SlideShare uma empresa Scribd logo

E gov security_tut_session_1

Mustafa Jarrar
Mustafa Jarrar
EducaçãoTecnologia
1 de 62
Baixar para ler offline
‫أﻛﺎدﯾﻣﯾﺔ اﻟﺣﻛوﻣﺔ اﻹﻟﻛﺗروﻧﯾﺔ اﻟﻔﻠﺳطﯾﻧﯾﺔ‬ The Palestinian eGovernment Academy www.egovacademy.ps Security Tutorial Session 1 PalGov © 2011 1
About This tutorial is part of the PalGov project, funded by the TEMPUS IV program of the Commission of the European Communities, grant agreement 511159-TEMPUS-1- 2010-1-PS-TEMPUS-JPHES. The project website: www.egovacademy.ps Project Consortium: Birzeit University, Palestine University of Trento, Italy (Coordinator ) Palestine Polytechnic University, Palestine Vrije Universiteit Brussel, Belgium Palestine Technical University, Palestine Université de Savoie, France Ministry of Telecom and IT, Palestine University of Namur, Belgium Ministry of Interior, Palestine TrueTrust, UK Ministry of Local Government, Palestine Coordinator: Dr. Mustafa Jarrar Birzeit University, P.O.Box 14- Birzeit, Palestine Telfax:+972 2 2982935 mjarrar@birzeit.eduPalGov © 2011 2
© Copyright Notes Everyone is encouraged to use this material, or part of it, but should properly cite the project (logo and website), and the author of that part. No part of this tutorial may be reproduced or modified in any form or by any means, without prior written permission from the project, who have the full copyrights on the material. Attribution-NonCommercial-ShareAlike CC-BY-NC-SA This license lets others remix, tweak, and build upon your work non- commercially, as long as they credit you and license their new creations under the identical terms. PalGov © 2011 3
Tutorial 5: Information Security Session 1 Outline: • Session 1 ILO’s. • Introduction E-governments and Security • Introduction to Information Security and Threats (CIA) • ISO 27000 Standards. PalGov © 2011 4
Tutorial 5: Session 1 - ILO’s This session will contribute to the following ILOs: • A: Knowledge and Understanding • a1: Define the different risks and threats from being connected to networks, internet and web applications. • a2: Defines security standards and policies. • a3: Recognize risk assessment and management • a4: Describe the Palestinian eGovernment infrastructure and understand its security requirements. • B: Intellectual Skills • b1: Illustrate the different risks and threats from being connected. • b2: Relates risk assessment and management to e-government model. • b3: Design end-to-end secure and available systems. • C: General and Transferable Skills • d3: Analysis and identification skills. PalGov © 2011 5
Tutorial 5: Information Security Session 1 Outline: • Session 1 ILO’s. • Introduction to E-governments and Security • Introduction to Information Security and Threats (CIA) • ISO 27000 Standards. PalGov © 2011 6
Introduction to Palestinian E- governments and Security • The Palestinian e-Government Architecture • Security Framework • Missing Knowledge and Skills: PalGov © 2011 7
The Palestinian e-Government Architecture (1) • Palestinian e-government architecture developed in cooperation with the Estonian government. • The architecture connects all ministries together through a government service bus, called “x-road Palestine”. • This service bus, represents standard service oriented architecture , • Provision of secure services. • Not yet implemented, PalGov © 2011 8
The Palestinian e-Government Architecture (2) PalGov © 2011 9
The Palestinian e-Government Architecture (3) • Public services can be accessed by citizens or entrepreneurs through the portal component. • It allows users first to login and authenticate themselves through smart-card and/or passwords; • The portal then provides the list of services that the authenticated user is allowed to access. • Then, the server communicates with the server of the ministry of interior or the server of the ministry of health and so on. PalGov © 2011 10
The Palestinian e-Government Architecture (4) • Several frameworks should be established to enable these interoperations, • Each organization develops and operates its services and data. • An organization can be a ministry, a governmental agency or a private firm. • In Palestine, there are 23 ministries, 55 governmental agencies, and many private firms that may all join the e- government at a certain stage. PalGov © 2011 11
The Palestinian e-Government Architecture (4) • Hence, five frameworks are needed to implement the aforementioned e- government architecture –i) infrastructure framework, –(ii) security framework, –(iii) interoperability framework, –(iv) legal framework, –(v) policy framework. PalGov © 2011 12
Pal. E-gov Security Framework After establishing the network between governmental institutions, this network needs to be secure: both point to point network security and end-to-end security service are required: – Data Confidentiality, Data Integrity, Authenticity. – No surreptitious forwarding – Non-repudiation – Access Control – timeliness (to avoid replay attacks) – Accounting and Logging: – Availability. PalGov © 2011 13
Pal. E-gov Security Framework • To deal with these issues, the following mechanisms are needed: – Authentication services – Confidentiality services – Data integrity and non-repudiation services – Authorization services – Intrusion detection and prevention. – Malicious software and virus protection. – Denial of service and distributed denial of service detection and prevention. – Firewall systems. – Risk assessment and management. – Policy making and enforcement. – Training and awareness building. PalGov © 2011 14
Missing Knowledge and Skills: • Missing Knowledge and Skills: – For all: • Understand the types of risks and threats from being connected. • Understand security standards and policies including risk assessment and management • Be aware of the threats of connecting to the internet and using web applications and social networks • Ability to protect themselves and applications from security threats PalGov © 2011 15
Missing Knowledge and Skills: • Missing Knowledge and Skills: – For IT professionals: • Ability to design, implement and deploy user authentication services. • Ability to design, implement and deploy end- to-end security systems. • Ability to design, implement and deploy authorization services. • Ability to design, implement, and deploy confidentiality services., • Ability to design and deploy security policies PalGov © 2011 16
Tutorial 5: Information Security Session 1 Outline: • Session 1 ILO’s. • Introduction E-governments and Security • Introduction to Information Security and Threats (CIA) • ISO 27000 Standards. PalGov © 2011 17
Introduction to Information Security and Threats • Overview • Basic Security Concepts • Computer Security Issues • Vulnerabilities / Attacks PalGov © 2011 18
Overview Computer Security: “ protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability and confidentiality of information system resources (includes hardware, software, firmware, information/data, and telecommunications).” 1. [1] Definition taken Computer Security: Principles and Practice, by William Stallings and Lawrie Brown. Published by Pearson/Prentice Hall, © 2008. ISBN: 0-13-600424-5. PalGov © 2011 19
Key Security Concepts PalGov © 2011 20
Understanding the Importance of Information Security • Prevents data from being stolen • Maintains productivity • Prevents cyber-terrorism • Prevents theft of identities • Maintains competitive advantage • Prevents modifying data, forging data, masquerading and impersonating users, etc. PalGov © 2011 21
Computer Security Issues / Challenges 1. Not simple 2. Must consider potential attacks 3. Procedures used counter-intuitive 4. Involve algorithms and secret info 5. Battle of wits between attacker / admin 6. Not perceived as benefit until things fail… 7. Requires regular monitoring 8. Regarded as impediment to using system PalGov © 2011 22
Security Terminology Lecture slides by Lawrie Brown PalGov © 2011 23
Secure Communication with an Untrusted Infrastructure PalGov © 2011 24
Secure Communication with an Untrusted Infrastructure • Ali may send a message to Sara… • A devil may take Ali credentials and claim he is Ali and resend a message to Sara claiming he is Ali. PalGov © 2011 25
Secure Communication with an Untrusted Infrastructure • E- government usually has communication between different parties over secure and unsecure infrastructures. PalGov © 2011 26
CIA and AAA Concepts •CIA •Confidentiality. •Integrity. •Availability •AAA •Authentication (password). •Authorization (Access Control). •Auditing (Accounting and Logging). PalGov © 2011 27
Tutorial 5: Information Security Session 1 Outline: • Session 1 ILO’s. • Introduction E-governments and Security • Intro to Information Security and Threats (CIA) • ISO 27000 Standards. PalGov © 2011 28
ISO 17799 • We will learn about: – ISO 17799 (2000 and 2005) precursor of ISO 27002 (2007) – Originally Based on BS 7799 part 1 (1995) – “Information Technology – Code of Practice for Information Security Management” – ISO 27001 (2007), originally BS 7799 Part 2 is a practical application of ISO 27002 and specifies requirements for establishing an Information Security Management System ISMS, as a precursor to being certified by a certification body) PalGov © 2011 29
ISO 27002 (2007) • Includes: –Risk Assessment & Treatment –Security Policies –Organization –Asset Management –HR PalGov © 2011 30
ISO 27002 (2007) • Includes: – Communications and Operations – Physical and Environmental – Access Control Information – Systems Acquisition, Development and Maintenance – IS Incident Management – Business Continuity Model BCM – Compliance PalGov © 2011 31
Why is Information Security Important • Information and its supporting processes are business assets to governments and orgs. • Some businesses and orgs (e.g. Banks and governments), deal with information. • Information CIA /AAA are needed. PalGov © 2011 32
Information Security Requirements • These are determined by considering – Risk assessment of information loss to organisation. – Legal, statutory, regulatory and contractual requirements placed on the organisation. – Information processing needs of the organisation to support its operations. PalGov © 2011 33
IS Controls (1) • Controls can be: – Policies – Practices – Procedures – Organisational Structures/Roles – Software Functions • Controls are selected based upon their cost of implementation vs. loss to organisation of money, time, reputation and functionality. PalGov © 2011 34
IS Controls (2) • The following controls are ESSENTIAL from a legislative point of view – Data protection and privacy of personal information – Protection of Organisational records e.g. financial data. – Protection of Intellectual Property Rights (including those of business partners) • The following controls are BEST practice – Information security policy document – Allocation of information security responsibilities – Education and Training of staff in Information Security – Reporting security incidents – Business continuity management PalGov © 2011 35
