SlideShare a Scribd company logo

E-government Security Models

Editor IJCATR, profile picture
Editor IJCATR

The document reviews various e-government security models, emphasizing their importance in the development and implementation of e-government systems worldwide. It discusses layered security approaches, cloud computing models, and the necessity for robust security measures to protect critical data and ensure user trust. The paper also highlights specific models from countries like Dubai and Egypt, showcasing different strategies to improve e-government security across diverse settings.

Technology
1 of 4
Downloaded 25 times
1
2
3
4
International Journal of Computer Applications Technology and Research Volume 5– Issue 7, 439 - 442, 2016, ISSN:- 2319–8656 www.ijcat.com 439 E-government Security Models Omar A. Ali Department of Information Systems Najran University Najran KSA Talaat M. Wahbi Department of Computer Science and Technology Sudan University of Science and Technology Khartoum, Sudan Izzeldin M. Osman Department of Computer Science Sudan University of Science and Technology Khartoum, Sudan Abstract: E-government security is a key problem to restrict the construction and development of E-government systems in any country over the world. E-Government security models are widely used in the implementation and development of e- government systems. Due to the deference situation of the countries over the world there are various security models applied in each country. This paper reviews different security models in e-government in order to determine important parameters for e-government strategic planning. Keywords: E-government, security model, ICT, layers, sub-layer 1. INTRODUCTION Dependency on Information and Communication Technology (ICT) for supporting core operations to both government and private sector is increasing [1]. Similarly, organization’s critical information has developed into a key strategic asset in a competitive world [2]. Nevertheless, the pace of ICT advancement such as development, deployment and use of e- government infrastructures is much faster than the development and deployment of security services, including technical and the existing and new emerging security risks [3, 4]. Technical security aspects include hardware and software solutions such as Access control and Antivirus mechanisms [5, 6, 7]. The application of information security principles in an e-government environment is a complex, multidimensional issue involving people, technology and processes. E- government security is considered one of the crucial factors for achieving an advanced stage of e-government. As the number of e-government services introduced to the user increases, a higher level of e-government security is required. 2. REVIEW In order to get the maximum decrease of data breaches and get the maximum protection of critical data when using e- government systems in any country over the world there should be a security model to satisfy this purpose. The security models of E-government may be based on layers [9], cloud computing [10], based on service-oriented architecture [15], access control policy [11], and security system based on information security model [12]. 2.1 The Five Security Layered-Model in Dubai In this model there are five layers. Each layer will mitigate group of threats related to an e-services. The model is composed of technology layer, policy layer, competency layer, operational and management layer, and decision layer. The technology layer for example will address all the technological threats while the policy and competency layers will address the threats on an e- service related to the human aspect. Each layer is composed of detailed layer which is called the sub-layer of the main layer [8]. See figure 1 showing the E-government security model in Dubai. Figure. 1 E-government security model in Dubai 2.2 Government Cloud Computing Proposed Model: Egyptian E-Government Cloud Computing The proposed hybrid model for Egyptian E-Government Cloud Computing consists of three computing clouds; Inter- Cloud computing, Intra- Cloud computing and Extra-Cloud
International Journal of Computer Applications Technology and Research Volume 5– Issue 7, 439 - 442, 2016, ISSN:- 2319–8656 www.ijcat.com 440 computing, Figure 2. The three cloud models are analogs to the terms Internet, Intranet and extranet in their functionality, operation and management. Intra-Cloud computing "IACC" is a private cloud which is dedicated to a single national entity cluster, (see Figure 3). Members of that cluster are the only legitimate users. Extra-Cloud computing "EXCC" is a community cloud that enables entities from different clusters to integrate and to aggregate their work as required. There are two types of EXCC. The first type connects multiple IACC of a specific national entity cluster, Figure 3. The second type connects different national entity clusters that differ in their functions and services, (see Figure 2). Inter-Cloud computing "IECC" is a public cloud that enables any user (citizen, guest, organizations) to require specific requests and receives their responses or outcomes, (see Figure 2). In IECC, it is expected to store the least sensitive data and to run the related application software. Figure. 