Mais conteúdo relacionado
Semelhante a Session 5.2 Martin Koyabe (20)
Mais de Commonwealth Telecommunications Organisation (20)
Session 5.2 Martin Koyabe
- 2. © Commonwealth Telecommunications Organisation
What is e-Government ?
“ The use by government agencies of information
communications technology to transform relations
with citizens, businesses, and other arms of
government.”
Source: World Bank
2
radically
- 3. © Commonwealth Telecommunications Organisation
Why e-Government ?
“around 170 out of 193 countries have implemented some
form of ICT (i.e. just having a website or even an email) “
Source: ITU
3
Better
Government
Government
Efficient
ParticipatoryEffective
Accountable
Transparent
- 4. © Commonwealth Telecommunications Organisation
e-Government Interactions & Relationships
4
Government
Citizens
BusinessG-to-C
C-to-G
B-to-C
C-to-B
G-to-B
B-to-GG-to-G
C-to-C
B-to-B
- 7. © Commonwealth Telecommunications Organisation
Challenges & Obstacles in e-Government
#1 – Technical
– Lack of adequate IT infrastructure
o public service legacy systems still being used
– Lack of technical knowledge
o in deploying e-government strategic programs
– Lack of efficient & robust secure system
o in terms of information security & data privacy
7
- 8. © Commonwealth Telecommunications Organisation
Challenges & Obstacles in e-Government
#2 – Political
– Low prioritization of e-Government initiatives
o Lack of policies, regulatory structures & resources
– Poor strategic vision
o Lack of integration with mainstream strategies
– Lack of broad partnerships & collaborations
o with relevant multi-stakeholders
8
- 9. © Commonwealth Telecommunications Organisation
Challenges & Obstacles in e-Government
#3 – Cultural
– e-Government -> “Big Brother”
o Perception of government spying on its citizens
– e-Government -> “Retrenchment”
o Fears by public service staff about loosing jobs
– Lack of confidence/trust in using e-Government systems
o Poor education and lack of awareness
– General fears
o About loosing control or ownership of information
9
- 10. © Commonwealth Telecommunications Organisation
Challenges & Obstacles in e-Government
#4 – Legal/Regulatory
– Lack of relevant legislation
o Data protection & privacy laws critical
– Non-existence of cross-border peering agreements
o To apprehend or pursue cybercriminal criminals
– Less friendly regulatory environment
o Need to encourage investment
10
- 13. © Commonwealth Telecommunications Organisation
Security Trends Impacting e-Government
13
“The Mobile – Paradigm Shift, is among the four key security
trends impacting e-Government. Others are Malware,
Targeted and Data Breaches attacks. “ Source: Symantec
- 14. © Commonwealth Telecommunications Organisation
“The Elephant in the Room”
• Bring Your Own Device (BYOD)
– BYOD refers to smart phones and tablets that are not
owned by the organisation
14
- 15. © Commonwealth Telecommunications Organisation
Unmasking “The Elephant in the Room”
• Despite high rate of BYOD adoption
– Governance not well understood by many organisations
– Initiatives sometimes approved without a business case
– Inadequate information security functions
15
Study on BYOD
Source: ISF/Ponemon Institute
- 16. © Commonwealth Telecommunications Organisation
Main BYOD Risks
• Caused by ownership of the device
– Exposes organisations to different risk caused by
owners behaviour & constrains available controls
16
Study on mobile devices
Source: ISF/Trustwave Study (2013)
- 17. © Commonwealth Telecommunications Organisation
How do you manage BYOD risks?
• Approach should be information-centric
– Impact on data (information) should be the focus
17
Physical
Software
Data
• Hardware
• Connectivity
• Operating
system
• Applications
• Information
- 18. © Commonwealth Telecommunications Organisation
Managing BYOD risks
• #2 A threat and Vulnerability assessment
– Determines the likelihood of that impact
18
• #1 Conduct a Business Impact Assessment
– Impact on organisation should Confidentiality,
Integrity or Availability of information is compromised
– Where applicable, use existing BIA for guidance
- 19. © Commonwealth Telecommunications Organisation
Managing BYOD risks
• #3 Conduct a Risk Treatment
– Mitigation – applying appropriate security controls
o e.g. malware protection, mobile devise management (MDM) or Data
Loss Prevention (DLP)
– Transfer – risks are shared with an external or via insurance
– Avoidance – risk are avoided by cancelling a particular BYOD initiative
– Acceptance – Business owners take responsibility
19
- 20. © Commonwealth Telecommunications Organisation
Managing BYOD risks
• Other deployment issues to consider
– Implementing BYOD in the organisation
o Need to define governance structures and policies
– Evaluation
o Collect metrics and user feedback
– Enhancement
o Maintain effective risk management efforts
o Update the BYOD programme strategy and policies
20
- 21. © Commonwealth Telecommunications Organisation
My thoughts
• BYOD is here to stay
• Ignore BYOD risk at your own peril
• BYOD ownership behaviour adds more risk
• If you want BYOD be prepared to compromise
• BYOD data/stored information is more important
21