Related IS Issues • Security Policy • Organisational Security • Asset Classification and Control • Personnel Security • Physical and Environmental Security • Communications and Operations Security • Access Control • System Development and Maintenance • Business Continuity Management (BCM) • Compliance PalGov © 2011 36
Security Policy • Objective: To provide management support and direction for information security in the organisation. • Policy should have an owner, and should be regularly reviewed and enhanced. • Do we have policies for Palestine ?? PalGov © 2011 37
Internal Organisational Security • Objective: – to manage information security in the organisation – Appoint owners to every information asset and make them responsible for its security • Our Orgs require – Have an expert advisor (internal or external) – Have an authorisation process for all new systems – Have an independent reviewer to assess compliance with security policy PalGov © 2011 38
Asset Classification and Control • Objective: to maintain protection of information assets. –Assets include: hardware, software, electronic data and documentation. –Very Important to our e-gov project. PalGov © 2011 39
Personnel Security • Objective: to reduce risks of human errors, theft, fraud, misuse of Information Systems – Should be integrated with the Legal Tutorial of our project PalGov © 2011 40
Physical and Environmental Security • Objectives: To prevent unauthorised access, loss, damage, and theft of IS resources – Equipment Disposal. Remove all confidential information or destroy the media – Protect/restrict physical access to equipment PalGov © 2011 41
Communications and Operations Security • Related areas to be covered: – Operational procedures and responsibilities – System planning and acceptance – Malicious software e.g. viruses – Housekeeping (backups, archives etc) – Network management – Handling of media – Exchange of information and software PalGov © 2011 42
Communications and Operations Security – Procedures • Objective: Ensure correct and secure operation of IS facilities – Document operating procedures for each system (and keep them up to date!) – Separation of operational and development systems PalGov © 2011 43
Communications and Operations Security – System Acceptance • Objective: to minimise risk of system failure PalGov © 2011 44
Communications and Operations Security – Malicious software • Objective: To protect the integrity of software and information – Need to protect against viruses, worms, logic bombs, Trojan horses etc. – Policy should require software to be licensed and authorised before use – WHAT ABOUT FREE LICENSING. – Policy should require safe methods for import of files from media and networks – Anti-virus software should be regularly updated – Documented procedures for reporting and recovering from virus infections – Educate staff about viruses and protection methods (training) PalGov © 2011 45
Communications and Operations Security – Housekeeping • Objective: To maintain the availability of information and software – Use of Raid Technology – Regular backups of data should be taken, kept securely, and tested for correct recovery – Operational staff should keep a log of their activities e.g. times systems started, failed, recovered, and logs should be independently inspected for conformance to procedures – Support staff should log all user fault reports and their resolutions PalGov © 2011 46
Communications and Operations Security – Network Management • Objective: To safeguard the network and information on it – Protect from unauthorised access e.g. use of firewalls – Protect disclosure of confidential information e.g. VPN – Ensure availability e.g. by having backup networks/links – Prevent Disclosure PalGov © 2011 47
Communications and Operations Security – Media Handling • Objective: To prevent damage to media or loss of contents PalGov © 2011 48
Communications and Operations Security – Information Exchange • Objective: To prevent loss of information exchanged between organisations – Must be consistent with legislation e.g. data protection act – Public servers e.g. Web – may need to comply with legislation in recipient country, also need controls to stop modifications – Exchanges should be based on an agreement comprising: • Standards for packaging, notification arrangements, responsibilities in case of loss, agreed labelling system, methods of transfer (e.g. tamper resistant packaging, encryption) • E-commerce: authentication and authorisation methods, settlement method, liability if fraudulent transactions – Policy for use of email: what (not) to send via email, what protection to use, use of inappropriate language – Policy for use of fax, phone, mail, video: confidentiality issues, storage issues, access issues – WHAT ABOUT E-GOV X-ROAD. – WHAT ABOUT CLOUD COMPUTING !!! PalGov © 2011 49
Access Control • Objective: To control access to information – Access control policy should state rules and rights for each user and group of users – Rules should differentiate between mandatory and optional ones, administrator or automated approval. • Good base “Everything forbidden unless expressly permitted” – Formal registration and de-registration process for users – Allocate unique IDs to users to allow auditing – Limit the use of system privileges – Record who is allocated which IDs and privileges and regularly review them esp. special privileges – Ensure unattended equipment has appropriate protection PalGov © 2011 50
Access Control – Passwords • Have a password management policy known by all users • Have users sign a statement to keep passwords confidential • Allocate a temporary password which users must change at first log on • Force strong passwords >8 characters, easy to remember but not linked to user, preferably mixed characters and not dictionary words (upper/lower case/numbers/special) • Make users change passwords at predefined intervals • Store password files encrypted and separately from application files • Don’t display passwords during login PalGov © 2011 51
Access Control – Networks • Objective: Protection of networked services – Network access policy – services allowed, user authorisation procedures, management controls – Have Enforced Paths that control the path from user’s device to networked services e.g. dedicated telephone numbers, limited roaming, screening routers – Mandate user authentication before they gain access – Protect remote access to engineering diagnostic ports – Separate internal network into security domains – Install application proxy firewalls PalGov © 2011 52
Access Control – Operating systems • Objective: To prevent unauthorised computer access – Identify the user and optionally the calling location – Record successful and failed login attempts – Display a warning notice to users at login – Don’t provide help for unsuccessful logins – Limit number of failed logins (e.g. to 3) and have a time delay between each attempt – Limit the time for the login procedure – Display the following information after successful login • Last time user logged in & number of failed attempts since – Time out inactive sessions, time limit high risk sessions PalGov © 2011 53
Access Control – Monitoring • Objective: to detect unauthorised access – Audit logs record: user ID, location, date and time, attempted action, success/fail, plus alerts – Actions include: log on, log off, files accessed, records accessed, programs used, devices attached/detached – Intrusion Detection Systems analyse logs to look for anomalous behaviour and system misuse. Issue alerts when they detect them – Audit logs should be protected against modification – Accurate clock times are important for accurate logs – Audit logs should be protected against modification (as well as deletion and forging) PalGov © 2011 54
System Development and Maintenance • Objective: To ensure that security is built into Information Systems – Security requirements should be identified during project’s requirements phase and be related to the business value of the system – Data input validation: out of range values, invalid characters, missing fields, exceeding upper limits – Data processing validation: balancing controls, checksums, programs run in correct order and at correct time – Data output validation: plausibility checks, reconciliation counts PalGov © 2011 55
Business Continuity Management (1) • Objective: To counteract interruptions to business activity and to protect critical business processes from the effects of major failures – Failures can come from natural disasters, accidents, equipment failures and deliberate attacks – Perform a risk analysis, identifying causes, probabilities and impacts – Implement cost effective risk mitigating actions PalGov © 2011 56
Business Continuity Management (2) –Formulate Business Continuity Plan –Implement and test the BCP –Continually review and update the BCP –Failure of equipment in a particular zone –VERY IMPORTANT FOR THE E-GOV ESPECIALLY IN PALESTINE PalGov © 2011 57
Compliance – legal • Objectives: Ensure compliance with legislation – Identify applicable laws – data protection, privacy, monitoring use of resources, computer misuse – Rules for admissibility and completeness of evidence – Ensure copyright and software licences are adhered to (implement controls and spot checks) – Keep asset register, proofs of purchase, master discs – Organisational records must be kept securely for a minimum statutory time period – Consider media degradation and technology change – Complemented by the Legal Issues tutorial. PalGov © 2011 58
Compliance – security policy • Objectives: Ensure compliance with security policy – Security of information systems should be regularly reviewed – Managers should ensure all procedures are carried out properly PalGov © 2011 59
Summary • In this session we discussed the following: – The Palestinian e-gov architecture. – The security framework for the e-gov platforms – The required skills for people involved in the e- gov activities. – Introduction to security and the CIA concept. – Detailed information about the security management and risk assessment standards included in the ISO 27002. PalGov © 2011 60
Bibliography 1. Computer Security: Principles and Practice, by William Stallings and Lawrie Brown. Published by Pearson/Prentice Hall, © 2008. ISBN: 0-13- 600424-5. 2. Lecture Notes by David Chadwick 2011, True - Trust Ltd. 3. Cryptography and Network Security, by Behrouz A. Forouzan. Mcgraw-Hill, ©2008. ISBN: 978-007- 126361-0. 4. Center for Interdisciplinary Studies in Information Security (ISIS) http://scgwww.epfl.ch/courses PalGov © 2011 61
Thanks Radwan Tahboub PalGov © 2011 62