2 Proposed model for Egyptian E-Government Cloud Computing Figure. 3 IACC and EXCC for National entity A. 2.3 A Secure Maturity Model for Protecting e-Government Services: A Case of Tanzania The proposed secured e- Government maturity model consists of four layers, namely: (1) secured digital presence, (2) secured interaction, (3) secured transaction, and (4) secured transformation. The implementation of the proposed model is neither based on a specific technology/protocol nor a certain security system/product, but rather an approach towards a structured and efficient implementation of those technologies. The security layers include technical and non-technical security control elements. The proposed security layers are further described in the following paragraphs. [10] 2.3.1 Secured Digital Presence This stage involves simple provision of government information through website (static) with basic information that the citizen can access [11]. This is a one-way communication between governments, businesses and citizens. Generally, the information provided by organizations at this stage are public and normally with zero security. At this stage, the security layer should have the ability to verify e- Government services identity in order to build trust between government agencies and users. The users would like to be sure that they are connected to the e-Government service belonging to the administration in question [12]. 2.3.2 Secured Interaction At this stage the interaction between government and the public (Government-to-Citizens and Government-to- Businesses) is stimulated by various applications. Citizens can ask questions via e-mail, use search engines and download forms and documents [12]. The communication is performed in two ways, but the interactions are relatively simple and generally revolve around information provision. At this stage, the security layer should have the ability to authenticate a user/ citizen asking for a service. The most important security aspects at this stage are identity authentication, availability and integrity. 2.3.3 Secured Transaction At this stage public organizations provide electronic initiatives and services with capabilities and features that facilitate clients to complete their transactions in full without the necessity of visiting government offices [37]. The public can carry out their financial transactions with the government Such services also allow the government to function in a 24/7 mode. The most important security aspects at this stage are personal information confidentiality, identity authentication, availability, non-repudiation, accountability and integrity. 2.3.4 Secured Transformation This stage allows users of e-Government services to interact with government as one entity instead of Information systems are integrated, and the citizens' individual government organizations [14]. can get services at one virtual counter. The integration of information systems can result in situations where the privacy of individual citizens is in danger. The most important security aspects of this stage are personal information confidentiality, identity authentication, availability, nonrepudiation, accountability and integrity. At this stage, the security layer should restrict the utilization of
International Journal of Computer Applications Technology and Research Volume 5– Issue 7, 439 - 442, 2016, ISSN:- 2319–8656 www.ijcat.com 441 personal information, and secure such information from access by unintended parties. A government agency should be able to authenticate another government agency that requires a service on behalf of the users. 2.4 A Security E-government Model Based on Service-oriented Architecture Service-oriented architecture is an IT architectural style that supports integrating business as linked services which users can combine and reuse them in the production of business applications [15]. It provides an effective way for constructing loose coupled web services. It relies on services exposing their functionality via interfaces that other services can understand how to utilize those services. SOA logical architecture is shown in Figure 4 [16]. Figure. 4 SOA logical architecture The SOA technology framework to integrate E-government: using BEPL implement work process; realizing seamless integration between services by ESB. Taking the case of online application processing, a scheme of integration E- government system based on SOA is shown as Figure 5. [16] Figure. 5 A scheme of integration E-government system based on SOA 2.5 Research on Role-Based Access Control Policy (RBAC) of E-government The access control system includes subjects, objects and access control policy, and their relationship is shown in figure 6 [17]. Figure. 