Deliovering Secure e-Goverment Facilities in Africa

THE UNITED REPUBLIC OF TANZANIA President’s office, Public Service Management

e-Government Agency

Delivering Secure, Public-Oriented e-Government Facilities in Africa

A Holistic Approach

Dr. Jabiri Kuwe Bakari Bsc. Computer Sc., Msc. (Eng.) Data comm., PhD.

(CEO) e-Government Agency (eGA)

e-Government Agency - Tanzania

1

Agenda


1. Introduction

2. e-Government Facilities in a Nutshell

3. Delivering Secure, Public-Oriented e-Government Facilities

4. Issues and Challenges - African perspective

5. Suggestions to Address the Challenges

6. Conclusion

Introduction e-Government The use of ICT , and particularly the internet, as a tool to achieve better government.

The process involves people, hardware (computers, networks gadgets), software (operating systems and application systems) and systems (combination of hardware, software and people).

The arrangement requires reliable and secure communication infrastructure to facilitate exchange of information, skilled staff and presence of appropriate e-legislations

e-Government Facilities These are general systems and components needed to create the necessary e-

government offerings, such as software, hardware, infrastructure and other e-services platforms.

ICT/e-Government Security The protection of information systems against unauthorised access to or

modification of information, whether in storage, processing or transit, and against

the denial of or absence of service to authorised user or the provision of service to

unauthorised users, including those measures necessary to detect, document, and

counter such threats.

It covers information, infrastructure, processes, systems, services and technology.


© e-Government Agency

4

Infor. System in Various Public Institutions

1-Secured information systems within The public institutions

2 Secured infrastructure between the public institutions

Public services available through

Various platform/service providers

Public getting various services

through Various platform/ service providers / operators

Private Cloud Use of Shared resources, systems, Data centres,

secured infrastructure etc

e-Government in a Nutshell


5

Hardware

Operating

system

Applications

Store

Process

Collect

Communi

cate

Hardware

Operating

system

Applications

Store

Process

Collect

Communi

cate

Operational

Procedural Operational

Procedural

Mechanical/Electronic


Administrational

Managerial Administrational

Managerial

Legal/ContractualLegal/Contractual

Ethical/CultureEthical/Culture

Database

(Various business

records etc. )Database

(Various business

records etc. )

e-Government Facilities in a Nutshell

Valuable asset of public

Institution-Information Valuable asset of Public

institution -Information

Software (Operating

systems, Application

software) set of

instructions

ICT eGov

Private Cloud

•It is about business processes, enabled by ICT, taking place within and between different public

institutions

•It is about collecting, processing, storing and exchanging information within and between different

public institutions


6

Hardware

Operating

system

ApplicationsStore

Process

Collect

Communi

cate

Hardware

Operating

system

Applications

Store

Process

Collect

Communi

cate

Operational

Procedural Operational

Procedural

Mechanical/ElectronicMechanical/Electronic

Administrational

Managerial Administrational

Managerial

Legal/ContractualLegal/Contractual

Ethical/CultureEthical/Culture

• Information security is about protection of ICT assets/resources in

terms of Confidentiality, Integrity and Availability – (information

and services)

Malicious software (Virus,

worm or denial-of-service

attack, Backdoors, salami

attacks, spyware, etc.) can

be introduced here !

Holistic Approach

required

Database

(Various business

records etc. )

Database

(Various business

records etc. )

Valuable asset of the Public

institutions -Information

Valuable asset of the public

institutions-Information

Delivering secure, public-oriented e-Government

facilities

Physical security of

the hardware

Authorised user

abusing his/her

privileges e.g.

Disgruntled staff


7

Issues and Challenges

1. Cultural and Ethical Challenges

User behaviour - Culture of “sharing”

Unethical behaviour,

2. Legal Challenges

Lack of Legal framework necessary to avail e-

government services to citizenry


8

Issues and Challenges…

3.Administrative and Managerial Challenges

Existence of perception gap between the decision

makers and technical staff on ICT security. Thus,

difficult in getting Strategic Management's Backing.