Recomendados

Cert adli wahid_iisf2011
Cert adli wahid_iisf2011Cert adli wahid_iisf2011
Cert adli wahid_iisf2011Directorate of Information Security | Ditjen Aptika
 
101 Basic concepts of information security
101 Basic concepts of information security101 Basic concepts of information security
101 Basic concepts of information securitySsendiSamuel
 
CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]
CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]
CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]APNIC
 
CERT Certification
CERT CertificationCERT Certification
CERT CertificationConferencias FIST
 
Ch01 Introduction to Security
Ch01 Introduction to SecurityCh01 Introduction to Security
Ch01 Introduction to SecurityInformation Technology
 
Applying the nist framework to transportation systems mod 1 nhi instructor de...
Applying the nist framework to transportation systems mod 1 nhi instructor de...Applying the nist framework to transportation systems mod 1 nhi instructor de...
Applying the nist framework to transportation systems mod 1 nhi instructor de...raymurphy9533
 
Noah Maina: Computer Emergency Response Team (CERT)
Noah Maina: Computer Emergency Response Team (CERT)Noah Maina: Computer Emergency Response Team (CERT)
Noah Maina: Computer Emergency Response Team (CERT)Hamisi Kibonde
 
GUL Network Infrastructure
GUL Network InfrastructureGUL Network Infrastructure
GUL Network InfrastructureMuhammad Zeeshan
 

Recomendados

Cert adli wahid_iisf2011
Cert adli wahid_iisf2011Cert adli wahid_iisf2011
Cert adli wahid_iisf2011Directorate of Information Security | Ditjen Aptika
 
101 Basic concepts of information security
101 Basic concepts of information security101 Basic concepts of information security
101 Basic concepts of information securitySsendiSamuel
 
CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]
CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]
CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]APNIC
 
CERT Certification
CERT CertificationCERT Certification
CERT CertificationConferencias FIST
 
Ch01 Introduction to Security
Ch01 Introduction to SecurityCh01 Introduction to Security
Ch01 Introduction to SecurityInformation Technology
 
Applying the nist framework to transportation systems mod 1 nhi instructor de...
Applying the nist framework to transportation systems mod 1 nhi instructor de...Applying the nist framework to transportation systems mod 1 nhi instructor de...
Applying the nist framework to transportation systems mod 1 nhi instructor de...raymurphy9533
 
Noah Maina: Computer Emergency Response Team (CERT)
Noah Maina: Computer Emergency Response Team (CERT)Noah Maina: Computer Emergency Response Team (CERT)
Noah Maina: Computer Emergency Response Team (CERT)Hamisi Kibonde
 
GUL Network Infrastructure
GUL Network InfrastructureGUL Network Infrastructure
GUL Network InfrastructureMuhammad Zeeshan
 
National cyber security policy final
National cyber security policy finalNational cyber security policy final
National cyber security policy finalIndian Air Force
 
مشروع الامن السيبراني
مشروع الامن السيبرانيمشروع الامن السيبراني
مشروع الامن السيبرانيmeshalalmrwani
 
CTO Cybersecurity Forum 2013 Pierre Dandjinou Promoting Cybersecurity in Africa
CTO Cybersecurity Forum 2013 Pierre Dandjinou Promoting Cybersecurity in AfricaCTO Cybersecurity Forum 2013 Pierre Dandjinou Promoting Cybersecurity in Africa
CTO Cybersecurity Forum 2013 Pierre Dandjinou Promoting Cybersecurity in AfricaCommonwealth Telecommunications Organisation
 
Cybercrime Bill 2014: Due Diligence
Cybercrime Bill 2014: Due DiligenceCybercrime Bill 2014: Due Diligence
Cybercrime Bill 2014: Due DiligenceShiva Bissessar
 
Ethics and information security 2
Ethics and information security 2Ethics and information security 2
Ethics and information security 2PT Bank Syariah Mandiri
 
Cybersecurity and data privacy
Cybersecurity and data privacyCybersecurity and data privacy
Cybersecurity and data privacyKatherine Cancelado
 
Its not ITs problem
Its not ITs problemIts not ITs problem
Its not ITs problemShiva Bissessar
 
Chapter2 the need to security
Chapter2 the need to securityChapter2 the need to security
Chapter2 the need to securityDhani Ahmad
 
The Ultimate Guide To Cyber Security Certifications
The Ultimate Guide To Cyber Security CertificationsThe Ultimate Guide To Cyber Security Certifications
The Ultimate Guide To Cyber Security CertificationsMercury Solutions Limited
 
Overview of Information Security & Privacy
Overview of Information Security & PrivacyOverview of Information Security & Privacy
Overview of Information Security & PrivacyNawanan Theera-Ampornpunt
 
Cisco ccna security
Cisco ccna securityCisco ccna security
Cisco ccna securityMt Mostafa
 
Information security
Information securityInformation security
Information securityavinashbalakrishnan2
 
A network security policy group project unit 4 (1) july 2015
A network security policy group project unit 4 (1) july 2015A network security policy group project unit 4 (1) july 2015
A network security policy group project unit 4 (1) july 2015Jeffery Brown
 
Deep Learning for Cybersecurity Innovation Insights from Patents
Deep Learning for Cybersecurity Innovation Insights from PatentsDeep Learning for Cybersecurity Innovation Insights from Patents
Deep Learning for Cybersecurity Innovation Insights from PatentsAlex G. Lee, Ph.D. Esq. CLP
 
E gov security_tut_session_9
E gov security_tut_session_9E gov security_tut_session_9
E gov security_tut_session_9Mustafa Jarrar
 
Cyber defence sebagai garda terdepan ketahanan nasional
Cyber defence sebagai garda terdepan ketahanan nasionalCyber defence sebagai garda terdepan ketahanan nasional
Cyber defence sebagai garda terdepan ketahanan nasionalEdi Suryadi
 
National policy and strategy
National policy and strategyNational policy and strategy
National policy and strategyBright Boateng
 
Cyber security # Lec 1
Cyber security # Lec 1Cyber security # Lec 1
Cyber security # Lec 1Kabul Education University
 
CCNA Security - Chapter 1
CCNA Security - Chapter 1CCNA Security - Chapter 1
CCNA Security - Chapter 1Irsandi Hasan
 
information security
information securityinformation security
information securityuniversity of karachi
 