6 Access Control System Model The RBAC is a new access control technique and notion. It is the development and amelioration of DAC and MAC, and it has been regarded as an effective measure to resolve resource unified access control of large information systems by the public. The RBAC contains five kinds of entities, such as users, roles, constraints, permissions, and sessions. In the RBAC model, it injects the idea of roles between users and access permissions, and a user connects with one or more specific roles, and a role connects with one or more permissions, and roles can be created or canceled according to actual working requirements. The sessions show the relationship between users and roles. The users should activate roles by creating sessions every time and get the specific resource access authorities as shown in Figure 7 [18- 19]. Figure. 7 Basic RBAC Model 2.6 Security System based on Information Security Model The system is designed through modularization and it is mainly divided into initialization module, management module and various application modules. In which, the initialization module is used to manage the original data of the initial management module and various application modules, the management module is used to manage the content which has effect in the overall system, such as the users, privileges and a series of rules in the system. Various application modules work together by using the initialized data and through the transmission media to complete the overall function of the system. The secure e-government system structure is shown in Figure 8.
International Journal of Computer Applications Technology and Research Volume 5– Issue 7, 439 - 442, 2016, ISSN:- 2319–8656 www.ijcat.com 442 Figure. 8 Secure e-government system 3. CONCLUSION Based on the research that led up to this paper, the security model for e-government that adopt layers in its structure is more coherent and comprehensive because of covering all threats that faced e-government in each country. Also this type of models is so easy to be understandable to the employees in any organization. 4. REFERENCES [1] G. Dhillon, (2000). Challenges in managing Information Security in the millennium, Idea Group Publisher, Las Vegas, USA. [2] S. Woodhouse, (2007). Information Security: End User Behavior and Corporate Culture, 7th International Conference on Computer and Information Technology. (IEEE). Pp 767- 774. University of Aizu. Fukushima, Japan. [3] G. Karokola, L. Yngström, & S. Kowalski, (2010). A Comparative Analysis of e-Government Maturity Models for Developing Regions: The Need for Security Services. International Journal of Electronic Government Research. 8: 1-25. [4] P. W. Anderson. (2001). Information security governance. information security technical report. 6: 60 – 70. [5] G. McGraw, (2005). Software Security. Volume1. Addison-Wesley software. USA. [6] M. Bishop, (2006). Computer Security – Arts and Science. Volume1. Addison-Wesley, USA. [7] M. Wimmer, & B. Bredow, (2001). E-Government: Aspect of Security on different layers, In: Proceedings. 12th International Workshop. (Database and Expert Systems Applications) Pp 350-355. IEEE, Linz University., Austria [8] Al-Azazi, S (2008). Amulti-layer model for e-government information security assessment. Grandfield university, dubai [9] Hana, M (2013). E-Government Cloud Computing Proposed Model: Egyptian E_Government Cloud Computing. International Conference on Advances in Computing, Communications and Informatics (ICACCI). Pp 848-852. Electrical and Communication Department Canadian International College ElSheikh Zaid. Egypt [10] Waziri, M. Yonah , Z. (2014). A Secure Maturity Model for Protecting e-Government Services: A Case of Tanzania. Advances in Computer Science: An International Journal 3: 98-106. [11] G. Karokola and L. Yngström, (2009). Discussing E- Government Maturity Models for the Developing World- Security View. Information Systems Security Association Pp81-98. [12] Zhang, F. (2008). Design of E-government Security System based on Information Security Model. 2008 International Conference on Advanced Computer Theory and Engineering. (Research Center of Cluster and Enterprise Development) Pp359-362. Jiangxi University of Finance and Economics. China [13] www.clknet.or.tz J. Yonazi, Adoption of Transactional Level e-Government Initiatives in Tanzania. (Retrieved 13Apr2014) [14] www.utumishi.go.tz, President's Office, Public Service Managements, Tanzania e-Government Strategy, ed, 2012. (Retrieved 10Feb2013) [15] Erl, T, (2005). Service-oriented Architecture: Concepts, Technology, and Design. Volume2. Upper Saddle River: Prentice Hall PTR, USA [16] Ziyao W, Junjie N, Z Duan, (2008). SOA core technologies and application, Publishing House of Electronics Industry, Beijing, Pp.495-497, [17] L Lin, Yongzhao Z, Yi N. (2006) Improved RBAC model based on organization. Journal of Jiangsu University (Natural Science Edition) 27(2):147-150 [18] Zeng Zhongping, Li Zonghua, Lu Xinhai. (2007). The Access Control Policy Study of E-government Information Resource Based on RBAC. Journal of Information, 10:39-41 [19] Barka E, Sandhu R S. (2000). Framework for role-based delegation models. In: Proc. of the 16th Annual Computer Security Application Conf. IEEE Computer Society Press. Pp 168-176

