Information Security Report: Threats, Governance, and E-Governance

Verified

Added on 2020/05/03

AI Summary

This report delves into the realm of information security, examining its implications in public sector organizations, particularly in developing countries. It addresses the adoption of information systems, highlighting the associated threats and vulnerabilities, such as website security issues, malware attacks, and denial-of-service attacks. The report further explores corporate governance, emphasizing the need for robust security policies, employee training, and risk assessment. It also discusses the significance of e-governance, its adoption across various countries, and its impact on government-citizen interactions. The report analyzes the evolution of e-governance, drawing parallels with e-commerce, and underscores the importance of addressing security implications to ensure the success of e-governance initiatives. It also offers insights into the challenges faced by countries like Zanzibar and Pakistan, providing potential solutions to enhance information security and e-governance practices.

Running head: INFORMATION SECURITY
Information security
Name of the student
Name of the University
Author Note

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

1INFORMATION SECURITY
Answer to question 1:
The information system sectors are responsible for creating a change in the way o
operation of the public sector organizations around the world. Mostly all the organizations who
are responsible for working in the public sectors, have adopted the use of the information system
policies to provide more efficient services to their customers (Casmir and Yngström 2003). The
main services that are referenced by the adoption of the information system prospects are the
immigration, tax, birth and death, registration of the voters, public financial services and payroll
departments. These adoptions of the information security services are being addressed in the
developing countries now where the developed countries have already adopted them many years
ago. Zanzibar is also termed as developing country and is adopting the use of the information
services for their public services. However, the services adoption is causing threats and
vulnerabilities for the associated stakeholders like absence of efficient personnel, monetary
problems and lack of developed infrastructure.
According to a research carried out in Zanzibar, there were several challenges that
contributed to threats. The first threat is the presence of website security which is depicted by the
use of the services for website addressing. The analysis finds out about the in-house hosting and
developing of the websites which makes them less complied to the security based policies and
frameworks. In addition, the websites also are not complying to the guidelines that are to be
maintained during dealing with customer credentials (Estevez and Janowski 2013). Furthermore,
another challenge faced by the organizations of Zanzibar is the malicious attacks from viruses
and malwares. From the analysis made from the research, the percentage of attacks in the
organizations was more than 80% (Kaaya 2004). These virus attacks were responsible for attacks

2INFORMATION SECURITY
in the organizations and were also responsible for causing hindrances in operations. The major
problems were the loss of data from the devices or denial of service attacks which were highly
responsible for threatening the normal operations of the organization involved.
For various other developing countries like Cuba or Afghanistan, the need for a security
framework is basically needed for referencing to the presence of security by offshore means.
This is the reason for the implementation of international security standards so that the
management of these threats can be properly addressed (Karokola and Yngström 2009).
According to the National Security Conference that was hosted in London, most of the
information security based attacks are mainly due to the emergence of international attackers
whose locations are not local to the country.
There are various threats and vulnerabilities which are present in the constitution of
Pakistan (Jan and Khan 2013). The first cyber security related implications are the existence of
malwares. These are an effective tool for information hijacking ad eavesdropping which are
currently being used by unethical attackers for targeting mobile phone users. As a Smartphone is
the most likely used method for getting portability and user-friendly specifics, the need for
enhancing it my improving the various sophisticated designs is a necessity (Mahmood and Afzal
2013). This leads to various security implications to be left un-addressed which calls for risk
assessment techniques to be used for this case. Another security implication which is on the rise
in Pakistan is the DoS (Denial-of-service) attacks. These attacks are responsible for removing
user access from the system. These are very dangerous as their use can be used for targeting the
business processes of a company leading to hampering of a day’s operations. Another similar
threat is the DDoS (Distributed DoS) which is used to threaten the application layer of the OSI
model. Phishing is another cyber security threat that is also another point of concern for Pakistan

3INFORMATION SECURITY
(Mustafa, Akhter and Nasrallah 2013). This process is used to trap the credentials from users by
sending those fake emails or websites. These are the main point of concern for the government of
Pakistan as the security issues due to such attacks are very high.
Answer to question 2:
Corporate governance is termed as an institutional structure which is responsible for
providing direction and orientation to the various corporate entities. It is also termed as the center
of the economy and societal democracy. As most of the organizations and businesses are
responsible for implementation of various technology based adoptions, the process of e-
governance by corporate means are thus undertaken (Mlangeni and Biermann 2006). This is
mainly used for the deigning, budgeting, implementations and organizing the security of
information services.
The research study made has shown that the adoption of these services in the public
sectors is not yet accomplished. In addition, the employees are also not successfully trained using
these services (Estevez and Janowski 2013). This causes a need for the adoption of various
security related policies for addressing the application-specific issues or system-specific issues
for enhancing the responsibilities of the e-governance part of public sectors. Moreover, the
organizations must also opt for an establishment of governing body who will be responsible for
monitoring electronically.
The corporate governance bodies can serve as proxies for the e-governance prospects by
introducing various ways in their implied services. The main services to be included in the public
sector organizations include the introduction of CCTV cameras for providing real time analytics,
electronic locks to address authentication needs and other locks for the various ICT (Information