Pal gov.tutorial6.session3.introduction to ict and e government
Pal gov.tutorial6.session3.introduction to ict and e governmentPal gov.tutorial6.session3.introduction to ict and e government
Pal gov.tutorial6.session3.introduction to ict and e governmentMustafa Jarrar
 
E gov security_tut_session_12
E gov security_tut_session_12E gov security_tut_session_12
E gov security_tut_session_12Mustafa Jarrar
 

Mais conteúdo relacionado

Mais procurados

National cyber security policy final
National cyber security policy finalNational cyber security policy final
National cyber security policy finalIndian Air Force
 
مشروع الامن السيبراني
مشروع الامن السيبرانيمشروع الامن السيبراني
مشروع الامن السيبرانيmeshalalmrwani
 
Cybercrime Bill 2014: Due Diligence
Cybercrime Bill 2014: Due DiligenceCybercrime Bill 2014: Due Diligence
Cybercrime Bill 2014: Due DiligenceShiva Bissessar
 
Chapter2 the need to security
Chapter2 the need to securityChapter2 the need to security
Chapter2 the need to securityDhani Ahmad
 
The Ultimate Guide To Cyber Security Certifications
The Ultimate Guide To Cyber Security CertificationsThe Ultimate Guide To Cyber Security Certifications
The Ultimate Guide To Cyber Security CertificationsMercury Solutions Limited
 
Cisco ccna security
Cisco ccna securityCisco ccna security
Cisco ccna securityMt Mostafa
 
A network security policy group project unit 4 (1) july 2015
A network security policy group project unit 4 (1) july 2015A network security policy group project unit 4 (1) july 2015
A network security policy group project unit 4 (1) july 2015Jeffery Brown
 
Deep Learning for Cybersecurity Innovation Insights from Patents
Deep Learning for Cybersecurity Innovation Insights from PatentsDeep Learning for Cybersecurity Innovation Insights from Patents
Deep Learning for Cybersecurity Innovation Insights from PatentsAlex G. Lee, Ph.D. Esq. CLP
 
E gov security_tut_session_9
E gov security_tut_session_9E gov security_tut_session_9
E gov security_tut_session_9Mustafa Jarrar
 
Cyber defence sebagai garda terdepan ketahanan nasional
Cyber defence sebagai garda terdepan ketahanan nasionalCyber defence sebagai garda terdepan ketahanan nasional
Cyber defence sebagai garda terdepan ketahanan nasionalEdi Suryadi
 
National policy and strategy
National policy and strategyNational policy and strategy
National policy and strategyBright Boateng
 
CCNA Security - Chapter 1
CCNA Security - Chapter 1CCNA Security - Chapter 1
CCNA Security - Chapter 1Irsandi Hasan
 

Mais procurados (20)

National cyber security policy final
National cyber security policy finalNational cyber security policy final
National cyber security policy final
 
مشروع الامن السيبراني
مشروع الامن السيبرانيمشروع الامن السيبراني
مشروع الامن السيبراني
 
CTO Cybersecurity Forum 2013 Pierre Dandjinou Promoting Cybersecurity in Africa
CTO Cybersecurity Forum 2013 Pierre Dandjinou Promoting Cybersecurity in AfricaCTO Cybersecurity Forum 2013 Pierre Dandjinou Promoting Cybersecurity in Africa
CTO Cybersecurity Forum 2013 Pierre Dandjinou Promoting Cybersecurity in Africa
 
Cybercrime Bill 2014: Due Diligence
Cybercrime Bill 2014: Due DiligenceCybercrime Bill 2014: Due Diligence
Cybercrime Bill 2014: Due Diligence
 
Ethics and information security 2
Ethics and information security 2Ethics and information security 2
Ethics and information security 2
 
Cybersecurity and data privacy
Cybersecurity and data privacyCybersecurity and data privacy
Cybersecurity and data privacy
 
Its not ITs problem
Its not ITs problemIts not ITs problem
Its not ITs problem
 
Chapter2 the need to security
Chapter2 the need to securityChapter2 the need to security
Chapter2 the need to security
 
The Ultimate Guide To Cyber Security Certifications
The Ultimate Guide To Cyber Security CertificationsThe Ultimate Guide To Cyber Security Certifications
The Ultimate Guide To Cyber Security Certifications
 
Overview of Information Security & Privacy
Overview of Information Security & PrivacyOverview of Information Security & Privacy
Overview of Information Security & Privacy
 
Cisco ccna security
Cisco ccna securityCisco ccna security
Cisco ccna security
 
Information security
Information securityInformation security
Information security
 
A network security policy group project unit 4 (1) july 2015
A network security policy group project unit 4 (1) july 2015A network security policy group project unit 4 (1) july 2015
A network security policy group project unit 4 (1) july 2015
 
Deep Learning for Cybersecurity Innovation Insights from Patents
Deep Learning for Cybersecurity Innovation Insights from PatentsDeep Learning for Cybersecurity Innovation Insights from Patents
Deep Learning for Cybersecurity Innovation Insights from Patents
 
E gov security_tut_session_9
E gov security_tut_session_9E gov security_tut_session_9
E gov security_tut_session_9
 
Cyber defence sebagai garda terdepan ketahanan nasional
Cyber defence sebagai garda terdepan ketahanan nasionalCyber defence sebagai garda terdepan ketahanan nasional
Cyber defence sebagai garda terdepan ketahanan nasional
 
National policy and strategy
National policy and strategyNational policy and strategy
National policy and strategy
 
Cyber security # Lec 1
Cyber security # Lec 1Cyber security # Lec 1
Cyber security # Lec 1
 
CCNA Security - Chapter 1
CCNA Security - Chapter 1CCNA Security - Chapter 1
CCNA Security - Chapter 1
 
information security
information securityinformation security
information security
 

Semelhante a E gov security_tut_session_1

Pal gov.tutorial6.session3.introduction to ict and e government
Pal gov.tutorial6.session3.introduction to ict and e governmentPal gov.tutorial6.session3.introduction to ict and e government
Pal gov.tutorial6.session3.introduction to ict and e governmentMustafa Jarrar
 
E gov security_tut_session_12
E gov security_tut_session_12E gov security_tut_session_12
E gov security_tut_session_12Mustafa Jarrar
 
Pal gov.tutorial6.session0.outline
Pal gov.tutorial6.session0.outlinePal gov.tutorial6.session0.outline
Pal gov.tutorial6.session0.outlineMustafa Jarrar
 
Pal gov.tutorial6.session5.privacy and data protection
Pal gov.tutorial6.session5.privacy and data protectionPal gov.tutorial6.session5.privacy and data protection
Pal gov.tutorial6.session5.privacy and data protectionMustafa Jarrar
 
Chapter 1 introduction(web security)
Chapter 1 introduction(web security)Chapter 1 introduction(web security)
Chapter 1 introduction(web security)Kirti Ahirrao
 
E gov security_tut_session_3
E gov security_tut_session_3E gov security_tut_session_3
E gov security_tut_session_3Mustafa Jarrar
 
Cyber security general perspective a
Cyber security general perspective aCyber security general perspective a
Cyber security general perspective amarukanda
 
ICION 2016 - Cyber Security Governance
ICION 2016 - Cyber Security GovernanceICION 2016 - Cyber Security Governance
ICION 2016 - Cyber Security GovernanceCharles Lim
 
NGN integrated information security v3 DetikNas
NGN integrated information security v3 DetikNasNGN integrated information security v3 DetikNas
NGN integrated information security v3 DetikNasEmyana Ruth
 
THE GOOD SEED DROP-IN, Website - (goodseedcdc.org) MISSION.docx
THE GOOD SEED DROP-IN, Website - (goodseedcdc.org) MISSION.docxTHE GOOD SEED DROP-IN, Website - (goodseedcdc.org) MISSION.docx
THE GOOD SEED DROP-IN, Website - (goodseedcdc.org) MISSION.docxrtodd33
 
Migrating Critical Applications to the Cloud - isaca seattle - sanitized
Migrating Critical Applications to the Cloud - isaca seattle - sanitizedMigrating Critical Applications to the Cloud - isaca seattle - sanitized
Migrating Critical Applications to the Cloud - isaca seattle - sanitizedUnifyCloud
 