More Related Content

PPT
SMARTIE
DunavNET
 
PPTX
Location Based Services
Peter Byrne
 
PPT
program partitioning and scheduling IN Advanced Computer Architecture
Pankaj Kumar Jain
 
PDF
Iso20022 Straight through Processing
The Benche
 
PPTX
Public Key Cryptosystem
Devakumar Kp
 
PPTX
Dynamic interconnection networks
Prasenjit Dey
 
PPTX
Security services and mechanisms
Rajapriya82
 
PPTX
form view
AbiMurugan2
 
SMARTIE
DunavNET
 
Location Based Services
Peter Byrne
 
program partitioning and scheduling IN Advanced Computer Architecture
Pankaj Kumar Jain
 
Iso20022 Straight through Processing
The Benche
 
Public Key Cryptosystem
Devakumar Kp
 
Dynamic interconnection networks
Prasenjit Dey
 
Security services and mechanisms
Rajapriya82
 
form view
AbiMurugan2
 

What's hot (20)

PDF
Multichannel User Interfaces
Icinetic
 
PPTX
Key management and distribution
Riya Choudhary
 
PPTX
Key Management and Distribution
Syed Bahadur Shah
 
PPT
Distributed document based system
Chetan Selukar
 
PDF
Mobile Theft Tracking Application
IRJET Journal
 
PDF
Internet of Things - module 1
Syed Mustafa
 
PDF
oneM2M overview
Young Sung Son
 
PPT
3 Tier Architecture
guestd0cc01
 
PPT
Elgamal Digital Signature
Sou Jana
 
PPTX
Security auditing architecture
Vishnupriya T H
 
PPT
Capability Maturity Model (CMM) in Software Engineering
FaizanAhmad340414
 
PDF
Raspberry Pi
Selvaraj Seerangan
 
PPT
Client Server Computing : unit 1
THIRUNEELAKANDAN ARCHUNAN
 
PPTX
Cloud Computing
Sine19
 
PPT
KAOS
Syed Zaid Irshad
 
PPT
Designing applications with multimedia capabilities
K Senthil Kumar
 
PPTX
Database security
Software Engineering
 
PPTX
Software design
Zulqarnaintayyab
 
PPTX
Application of IOT in Smart Agriculture
nazimshaikh29
 
PPTX
WEP
Sudeep Kulkarni
 
Multichannel User Interfaces
Icinetic
 
Key management and distribution
Riya Choudhary
 
Key Management and Distribution
Syed Bahadur Shah
 
Distributed document based system
Chetan Selukar
 
Mobile Theft Tracking Application
IRJET Journal
 
Internet of Things - module 1
Syed Mustafa
 
oneM2M overview
Young Sung Son
 
3 Tier Architecture
guestd0cc01
 
Elgamal Digital Signature
Sou Jana
 
Security auditing architecture
Vishnupriya T H
 
Capability Maturity Model (CMM) in Software Engineering
FaizanAhmad340414
 
Raspberry Pi
Selvaraj Seerangan
 
Client Server Computing : unit 1
THIRUNEELAKANDAN ARCHUNAN
 
Cloud Computing
Sine19
 
KAOS
Syed Zaid Irshad
 
Designing applications with multimedia capabilities
K Senthil Kumar
 
Database security
Software Engineering
 
Software design
Zulqarnaintayyab
 
Application of IOT in Smart Agriculture
nazimshaikh29
 
WEP
Sudeep Kulkarni
 
Ad

Viewers also liked (7)

PDF
Security Model for Hierarchical Clustered Wireless Sensor Networks
CSCJournals
 
PDF
A Proposed Security Model for Web Enabled Business Process Management System
CSCJournals
 
PDF
Security Models in Cellular Wireless Networks
William Chipman
 
PDF
E-governance-and-Security
anupriti
 
PDF
Biometric identification
Bozhidar Bozhanov
 
PPTX
E-government architecture
Bozhidar Bozhanov
 
PPT
SOA Security Model For EAI
vivekjv
 
Security Model for Hierarchical Clustered Wireless Sensor Networks
CSCJournals
 
A Proposed Security Model for Web Enabled Business Process Management System
CSCJournals
 
Security Models in Cellular Wireless Networks
William Chipman
 
E-governance-and-Security
anupriti
 
Biometric identification
Bozhidar Bozhanov
 
E-government architecture
Bozhidar Bozhanov
 
SOA Security Model For EAI
vivekjv
 
Ad

Similar to E-government Security Models (20)