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

4INFORMATION SECURITY
and communication) related services (Mundy and Musa 2010). In addition, the public sector
organizations should also add a more secured policy for checking the visitor analytics and also
get administrative rights to immediately revoke the accounts of potentially harmful users.
Additionally, the employees of the organizations are also needed to be trained regarding these
prospects. Moreover, the public sector organizations are also to setup strong policies to for
assessing the security risks that may be present due to the presence of third parties or contractors
associated with them.
The entities of the corporate governance sector must ensure the proper and efficient
training of the personnel working in the public sector organizations (OWASP 2010). This must
be done by providing regular training to the employees for achieving better work output (Ifinedo
2012). In addition, the public sector governing bodies must also increase the job satisfaction of
the employees through salary hikes and performance appraisals.
For addressing the security aspects of a public sector organization, the presence of better
security policies are needed for mitigating the existence of various risks and vulnerabilities of the
system (Hove, Ngwerume and Muchemwa 2013). This can be done by implementing better
frameworks and adopting biometric scanning for authorization and authentication purposes. This
process will be made by generating unique identification numbers for each of the employees.
These identification numbers will be checked before granting them access to the system.
Lastly, the public sector organizations are responsible for including a backup plan in their
system which will be used to address disaster recovery methods. This includes the presence of
both the online and offline system backup so that they can be quickly loaded in the system in

5INFORMATION SECURITY
case of any such disasters (Wangwe, Eloff and Venter 2009). This will remove the need for the
business to lose a day of operations and will increase business transparency.
Answer to question 3:
The use of various information services by the governing bodies is the main
considerations to be included in the e-governance section. This is mainly used for tending to the
business relations among the customers and other businesses as well (Mlangeni and Biermann
2006). The results of such adoption are the reduction of various parameters responsible for
discrepancies to the system.
The prospects of e-governance have been adopted by almost all the governments of the
country. It is also responsible for the conversion of traditional governing methods in a radical
way. It is mainly in place to ensure the right of a consumer to government services (Kaaya
2004). Although the use of the e-governance prospect cannot be adopted in many places
especially in the computer absent places, their adoptions are still considered efficient. This is the
reason for using enhanced technologies to use the prospect of e-governance in a true manner.
The e-governance services are being adopted globally in mostly all the countries by
converting their communications from the analog to digital age (Karokola and Yngström 2009).
This is mainly done by educating the common masses which will help in addressing the
requirements for an e-governance prospect. The most important aspect of the e-governance
services are the electronic identification cards (e-ids) that are used for voting purposes. This is a
secure way of operating which is considered both in the developed and the developing countries
(Cheang and Sang 2009). For example, the use of the electronic identification cards is already
being addressed in the United Kingdom.

6INFORMATION SECURITY
The evolution of the e-governance services is similar to the e-commerce background. As
the main work of an e-commerce platform is the engagement of business to customers, the main
work of the e-governance is government to citizens (Prasad 2012). As the evolution of the
internet industry mainly involved an initial shift from web presence interactions to transactional
integrations, the e-governance prospects will also follow a similar path in serving the needs of
the citizens.
The e-governance prospects are also used to address the basic requirements of the
administrative services (Casmir and Yngström 2003). This is mainly done by reducing the
various bureaucratic boundaries of the administrative bodies. This is mainly used to showcase
the dissimilarities among the e-governance and the e-commerce platforms or the private and the
public sector. As it can be seen from the study that the public sector organizations have not
addressed the security implications in the ICT services, the evolvement of the e-governance
prospects have been considered to be a partially failure. This causes the e-governance prospects
to implement on a newly made propaganda for addressing a renewal in democratic efficiencies
(Wangwe, Eloff and Venter 2009). This failure is considered to renew in an efficient way by
acquiring better technological advancements, better funding and coordinated actions.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