Migrating Critical Applications To The Cloud - ISACA Seattle - Sanitized
Migrating Critical Applications To The Cloud - ISACA Seattle - SanitizedMigrating Critical Applications To The Cloud - ISACA Seattle - Sanitized
Migrating Critical Applications To The Cloud - ISACA Seattle - SanitizedNorm Barber
 
E gov security_tut_session_0
E gov security_tut_session_0E gov security_tut_session_0
E gov security_tut_session_0Mustafa Jarrar
 
E gov security_tut_session_8_lab
E gov security_tut_session_8_labE gov security_tut_session_8_lab
E gov security_tut_session_8_labMustafa Jarrar
 
5G Wireless Security Training : Tonex Training
5G Wireless Security Training : Tonex Training5G Wireless Security Training : Tonex Training
5G Wireless Security Training : Tonex TrainingBryan Len
 
Creating a Culture of Security
Creating a Culture of SecurityCreating a Culture of Security
Creating a Culture of SecurityTechSoup
 
Cybersecurity and continuous intelligence
Cybersecurity and continuous intelligenceCybersecurity and continuous intelligence
Cybersecurity and continuous intelligenceNISIInstituut
 
IoT Security and Privacy Considerations
IoT Security and Privacy ConsiderationsIoT Security and Privacy Considerations
IoT Security and Privacy ConsiderationsKenny Huang Ph.D.
 

Semelhante a E gov security_tut_session_1 (20)

Pal gov.tutorial6.session3.introduction to ict and e government
Pal gov.tutorial6.session3.introduction to ict and e governmentPal gov.tutorial6.session3.introduction to ict and e government
Pal gov.tutorial6.session3.introduction to ict and e government
 
E gov security_tut_session_12
E gov security_tut_session_12E gov security_tut_session_12
E gov security_tut_session_12
 
Pal gov.tutorial6.session0.outline
Pal gov.tutorial6.session0.outlinePal gov.tutorial6.session0.outline
Pal gov.tutorial6.session0.outline
 
Pal gov.tutorial6.session5.privacy and data protection
Pal gov.tutorial6.session5.privacy and data protectionPal gov.tutorial6.session5.privacy and data protection
Pal gov.tutorial6.session5.privacy and data protection
 
Chapter 1 introduction(web security)
Chapter 1 introduction(web security)Chapter 1 introduction(web security)
Chapter 1 introduction(web security)
 
E gov security_tut_session_3
E gov security_tut_session_3E gov security_tut_session_3
E gov security_tut_session_3
 
Cyber security general perspective a
Cyber security general perspective aCyber security general perspective a
Cyber security general perspective a
 
ICION 2016 - Cyber Security Governance
ICION 2016 - Cyber Security GovernanceICION 2016 - Cyber Security Governance
ICION 2016 - Cyber Security Governance
 
NGN integrated information security v3 DetikNas
NGN integrated information security v3 DetikNasNGN integrated information security v3 DetikNas
NGN integrated information security v3 DetikNas
 
NEC-IBM_Event_093015
NEC-IBM_Event_093015NEC-IBM_Event_093015
NEC-IBM_Event_093015
 
THE GOOD SEED DROP-IN, Website - (goodseedcdc.org) MISSION.docx
THE GOOD SEED DROP-IN, Website - (goodseedcdc.org) MISSION.docxTHE GOOD SEED DROP-IN, Website - (goodseedcdc.org) MISSION.docx
THE GOOD SEED DROP-IN, Website - (goodseedcdc.org) MISSION.docx
 
Migrating Critical Applications to the Cloud - isaca seattle - sanitized
Migrating Critical Applications to the Cloud - isaca seattle - sanitizedMigrating Critical Applications to the Cloud - isaca seattle - sanitized
Migrating Critical Applications to the Cloud - isaca seattle - sanitized
 
Migrating Critical Applications To The Cloud - ISACA Seattle - Sanitized
Migrating Critical Applications To The Cloud - ISACA Seattle - SanitizedMigrating Critical Applications To The Cloud - ISACA Seattle - Sanitized
Migrating Critical Applications To The Cloud - ISACA Seattle - Sanitized
 
E gov security_tut_session_0
E gov security_tut_session_0E gov security_tut_session_0
E gov security_tut_session_0
 
E gov security_tut_session_8_lab
E gov security_tut_session_8_labE gov security_tut_session_8_lab
E gov security_tut_session_8_lab
 
5G Wireless Security Training : Tonex Training
5G Wireless Security Training : Tonex Training5G Wireless Security Training : Tonex Training
5G Wireless Security Training : Tonex Training
 
Creating a Culture of Security
Creating a Culture of SecurityCreating a Culture of Security
Creating a Culture of Security
 
Cybersecurity and continuous intelligence
Cybersecurity and continuous intelligenceCybersecurity and continuous intelligence
Cybersecurity and continuous intelligence
 
IoT Security and Privacy Considerations
IoT Security and Privacy ConsiderationsIoT Security and Privacy Considerations
IoT Security and Privacy Considerations
 
Ethiopia reba paper
Ethiopia reba paperEthiopia reba paper
Ethiopia reba paper
 

Mais de Mustafa Jarrar

Clustering Arabic Tweets for Sentiment Analysis
Clustering Arabic Tweets for Sentiment AnalysisClustering Arabic Tweets for Sentiment Analysis
Clustering Arabic Tweets for Sentiment AnalysisMustafa Jarrar
 
Classifying Processes and Basic Formal Ontology
Classifying Processes and Basic Formal OntologyClassifying Processes and Basic Formal Ontology
Classifying Processes and Basic Formal OntologyMustafa Jarrar
 
Discrete Mathematics Course Outline
Discrete Mathematics Course OutlineDiscrete Mathematics Course Outline
Discrete Mathematics Course OutlineMustafa Jarrar
 
Business Process Implementation
Business Process ImplementationBusiness Process Implementation
Business Process ImplementationMustafa Jarrar
 
Business Process Design and Re-engineering
Business Process Design and Re-engineeringBusiness Process Design and Re-engineering
Business Process Design and Re-engineeringMustafa Jarrar
 
BPMN 2.0 Analytical Constructs
BPMN 2.0 Analytical ConstructsBPMN 2.0 Analytical Constructs
BPMN 2.0 Analytical ConstructsMustafa Jarrar
 
BPMN 2.0 Descriptive Constructs
BPMN 2.0 Descriptive Constructs BPMN 2.0 Descriptive Constructs
BPMN 2.0 Descriptive Constructs Mustafa Jarrar
 
Introduction to Business Process Management
Introduction to Business Process ManagementIntroduction to Business Process Management
Introduction to Business Process ManagementMustafa Jarrar
 
Customer Complaint Ontology
Customer Complaint Ontology Customer Complaint Ontology
Customer Complaint Ontology Mustafa Jarrar
 
Subset, Equality, and Exclusion Rules
Subset, Equality, and Exclusion RulesSubset, Equality, and Exclusion Rules
Subset, Equality, and Exclusion RulesMustafa Jarrar
 
Schema Modularization in ORM
Schema Modularization in ORMSchema Modularization in ORM
Schema Modularization in ORMMustafa Jarrar
 
On Computer Science Trends and Priorities in Palestine
On Computer Science Trends and Priorities in PalestineOn Computer Science Trends and Priorities in Palestine
On Computer Science Trends and Priorities in PalestineMustafa Jarrar
 
Lessons from Class Recording & Publishing of Eight Online Courses
Lessons from Class Recording & Publishing of Eight Online CoursesLessons from Class Recording & Publishing of Eight Online Courses
Lessons from Class Recording & Publishing of Eight Online CoursesMustafa Jarrar
 
Presentation curras paper-emnlp2014-final
Presentation curras paper-emnlp2014-finalPresentation curras paper-emnlp2014-final
Presentation curras paper-emnlp2014-finalMustafa Jarrar
 
Jarrar: Future Internet in Horizon 2020 Calls
Jarrar: Future Internet in Horizon 2020 CallsJarrar: Future Internet in Horizon 2020 Calls
Jarrar: Future Internet in Horizon 2020 CallsMustafa Jarrar
 
Habash: Arabic Natural Language Processing
Habash: Arabic Natural Language ProcessingHabash: Arabic Natural Language Processing
Habash: Arabic Natural Language ProcessingMustafa Jarrar
 