PDF
Cloud computing technology for egovernment architecture
ijfcstjournal
 
PDF
A NOVEL SERVICE ORIENTED ARCHITECTURE (SOA) TO SECURE SERVICES IN E-CITY
ijsptm
 
PDF
Government cloud system for Jordan Government cloud system for Jordan
BRNSSPublicationHubI
 
PDF
MACHINE LEARNING AND ARTIFICIAL INTELLIGENCE FOR AUTOMATING E-GOVERNMENT SERV...
IRJET Journal
 
DOCX
Trust management techniques_for_the_internet_of_things_a_survey-converted
tanvir616
 
PDF
Ef36800805
IJERA Editor
 
PDF
PKI IN Government Identity Management Systems
Arab Federation for Digital Economy
 
PDF
Challenges of Technology Infrastructure Availability in EGovernance Program I...
IOSR Journals
 
PDF
Government Community Cloud A Pathway to Secure and Efficient Digital Governan...
manoharparakh
 
PDF
5. ijece guideforauthors 2012 edit sat
IAESIJEECS
 
DOCX
Across the world, governments are trying to present, in the best p.docx
daniahendric
 
PDF
Design and Implementation Security Model for Sudanese E-government
Editor IJCATR
 
PDF
Barriers to government cloud adoption
IJMIT JOURNAL
 
PDF
Security Solutions against Computer Networks Threats
Eswar Publications
 
PDF
Addressing Security Issues and Challenges in Mobile Cloud Computing
Editor IJCATR
 
PDF
A Centralized Multimodal Authentication Platform with trust model approach fo...
Association of Scientists, Developers and Faculties
 
PDF
Best practice framework for information technology security governance in In...
IJECEIAES
 
PDF
Review on Security Aspects for Cloud Architecture
IJECEIAES
 
PDF
FACTORS AFFECTING E-GOVERNMENT ADOPTION IN THE DEMOCRATIC REPUBLIC OF CONGO
IRJET Journal
 
PDF
Challenges of adopting cloud Governance-Prabin.pdf
PrabinPathak5
 
Cloud computing technology for egovernment architecture
ijfcstjournal
 
A NOVEL SERVICE ORIENTED ARCHITECTURE (SOA) TO SECURE SERVICES IN E-CITY
ijsptm
 
Government cloud system for Jordan Government cloud system for Jordan
BRNSSPublicationHubI
 
MACHINE LEARNING AND ARTIFICIAL INTELLIGENCE FOR AUTOMATING E-GOVERNMENT SERV...
IRJET Journal
 
Trust management techniques_for_the_internet_of_things_a_survey-converted
tanvir616
 
Ef36800805
IJERA Editor
 
PKI IN Government Identity Management Systems
Arab Federation for Digital Economy
 
Challenges of Technology Infrastructure Availability in EGovernance Program I...
IOSR Journals
 
Government Community Cloud A Pathway to Secure and Efficient Digital Governan...
manoharparakh
 
5. ijece guideforauthors 2012 edit sat
IAESIJEECS
 
Across the world, governments are trying to present, in the best p.docx
daniahendric
 
Design and Implementation Security Model for Sudanese E-government
Editor IJCATR
 
Barriers to government cloud adoption
IJMIT JOURNAL
 
Security Solutions against Computer Networks Threats
Eswar Publications
 
Addressing Security Issues and Challenges in Mobile Cloud Computing
Editor IJCATR
 
A Centralized Multimodal Authentication Platform with trust model approach fo...
Association of Scientists, Developers and Faculties
 
Best practice framework for information technology security governance in In...
IJECEIAES
 
Review on Security Aspects for Cloud Architecture
IJECEIAES
 
FACTORS AFFECTING E-GOVERNMENT ADOPTION IN THE DEMOCRATIC REPUBLIC OF CONGO
IRJET Journal
 
Challenges of adopting cloud Governance-Prabin.pdf
PrabinPathak5
 

More from Editor IJCATR (20)

PDF
Advancements in Structural Integrity: Enhancing Frame Strength and Compressio...
Editor IJCATR
 
