective: To prevent damage to media or loss of contents PalGov © 2011 48
49.
Communications and Operations
Security – Information Exchange • Objective: To prevent loss of information exchanged between organisations – Must be consistent with legislation e.g. data protection act – Public servers e.g. Web – may need to comply with legislation in recipient country, also need controls to stop modifications – Exchanges should be based on an agreement comprising: • Standards for packaging, notification arrangements, responsibilities in case of loss, agreed labelling system, methods of transfer (e.g. tamper resistant packaging, encryption) • E-commerce: authentication and authorisation methods, settlement method, liability if fraudulent transactions – Policy for use of email: what (not) to send via email, what protection to use, use of inappropriate language – Policy for use of fax, phone, mail, video: confidentiality issues, storage issues, access issues – WHAT ABOUT E-GOV X-ROAD. – WHAT ABOUT CLOUD COMPUTING !!! PalGov © 2011 49
50.
Access Control • Objective:
To control access to information – Access control policy should state rules and rights for each user and group of users – Rules should differentiate between mandatory and optional ones, administrator or automated approval. • Good base “Everything forbidden unless expressly permitted” – Formal registration and de-registration process for users – Allocate unique IDs to users to allow auditing – Limit the use of system privileges – Record who is allocated which IDs and privileges and regularly review them esp. special privileges – Ensure unattended equipment has appropriate protection PalGov © 2011 50
51.
Access Control –
Passwords • Have a password management policy known by all users • Have users sign a statement to keep passwords confidential • Allocate a temporary password which users must change at first log on • Force strong passwords >8 characters, easy to remember but not linked to user, preferably mixed characters and not dictionary words (upper/lower case/numbers/special) • Make users change passwords at predefined intervals • Store password files encrypted and separately from application files • Don’t display passwords during login PalGov © 2011 51
52.
Access Control –
Networks • Objective: Protection of networked services – Network access policy – services allowed, user authorisation procedures, management controls – Have Enforced Paths that control the path from user’s device to networked services e.g. dedicated telephone numbers, limited roaming, screening routers – Mandate user authentication before they gain access – Protect remote access to engineering diagnostic ports – Separate internal network into security domains – Install application proxy firewalls PalGov © 2011 52
53.
Access Control –
Operating systems • Objective: To prevent unauthorised computer access – Identify the user and optionally the calling location – Record successful and failed login attempts – Display a warning notice to users at login – Don’t provide help for unsuccessful logins – Limit number of failed logins (e.g. to 3) and have a time delay between each attempt – Limit the time for the login procedure – Display the following information after successful login • Last time user logged in & number of failed attempts since – Time out inactive sessions, time limit high risk sessions PalGov © 2011 53
54.
Access Control –
Monitoring • Objective: to detect unauthorised access – Audit logs record: user ID, location, date and time, attempted action, success/fail, plus alerts – Actions include: log on, log off, files accessed, records accessed, programs used, devices attached/detached – Intrusion Detection Systems analyse logs to look for anomalous behaviour and system misuse. Issue alerts when they detect them – Audit logs should be protected against modification – Accurate clock times are important for accurate logs – Audit logs should be protected against modification (as well as deletion and forging) PalGov © 2011 54
55.
System Development and
Maintenance • Objective: To ensure that security is built into Information Systems – Security requirements should be identified during project’s requirements phase and be related to the business value of the system – Data input validation: out of range values, invalid characters, missing fields, exceeding upper limits – Data processing validation: balancing controls, checksums, programs run in correct order and at correct time – Data output validation: plausibility checks, reconciliation counts PalGov © 2011 55
56.
Business Continuity Management
(1) • Objective: To counteract interruptions to business activity and to protect critical business processes from the effects of major failures – Failures can come from natural disasters, accidents, equipment failures and deliberate attacks – Perform a risk analysis, identifying causes, probabilities and impacts – Implement cost effective risk mitigating actions PalGov © 2011 56
57.
Business Continuity Management
(2) –Formulate Business Continuity Plan –Implement and test the BCP –Continually review and update the BCP –Failure of equipment in a particular zone –VERY IMPORTANT FOR THE E-GOV ESPECIALLY IN PALESTINE PalGov © 2011 57
58.
Compliance – legal •
Objectives: Ensure compliance with legislation – Identify applicable laws – data protection, privacy, monitoring use of resources, computer misuse – Rules for admissibility and completeness of evidence – Ensure copyright and software licences are adhered to (implement controls and spot checks) – Keep asset register, proofs of purchase, master discs – Organisational records must be kept securely for a minimum statutory time period – Consider media degradation and technology change – Complemented by the Legal Issues tutorial. PalGov © 2011 58
59.
Compliance – security
policy • Objectives: Ensure compliance with security policy – Security of information systems should be regularly reviewed – Managers should ensure all procedures are carried out properly PalGov © 2011 59
60.
Summary • In this
session we discussed the following: – The Palestinian e-gov architecture. – The security framework for the e-gov platforms – The required skills for people involved in the e- gov activities. – Introduction to security and the CIA concept. – Detailed information about the security management and risk assessment standards included in the ISO 27002. PalGov © 2011 60
61.
Bibliography 1. Computer Security:
Principles and Practice, by William Stallings and Lawrie Brown. Published by Pearson/Prentice Hall, © 2008. ISBN: 0-13- 600424-5. 2. Lecture Notes by David Chadwick 2011, True - Trust Ltd. 3. Cryptography and Network Security, by Behrouz A. Forouzan. Mcgraw-Hill, ©2008. ISBN: 978-007- 126361-0. 4. Center for Interdisciplinary Studies in Information Security (ISIS) http://scgwww.epfl.ch/courses PalGov © 2011 61
62.
Thanks
Radwan Tahboub PalGov © 2011 62
Baixar agora