Adnan: Introduction to Natural Language Processing
Adnan: Introduction to Natural Language Processing Adnan: Introduction to Natural Language Processing
Adnan: Introduction to Natural Language Processing Mustafa Jarrar
 
Riestra: How to Design and engineer Competitive Horizon 2020 Proposals
Riestra: How to Design and engineer Competitive Horizon 2020 ProposalsRiestra: How to Design and engineer Competitive Horizon 2020 Proposals
Riestra: How to Design and engineer Competitive Horizon 2020 ProposalsMustafa Jarrar
 
Bouquet: SIERA Workshop on The Pillars of Horizon2020
Bouquet: SIERA Workshop on The Pillars of Horizon2020Bouquet: SIERA Workshop on The Pillars of Horizon2020
Bouquet: SIERA Workshop on The Pillars of Horizon2020Mustafa Jarrar
 
Jarrar: Sparql Project
Jarrar: Sparql ProjectJarrar: Sparql Project
Jarrar: Sparql ProjectMustafa Jarrar
 

Mais de Mustafa Jarrar (20)

Clustering Arabic Tweets for Sentiment Analysis
Clustering Arabic Tweets for Sentiment AnalysisClustering Arabic Tweets for Sentiment Analysis
Clustering Arabic Tweets for Sentiment Analysis
 
Classifying Processes and Basic Formal Ontology
Classifying Processes and Basic Formal OntologyClassifying Processes and Basic Formal Ontology
Classifying Processes and Basic Formal Ontology
 
Discrete Mathematics Course Outline
Discrete Mathematics Course OutlineDiscrete Mathematics Course Outline
Discrete Mathematics Course Outline
 
Business Process Implementation
Business Process ImplementationBusiness Process Implementation
Business Process Implementation
 
Business Process Design and Re-engineering
Business Process Design and Re-engineeringBusiness Process Design and Re-engineering
Business Process Design and Re-engineering
 
BPMN 2.0 Analytical Constructs
BPMN 2.0 Analytical ConstructsBPMN 2.0 Analytical Constructs
BPMN 2.0 Analytical Constructs
 
BPMN 2.0 Descriptive Constructs
BPMN 2.0 Descriptive Constructs BPMN 2.0 Descriptive Constructs
BPMN 2.0 Descriptive Constructs
 
Introduction to Business Process Management
Introduction to Business Process ManagementIntroduction to Business Process Management
Introduction to Business Process Management
 
Customer Complaint Ontology
Customer Complaint Ontology Customer Complaint Ontology
Customer Complaint Ontology
 
Subset, Equality, and Exclusion Rules
Subset, Equality, and Exclusion RulesSubset, Equality, and Exclusion Rules
Subset, Equality, and Exclusion Rules
 
Schema Modularization in ORM
Schema Modularization in ORMSchema Modularization in ORM
Schema Modularization in ORM
 
On Computer Science Trends and Priorities in Palestine
On Computer Science Trends and Priorities in PalestineOn Computer Science Trends and Priorities in Palestine
On Computer Science Trends and Priorities in Palestine
 
Lessons from Class Recording & Publishing of Eight Online Courses
Lessons from Class Recording & Publishing of Eight Online CoursesLessons from Class Recording & Publishing of Eight Online Courses
Lessons from Class Recording & Publishing of Eight Online Courses
 
Presentation curras paper-emnlp2014-final
Presentation curras paper-emnlp2014-finalPresentation curras paper-emnlp2014-final
Presentation curras paper-emnlp2014-final
 
Jarrar: Future Internet in Horizon 2020 Calls
Jarrar: Future Internet in Horizon 2020 CallsJarrar: Future Internet in Horizon 2020 Calls
Jarrar: Future Internet in Horizon 2020 Calls
 
Habash: Arabic Natural Language Processing
Habash: Arabic Natural Language ProcessingHabash: Arabic Natural Language Processing
Habash: Arabic Natural Language Processing
 
Adnan: Introduction to Natural Language Processing
Adnan: Introduction to Natural Language Processing Adnan: Introduction to Natural Language Processing
Adnan: Introduction to Natural Language Processing
 
Riestra: How to Design and engineer Competitive Horizon 2020 Proposals
Riestra: How to Design and engineer Competitive Horizon 2020 ProposalsRiestra: How to Design and engineer Competitive Horizon 2020 Proposals
Riestra: How to Design and engineer Competitive Horizon 2020 Proposals
 
Bouquet: SIERA Workshop on The Pillars of Horizon2020
Bouquet: SIERA Workshop on The Pillars of Horizon2020Bouquet: SIERA Workshop on The Pillars of Horizon2020
Bouquet: SIERA Workshop on The Pillars of Horizon2020
 
Jarrar: Sparql Project
Jarrar: Sparql ProjectJarrar: Sparql Project
Jarrar: Sparql Project
 

Último

Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfchloefrazer622
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphThiyagu K
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfJayanti Pande
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsTechSoup
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingTechSoup
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3JemimahLaneBuaron
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Krashi Coaching
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...EduSkills OECD
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityGeoBlogs
 
The byproduct of sericulture in different industries.pptx
The byproduct of sericulture in different industries.pptxThe byproduct of sericulture in different industries.pptx
The byproduct of sericulture in different industries.pptxShobhayan Kirtania
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformChameera Dedduwage
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactdawncurless
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAssociation for Project Management
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactPECB
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionSafetyChain Software
 
9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room servicediscovermytutordmt
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDThiyagu K
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxVS Mahajan Coaching Centre
 

Último (20)

Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdf
 
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot Graph
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdf
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The Basics
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
 
The byproduct of sericulture in different industries.pptx
The byproduct of sericulture in different industries.pptxThe byproduct of sericulture in different industries.pptx
The byproduct of sericulture in different industries.pptx
 
Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy Reform
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impact
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across Sectors
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory Inspection
 
9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SD
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
 