PDF
Maritime Cybersecurity: Protecting Critical Infrastructure in The Digital Age
Editor IJCATR
 
PDF
Leveraging Machine Learning for Proactive Threat Analysis in Cybersecurity
Editor IJCATR
 
PDF
Leveraging Topological Data Analysis and AI for Advanced Manufacturing: Integ...
Editor IJCATR
 
PDF
Leveraging AI and Principal Component Analysis (PCA) For In-Depth Analysis in...
Editor IJCATR
 
PDF
The Intersection of Artificial Intelligence and Cybersecurity: Safeguarding D...
Editor IJCATR
 
PDF
Leveraging AI and Deep Learning in Predictive Genomics for MPOX Virus Researc...
Editor IJCATR
 
PDF
Text Mining in Digital Libraries using OKAPI BM25 Model
Editor IJCATR
 
PDF
Green Computing, eco trends, climate change, e-waste and eco-friendly
Editor IJCATR
 
PDF
Policies for Green Computing and E-Waste in Nigeria
Editor IJCATR
 
PDF
Performance Evaluation of VANETs for Evaluating Node Stability in Dynamic Sce...
Editor IJCATR
 
PDF
Optimum Location of DG Units Considering Operation Conditions
Editor IJCATR
 
PDF
Analysis of Comparison of Fuzzy Knn, C4.5 Algorithm, and Naïve Bayes Classifi...
Editor IJCATR
 
PDF
Web Scraping for Estimating new Record from Source Site
Editor IJCATR
 
PDF
Evaluating Semantic Similarity between Biomedical Concepts/Classes through S...
Editor IJCATR
 
PDF
Semantic Similarity Measures between Terms in the Biomedical Domain within f...
Editor IJCATR
 
PDF
A Strategy for Improving the Performance of Small Files in Openstack Swift
Editor IJCATR
 
PDF
Integrated System for Vehicle Clearance and Registration
Editor IJCATR
 
PDF
Assessment of the Efficiency of Customer Order Management System: A Case Stu...
Editor IJCATR
 
PDF
Energy-Aware Routing in Wireless Sensor Network Using Modified Bi-Directional A*
Editor IJCATR
 
Advancements in Structural Integrity: Enhancing Frame Strength and Compressio...
Editor IJCATR
 
Maritime Cybersecurity: Protecting Critical Infrastructure in The Digital Age
Editor IJCATR
 
Leveraging Machine Learning for Proactive Threat Analysis in Cybersecurity
Editor IJCATR
 
Leveraging Topological Data Analysis and AI for Advanced Manufacturing: Integ...
Editor IJCATR
 
Leveraging AI and Principal Component Analysis (PCA) For In-Depth Analysis in...
Editor IJCATR
 
The Intersection of Artificial Intelligence and Cybersecurity: Safeguarding D...
Editor IJCATR
 
Leveraging AI and Deep Learning in Predictive Genomics for MPOX Virus Researc...
Editor IJCATR
 
Text Mining in Digital Libraries using OKAPI BM25 Model
Editor IJCATR
 
Green Computing, eco trends, climate change, e-waste and eco-friendly
Editor IJCATR
 
Policies for Green Computing and E-Waste in Nigeria
Editor IJCATR
 
Performance Evaluation of VANETs for Evaluating Node Stability in Dynamic Sce...
Editor IJCATR
 
Optimum Location of DG Units Considering Operation Conditions
Editor IJCATR
 
Analysis of Comparison of Fuzzy Knn, C4.5 Algorithm, and Naïve Bayes Classifi...
Editor IJCATR
 
Web Scraping for Estimating new Record from Source Site
Editor IJCATR
 
Evaluating Semantic Similarity between Biomedical Concepts/Classes through S...
Editor IJCATR
 
Semantic Similarity Measures between Terms in the Biomedical Domain within f...
Editor IJCATR
 
A Strategy for Improving the Performance of Small Files in Openstack Swift
Editor IJCATR
 
Integrated System for Vehicle Clearance and Registration
Editor IJCATR
 
Assessment of the Efficiency of Customer Order Management System: A Case Stu...
Editor IJCATR
 
Energy-Aware Routing in Wireless Sensor Network Using Modified Bi-Directional A*
Editor IJCATR
 