Inadequacy of well structured ICT

departments/units, with appropriate skills and

strategically positioned within public institutions.

Lack of competent and vetted human resource to

effectively deal with ICT security.

Inadequate collaboration between the ICT

departments in public institutions and the e-

Government entity

Acquisition of e-government solutions which are

not derived from institutions requirement (vendor

driven)


9

Issues and Challenges…

4) Operational Procedure Challenges

Absence of ICT security policies,

standards and guidelines both at

national and organizational levels

5) Technical Issues

Software, hardware and network

vulnerabilities coupled with Inadequate

management, control and maintenance

of ICT

E-Government systems not integrated –

exchange of information between one

system and another system is facilitated

by user


Suggestions to address the Challenges

At a Strategic Level

• Knowing and acknowledging the problem/ issue

• Bridging the gap between decision makers and technical staff

• ICT security concerns should be addressed in the initial planning of e-government initiatives

• Formulating ICT Security strategies at national and organizational levels

• ICT security challenges should not be dealt in isolation, instead holistic approach is required.

• Putting in place coherent legal and regulatory frameworks - Whole process of e-Government need to be guided by sound legal and regulatory environment.


Suggestions to address the Challenges

At Tactical and Operational Level • HR: Involving skilled and ethical personnel during

acquisition, installation and operationalization of e-government

• Capacity building and awareness raising

• Implementing ICT Security strategies at national and organizational levels

• Use Standards and Best Practices


12

A Holistic Approach for Managing ICT Security in Organisations

Strategic (Top)

Management’s

Backing

(GL-01)

Technical

Management's

Backing

(GL-02)

Quick

Scan

(GL-04)

Form

Project

Team & Plan

(GL-03)

General

Management’s

attention &

Backing

(GL-05)Risk

Assessment/

Analysis

(GL-08)

Mitigation

Planning

(GL-09)

Develop

Counter

Measures

(GL-10)

Operationalisation

(ICT Security

Policy, Services &

Mechanisms)

(GL-11)

Maintenance

(Monitor the

Progress)

(GL-12)

Review/Audit

ICT Security

(GL-06)

Awareness

& Backing of

General staff

(GL-07)

INTERNALISED & CONTINUOUS PROCESS

INTRODUCTION OF ICT

SECURITY MANAGEMENT

PROCESS (INITIALISATION)

The Organisation

The Organisation’s goal & services

Sta

nd

ard

s a

nd

Be

st

Pra

cti

se

s

Th

e O

rga

nis

ati

on

’s c

ult

ure

& b

eh

av

iou

r

The Environment

Stakeholders

Pu

blic

in

fra

str

uc

ture

s

Th

e O

rga

nis

ati

on

’s s

tru

ctu

re

Presented in a book: ISBN Nr 91-7155-383-8


Each process maps the Holistic View of the security challenge


Applications

Operating

system

Hardware

Store

Process

Collect

Commu

nicate

Social

Technical

Holistic view of ICT

Security Problem (SBC)

Ethical/Culture

Legal/Contractual

Administrational

Managerial

Operational

Procedural

People

Users

Valuable asset-

Information

Database

(Various business

records etc. )

Process

(GL - X)


A holistic approach for managing ICT security is required for public-oriented e-

Government facilities to be secure!

General Management


Applications

Operating

system

Hardware

Store

Process

Collect

Commu

nicate

Social

IT managers &

Security Personnel

Technical

Holistic view of ICT

Security Problem (SBC)

Ethical/Culture

Legal/Contractual

Administrational

Managerial

Operational

Procedural

People

Users

Perception Problem

Valuable asset-

Information

Database

(Financial, customer

records etc. )

General Management

This is a technical

problem

Lets have the best Firewall,

Antivirus etc.

This is a business

Problem

Depending on organisation structure -

The general management team may

comprise of CEO, Assistant to CEO,

All Directors, and all CXOs from major

units which are not Directorates


END

Thank You for Listening

15 e-Government Agency - Tanzania

Deliovering Secure e-Goverment Facilities in Africa

Technology

Transcript of Deliovering Secure e-Goverment Facilities in Africa