E gov security_tut_session_1

  • 1. ‫أﻛﺎدﯾﻣﯾﺔ اﻟﺣﻛوﻣﺔ اﻹﻟﻛﺗروﻧﯾﺔ اﻟﻔﻠﺳطﯾﻧﯾﺔ‬ The Palestinian eGovernment Academy www.egovacademy.ps Security Tutorial Session 1 PalGov © 2011 1
  • 2. About This tutorial is part of the PalGov project, funded by the TEMPUS IV program of the Commission of the European Communities, grant agreement 511159-TEMPUS-1- 2010-1-PS-TEMPUS-JPHES. The project website: www.egovacademy.ps Project Consortium: Birzeit University, Palestine University of Trento, Italy (Coordinator ) Palestine Polytechnic University, Palestine Vrije Universiteit Brussel, Belgium Palestine Technical University, Palestine Université de Savoie, France Ministry of Telecom and IT, Palestine University of Namur, Belgium Ministry of Interior, Palestine TrueTrust, UK Ministry of Local Government, Palestine Coordinator: Dr. Mustafa Jarrar Birzeit University, P.O.Box 14- Birzeit, Palestine Telfax:+972 2 2982935 mjarrar@birzeit.eduPalGov © 2011 2
  • 3. © Copyright Notes Everyone is encouraged to use this material, or part of it, but should properly cite the project (logo and website), and the author of that part. No part of this tutorial may be reproduced or modified in any form or by any means, without prior written permission from the project, who have the full copyrights on the material. Attribution-NonCommercial-ShareAlike CC-BY-NC-SA This license lets others remix, tweak, and build upon your work non- commercially, as long as they credit you and license their new creations under the identical terms. PalGov © 2011 3
  • 4. Tutorial 5: Information Security Session 1 Outline: • Session 1 ILO’s. • Introduction E-governments and Security • Introduction to Information Security and Threats (CIA) • ISO 27000 Standards. PalGov © 2011 4
  • 5. Tutorial 5: Session 1 - ILO’s This session will contribute to the following ILOs: • A: Knowledge and Understanding • a1: Define the different risks and threats from being connected to networks, internet and web applications. • a2: Defines security standards and policies. • a3: Recognize risk assessment and management • a4: Describe the Palestinian eGovernment infrastructure and understand its security requirements. • B: Intellectual Skills • b1: Illustrate the different risks and threats from being connected. • b2: Relates risk assessment and management to e-government model. • b3: Design end-to-end secure and available systems. • C: General and Transferable Skills • d3: Analysis and identification skills. PalGov © 2011 5
  • 6. Tutorial 5: Information Security Session 1 Outline: • Session 1 ILO’s. • Introduction to E-governments and Security • Introduction to Information Security and Threats (CIA) • ISO 27000 Standards. PalGov © 2011 6
  • 7. Introduction to Palestinian E- governments and Security • The Palestinian e-Government Architecture • Security Framework • Missing Knowledge and Skills: PalGov © 2011 7
  • 8. The Palestinian e-Government Architecture (1) • Palestinian e-government architecture developed in cooperation with the Estonian government. • The architecture connects all ministries together through a government service bus, called “x-road Palestine”. • This service bus, represents standard service oriented architecture , • Provision of secure services. • Not yet implemented, PalGov © 2011 8
  • 10. The Palestinian e-Government Architecture (3) • Public services can be accessed by citizens or entrepreneurs through the portal component. • It allows users first to login and authenticate themselves through smart-card and/or passwords; • The portal then provides the list of services that the authenticated user is allowed to access. • Then, the server communicates with the server of the ministry of interior or the server of the ministry of health and so on. PalGov © 2011 10
  • 11. The Palestinian e-Government Architecture (4) • Several frameworks should be established to enable these interoperations, • Each organization develops and operates its services and data. • An organization can be a ministry, a governmental agency or a private firm. • In Palestine, there are 23 ministries, 55 governmental agencies, and many private firms that may all join the e- government at a certain stage. PalGov © 2011 11
  • 12. The Palestinian e-Government Architecture (4) • Hence, five frameworks are needed to implement the aforementioned e- government architecture –i) infrastructure framework, –(ii) security framework, –(iii) interoperability framework, –(iv) legal framework, –(v) policy framework. PalGov © 2011 12
  • 13. Pal. E-gov Security Framework After establishing the network between governmental institutions, this network needs to be secure: both point to point network security and end-to-end security service are required: – Data Confidentiality, Data Integrity, Authenticity. – No surreptitious forwarding – Non-repudiation – Access Control – timeliness (to avoid replay attacks) – Accounting and Logging: – Availability. PalGov © 2011 13
  • 14. Pal. E-gov Security Framework • To deal with these issues, the following mechanisms are needed: – Authentication services – Confidentiality services – Data integrity and non-repudiation services – Authorization services – Intrusion detection and prevention. – Malicious software and virus protection. – Denial of service and distributed denial of service detection and prevention. – Firewall systems. – Risk assessment and management. – Policy making and enforcement. – Training and awareness building. PalGov © 2011 14
  • 15. Missing Knowledge and Skills: • Missing Knowledge and Skills: – For all: • Understand the types of risks and threats from being connected. • Understand security standards and policies including risk assessment and management • Be aware of the threats of connecting to the internet and using web applications and social networks • Ability to protect themselves and applications from security threats PalGov © 2011 15
  • 16. Missing Knowledge and Skills: • Missing Knowledge and Skills: – For IT professionals: • Ability to design, implement and deploy user authentication services. • Ability to design, implement and deploy end- to-end security systems. • Ability to design, implement and deploy authorization services. • Ability to design, implement, and deploy confidentiality services., • Ability to design and deploy security policies PalGov © 2011 16
  • 17. Tutorial 5: Information Security Session 1 Outline: • Session 1 ILO’s. • Introduction E-governments and Security • Introduction to Information Security and Threats (CIA) • ISO 27000 Standards. PalGov © 2011 17
  • 18. Introduction to Information Security and Threats • Overview • Basic Security Concepts • Computer Security Issues • Vulnerabilities / Attacks PalGov © 2011 18
  • 19. Overview Computer Security: “ protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability and confidentiality of information system resources (includes hardware, software, firmware, information/data, and telecommunications).” 1. [1] Definition taken Computer Security: Principles and Practice, by William Stallings and Lawrie Brown. Published by Pearson/Prentice Hall, © 2008. ISBN: 0-13-600424-5. PalGov © 2011 19
  • 20. Key Security Concepts PalGov © 2011 20
  • 21. Understanding the Importance of Information Security • Prevents data from being stolen • Maintains productivity • Prevents cyber-terrorism • Prevents theft of identities • Maintains competitive advantage • Prevents modifying data, forging data, masquerading and impersonating users, etc. PalGov © 2011 21
  • 22. Computer Security Issues / Challenges 1. Not simple 2. Must consider potential attacks 3. Procedures used counter-intuitive 4. Involve algorithms and secret info 5. Battle of wits between attacker / admin 6. Not perceived as benefit until things fail… 7. Requires regular monitoring 8. Regarded as impediment to using system PalGov © 2011 22
  • 23. Security Terminology Lecture slides by Lawrie Brown PalGov © 2011 23
  • 24. Secure Communication with an Untrusted Infrastructure PalGov © 2011 24
  • 25. Secure Communication with an Untrusted Infrastructure • Ali may send a message to Sara… • A devil may take Ali credentials and claim he is Ali and resend a message to Sara claiming he is Ali. PalGov © 2011 25
  • 26. Secure Communication with an Untrusted Infrastructure • E- government usually has communication between different parties over secure and unsecure infrastructures. PalGov © 2011 26
  • 27. CIA and AAA Concepts •CIA •Confidentiality. •Integrity. •Availability •AAA •Authentication (password). •Authorization (Access Control). •Auditing (Accounting and Logging). PalGov © 2011 27
  • 28. Tutorial 5: Information Security Session 1 Outline: • Session 1 ILO’s. • Introduction E-governments and Security • Intro to Information Security and Threats (CIA) • ISO 27000 Standards. PalGov © 2011 28
  • 29. ISO 17799 • We will learn about: – ISO 17799 (2000 and 2005) precursor of ISO 27002 (2007) – Originally Based on BS 7799 part 1 (1995) – “Information Technology – Code of Practice for Information Security Management” – ISO 27001 (2007), originally BS 7799 Part 2 is a practical application of ISO 27002 and specifies requirements for establishing an Information Security Management System ISMS, as a precursor to being certified by a certification body) PalGov © 2011 29
  • 30. ISO 27002 (2007) • Includes: –Risk Assessment & Treatment –Security Policies –Organization –Asset Management –HR PalGov © 2011 30
  • 31. ISO 27002 (2007) • Includes: – Communications and Operations – Physical and Environmental – Access Control Information – Systems Acquisition, Development and Maintenance – IS Incident Management – Business Continuity Model BCM – Compliance PalGov © 2011 31
  • 32. Why is Information Security Important • Information and its supporting processes are business assets to governments and orgs. • Some businesses and orgs (e.g. Banks and governments), deal with information. • Information CIA /AAA are needed. PalGov © 2011 32
  • 33. Information Security Requirements • These are determined by considering – Risk assessment of information loss to organisation. – Legal, statutory, regulatory and contractual requirements placed on the organisation. – Information processing needs of the organisation to support its operations. PalGov © 2011 33
  • 34. IS Controls (1) • Controls can be: – Policies – Practices – Procedures – Organisational Structures/Roles – Software Functions • Controls are selected based upon their cost of implementation vs. loss to organisation of money, time, reputation and functionality. PalGov © 2011 34
  • 35. IS Controls (2) • The following controls are ESSENTIAL from a legislative point of view – Data protection and privacy of personal information – Protection of Organisational records e.g. financial data. – Protection of Intellectual Property Rights (including those of business partners) • The following controls are BEST practice – Information security policy document – Allocation of information security responsibilities – Education and Training of staff in Information Security – Reporting security incidents – Business continuity management PalGov © 2011 35