7INFORMATION SECURITY
References:
Alvi, F.A., Choudary, B.S., Jaferry, N. and Pathan, E., 2012. Review on cloud computing
security issues & challenges. iaesjournal. com, 2.
Basharat, I., Azam, F. and Muzaffar, A.W., 2012. Database security and encryption: A survey
study. International Journal of Computer Applications, 47(12).
Casmir, R. and Yngström, L., 2003. Security Dimension of IT in Developing Countries: Risks
and Challenges. Journal of Information Warfare, 2(3), pp.38-46.
Cheang, S. and Sang, S., 2009, March. State of Cybersecurity and the Roadmap to Secure Cyber
Community in Cambodia. In Availability, Reliability and Security, 2009. ARES'09. International
Conference on (pp. 652-657).
Doherty, N.F. and Fulford, H., 2005. Do information security policies reduce the incidence of
security breaches: an exploratory analysis. IGI Global.
Estevez, E. and Janowski, T., 2013. Electronic Governance for Sustainable Development—
Conceptual framework and state of research. Government Information Quarterly, 30, pp.S94-
S109.
Hilali, A.Z., 2017. US-Pakistan relationship: Soviet invasion of Afghanistan. Taylor & Francis.
Hove, M., Ngwerume, E. and Muchemwa, C., 2013. The urban crisis in Sub-Saharan Africa: A
threat to human security and sustainable development. Stability: International Journal of
Security and Development, 2(1).
IEEE. Zanzibar, “Copyright Act, 2003”

8INFORMATION SECURITY
Ifinedo, P., 2012. Factors influencing e-government maturity in transition economies and
developing countries: a longitudinal perspective. ACM SigMIS Database, 42(4), pp.98-116.
Information technology – security techniques – code of practice for information security
management, ISO/EIC 27002:2005, 2007.
Information technology — security techniques — information security risk management,
ISO/EIC 27005:2008, 2008.
Jan, M.A. and Khan, M., 2013. Denial of Service Attacks and Their Countermeasures in
WSN. IRACST–International Journal of Computer Networks and Wireless Communications
(IJCNWC), 3.
Kaaya, J., 2004, March. The emergence of e-government services in East Africa: tracking
adoption patterns and associated factors. In Proceedings of the 6th international conference on
Electronic commerce (pp. 438-445). ACM.
Karokola, G. and Yngström, L., 2009. State of e-Government Development in the Developing
World: Case of Tanzania-Security vie. In 5th International Conference on e-Government (pp.
92-100). ACADEMIC CONFERENCES LTD.
Khan, M., Hossain, S., Hasan, M. and Clement, C.K., 2012. Barriers to the introduction of ICT
into education in developing countries: The example of Bangladesh. Online Submission, 5(2),
pp.61-80.
Khan, S. and Pathan, A.K., 2013. Wireless networks and security. Berlin: Springer.

9INFORMATION SECURITY
Mahmood, T. and Afzal, U., 2013, December. Security Analytics: Big Data Analytics for
cybersecurity: A review of trends, techniques and tools. In Information assurance (ncia), 2013
2nd national conference on (pp. 129-134). IEEE.
Mlangeni, S.A. and Biermann, E., 2006. Assessment of Information Security Policies within the
Polokwane Region: A Case Study (Doctoral dissertation, Tshwane University of Technology).
Moran, T., 2012. Foreign direct investment. The Wiley-Blackwell Encyclopedia of Globalization.
Mundy, D. and Musa, B., 2010. Towards a framework for e-government development in
Nigeria. Electronic Journal of E-government, 8(2), pp.148-161.
Mustafa, D., Akhter, M. and Nasrallah, N., 2013. Understanding Pakistan's water-security
nexus. Washington, DC: United States Institute of Peace.
OWASP (2010) Open Web Application Security Project. Available at: http://www.owasp.org.
(Accessed: 18 November 2010)
Prasad, K., 2012. E-governance policy for modernizing government through digital democracy
in India. Journal of Information Policy, 2, pp.183-203.
Rasul, G., Mahmood, A., Sadiq, A. and Khan, S.I., 2012. Vulnerability of the Indus delta to
climate change in Pakistan. Pakistan journal of meteorology, 8(16).
Von Solms, B. and Von Solms, R., 2004. The 10 deadly sins of information security
management. Computers & Security, 23(5), pp.371-376.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

10INFORMATION SECURITY
Wangwe, C.K., Eloff, M.M. and Venter, L.M., 2009. E-government readiness: An information
security perspective from east africa. IST-Africa 2009 Conference Proceedings.CNSS,
“NationalInformation Assurance Glossary”, 2010.
Yadav, N. and Singh, V.B., 2013. E-governance: past, present and future in India. arXiv preprint
arXiv:1308.3323.
Zanzibar, “Industrial Property Act of 2008”
Zanzibar, “Public Service Act 2010”, 2010.
Zanzibar,“Penal Degree (Amendment) Act No 6 2004: Offences Connected with Computers
Chapter 13”
Zanzibar,“Written Laws (Miscellaneous Amendment) Act 1995”