  • 36. Related IS Issues • Security Policy • Organisational Security • Asset Classification and Control • Personnel Security • Physical and Environmental Security • Communications and Operations Security • Access Control • System Development and Maintenance • Business Continuity Management (BCM) • Compliance PalGov © 2011 36
  • 37. Security Policy • Objective: To provide management support and direction for information security in the organisation. • Policy should have an owner, and should be regularly reviewed and enhanced. • Do we have policies for Palestine ?? PalGov © 2011 37
  • 38. Internal Organisational Security • Objective: – to manage information security in the organisation – Appoint owners to every information asset and make them responsible for its security • Our Orgs require – Have an expert advisor (internal or external) – Have an authorisation process for all new systems – Have an independent reviewer to assess compliance with security policy PalGov © 2011 38
  • 39. Asset Classification and Control • Objective: to maintain protection of information assets. –Assets include: hardware, software, electronic data and documentation. –Very Important to our e-gov project. PalGov © 2011 39
  • 40. Personnel Security • Objective: to reduce risks of human errors, theft, fraud, misuse of Information Systems – Should be integrated with the Legal Tutorial of our project PalGov © 2011 40
  • 41. Physical and Environmental Security • Objectives: To prevent unauthorised access, loss, damage, and theft of IS resources – Equipment Disposal. Remove all confidential information or destroy the media – Protect/restrict physical access to equipment PalGov © 2011 41
  • 42. Communications and Operations Security • Related areas to be covered: – Operational procedures and responsibilities – System planning and acceptance – Malicious software e.g. viruses – Housekeeping (backups, archives etc) – Network management – Handling of media – Exchange of information and software PalGov © 2011 42
  • 43. Communications and Operations Security – Procedures • Objective: Ensure correct and secure operation of IS facilities – Document operating procedures for each system (and keep them up to date!) – Separation of operational and development systems PalGov © 2011 43
  • 44. Communications and Operations Security – System Acceptance • Objective: to minimise risk of system failure PalGov © 2011 44
  • 45. Communications and Operations Security – Malicious software • Objective: To protect the integrity of software and information – Need to protect against viruses, worms, logic bombs, Trojan horses etc. – Policy should require software to be licensed and authorised before use – WHAT ABOUT FREE LICENSING. – Policy should require safe methods for import of files from media and networks – Anti-virus software should be regularly updated – Documented procedures for reporting and recovering from virus infections – Educate staff about viruses and protection methods (training) PalGov © 2011 45
  • 46. Communications and Operations Security – Housekeeping • Objective: To maintain the availability of information and software – Use of Raid Technology – Regular backups of data should be taken, kept securely, and tested for correct recovery – Operational staff should keep a log of their activities e.g. times systems started, failed, recovered, and logs should be independently inspected for conformance to procedures – Support staff should log all user fault reports and their resolutions PalGov © 2011 46
  • 47. Communications and Operations Security – Network Management • Objective: To safeguard the network and information on it – Protect from unauthorised access e.g. use of firewalls – Protect disclosure of confidential information e.g. VPN – Ensure availability e.g. by having backup networks/links – Prevent Disclosure PalGov © 2011 47
  • 48. Communications and Operations Security – Media Handling • Objective: To prevent damage to media or loss of contents PalGov © 2011 48
  • 49. Communications and Operations Security – Information Exchange • Objective: To prevent loss of information exchanged between organisations – Must be consistent with legislation e.g. data protection act – Public servers e.g. Web – may need to comply with legislation in recipient country, also need controls to stop modifications – Exchanges should be based on an agreement comprising: • Standards for packaging, notification arrangements, responsibilities in case of loss, agreed labelling system, methods of transfer (e.g. tamper resistant packaging, encryption) • E-commerce: authentication and authorisation methods, settlement method, liability if fraudulent transactions – Policy for use of email: what (not) to send via email, what protection to use, use of inappropriate language – Policy for use of fax, phone, mail, video: confidentiality issues, storage issues, access issues – WHAT ABOUT E-GOV X-ROAD. – WHAT ABOUT CLOUD COMPUTING !!! PalGov © 2011 49
  • 50. Access Control • Objective: To control access to information – Access control policy should state rules and rights for each user and group of users – Rules should differentiate between mandatory and optional ones, administrator or automated approval. • Good base “Everything forbidden unless expressly permitted” – Formal registration and de-registration process for users – Allocate unique IDs to users to allow auditing – Limit the use of system privileges – Record who is allocated which IDs and privileges and regularly review them esp. special privileges – Ensure unattended equipment has appropriate protection PalGov © 2011 50
  • 51. Access Control – Passwords • Have a password management policy known by all users • Have users sign a statement to keep passwords confidential • Allocate a temporary password which users must change at first log on • Force strong passwords >8 characters, easy to remember but not linked to user, preferably mixed characters and not dictionary words (upper/lower case/numbers/special) • Make users change passwords at predefined intervals • Store password files encrypted and separately from application files • Don’t display passwords during login PalGov © 2011 51
  • 52. Access Control – Networks • Objective: Protection of networked services – Network access policy – services allowed, user authorisation procedures, management controls – Have Enforced Paths that control the path from user’s device to networked services e.g. dedicated telephone numbers, limited roaming, screening routers – Mandate user authentication before they gain access – Protect remote access to engineering diagnostic ports – Separate internal network into security domains – Install application proxy firewalls PalGov © 2011 52
  • 53. Access Control – Operating systems • Objective: To prevent unauthorised computer access – Identify the user and optionally the calling location – Record successful and failed login attempts – Display a warning notice to users at login – Don’t provide help for unsuccessful logins – Limit number of failed logins (e.g. to 3) and have a time delay between each attempt – Limit the time for the login procedure – Display the following information after successful login • Last time user logged in & number of failed attempts since – Time out inactive sessions, time limit high risk sessions PalGov © 2011 53
  • 54. Access Control – Monitoring • Objective: to detect unauthorised access – Audit logs record: user ID, location, date and time, attempted action, success/fail, plus alerts – Actions include: log on, log off, files accessed, records accessed, programs used, devices attached/detached – Intrusion Detection Systems analyse logs to look for anomalous behaviour and system misuse. Issue alerts when they detect them – Audit logs should be protected against modification – Accurate clock times are important for accurate logs – Audit logs should be protected against modification (as well as deletion and forging) PalGov © 2011 54
  • 55. System Development and Maintenance • Objective: To ensure that security is built into Information Systems – Security requirements should be identified during project’s requirements phase and be related to the business value of the system – Data input validation: out of range values, invalid characters, missing fields, exceeding upper limits – Data processing validation: balancing controls, checksums, programs run in correct order and at correct time – Data output validation: plausibility checks, reconciliation counts PalGov © 2011 55
  • 56. Business Continuity Management (1) • Objective: To counteract interruptions to business activity and to protect critical business processes from the effects of major failures – Failures can come from natural disasters, accidents, equipment failures and deliberate attacks – Perform a risk analysis, identifying causes, probabilities and impacts – Implement cost effective risk mitigating actions PalGov © 2011 56
  • 57. Business Continuity Management (2) –Formulate Business Continuity Plan –Implement and test the BCP –Continually review and update the BCP –Failure of equipment in a particular zone –VERY IMPORTANT FOR THE E-GOV ESPECIALLY IN PALESTINE PalGov © 2011 57
  • 58. Compliance – legal • Objectives: Ensure compliance with legislation – Identify applicable laws – data protection, privacy, monitoring use of resources, computer misuse – Rules for admissibility and completeness of evidence – Ensure copyright and software licences are adhered to (implement controls and spot checks) – Keep asset register, proofs of purchase, master discs – Organisational records must be kept securely for a minimum statutory time period – Consider media degradation and technology change – Complemented by the Legal Issues tutorial. PalGov © 2011 58
  • 59. Compliance – security policy • Objectives: Ensure compliance with security policy – Security of information systems should be regularly reviewed – Managers should ensure all procedures are carried out properly PalGov © 2011 59
  • 60. Summary • In this session we discussed the following: – The Palestinian e-gov architecture. – The security framework for the e-gov platforms – The required skills for people involved in the e- gov activities. – Introduction to security and the CIA concept. – Detailed information about the security management and risk assessment standards included in the ISO 27002. PalGov © 2011 60
  • 61. Bibliography 1. Computer Security: Principles and Practice, by William Stallings and Lawrie Brown. Published by Pearson/Prentice Hall, © 2008. ISBN: 0-13- 600424-5. 2. Lecture Notes by David Chadwick 2011, True - Trust Ltd. 3. Cryptography and Network Security, by Behrouz A. Forouzan. Mcgraw-Hill, ©2008. ISBN: 978-007- 126361-0. 4. Center for Interdisciplinary Studies in Information Security (ISIS) http://scgwww.epfl.ch/courses PalGov © 2011 61
  • 62. Thanks Radwan Tahboub PalGov © 2011 62