Recently uploaded (20)

PPT
Teaching material agriculture food technology
LiaRayya
 
PDF
Approach and Philosophy of On baking technology
30anthuong17
 
PPTX
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
PDF
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
PDF
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
PDF
MIND Revenue Release Quarter 2 2025 Press Release
MIND CTI
 
PDF
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
PPTX
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
PDF
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
PPTX
sap open course for s4hana steps from ECC to s4
sreeni2106invites
 
PDF
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
PDF
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
PPTX
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
PDF
Encapsulation theory and applications.pdf
gurumoop
 
PDF
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
PDF
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
PPT
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
PDF
KodekX | Application Modernization Development
KodekX
 
PDF
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
PPTX
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
Teaching material agriculture food technology
LiaRayya
 
Approach and Philosophy of On baking technology
30anthuong17
 
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
MIND Revenue Release Quarter 2 2025 Press Release
MIND CTI
 
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
sap open course for s4hana steps from ECC to s4
sreeni2106invites
 
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
Encapsulation theory and applications.pdf
gurumoop
 
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
KodekX | Application Modernization Development
KodekX
 
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 

E-government Security Models

  • 1. International Journal of Computer Applications Technology and Research Volume 5– Issue 7, 439 - 442, 2016, ISSN:- 2319–8656 www.ijcat.com 439 E-government Security Models Omar A. Ali Department of Information Systems Najran University Najran KSA Talaat M. Wahbi Department of Computer Science and Technology Sudan University of Science and Technology Khartoum, Sudan Izzeldin M. Osman Department of Computer Science Sudan University of Science and Technology Khartoum, Sudan Abstract: E-government security is a key problem to restrict the construction and development of E-government systems in any country over the world. E-Government security models are widely used in the implementation and development of e- government systems. Due to the deference situation of the countries over the world there are various security models applied in each country. This paper reviews different security models in e-government in order to determine important parameters for e-government strategic planning. Keywords: E-government, security model, ICT, layers, sub-layer 1. INTRODUCTION Dependency on Information and Communication Technology (ICT) for supporting core operations to both government and private sector is increasing [1]. Similarly, organization’s critical information has developed into a key strategic asset in a competitive world [2]. Nevertheless, the pace of ICT advancement such as development, deployment and use of e- government infrastructures is much faster than the development and deployment of security services, including technical and the existing and new emerging security risks [3, 4]. Technical security aspects include hardware and software solutions such as Access control and Antivirus mechanisms [5, 6, 7]. The application of information security principles in an e-government environment is a complex, multidimensional issue involving people, technology and processes. E- government security is considered one of the crucial factors for achieving an advanced stage of e-government. As the number of e-government services introduced to the user increases, a higher level of e-government security is required. 2. REVIEW In order to get the maximum decrease of data breaches and get the maximum protection of critical data when using e- government systems in any country over the world there should be a security model to satisfy this purpose. The security models of E-government may be based on layers [9], cloud computing [10], based on service-oriented architecture [15], access control policy [11], and security system based on information security model [12]. 2.1 The Five Security Layered-Model in Dubai In this model there are five layers. Each layer will mitigate group of threats related to an e-services. The model is composed of technology layer, policy layer, competency layer, operational and management layer, and decision layer. The technology layer for example will address all the technological threats while the policy and competency layers will address the threats on an e- service related to the human aspect. Each layer is composed of detailed layer which is called the sub-layer of the main layer [8]. See figure 1 showing the E-government security model in Dubai. Figure. 1 E-government security model in Dubai 2.2 Government Cloud Computing Proposed Model: Egyptian E-Government Cloud Computing The proposed hybrid model for Egyptian E-Government Cloud Computing consists of three computing clouds; Inter- Cloud computing, Intra- Cloud computing and Extra-Cloud
  • 2. International Journal of Computer Applications Technology and Research Volume 5– Issue 7, 439 - 442, 2016, ISSN:- 2319–8656 www.ijcat.com 440 computing, Figure 2. The three cloud models are analogs to the terms Internet, Intranet and extranet in their functionality, operation and management. Intra-Cloud computing "IACC" is a private cloud which is dedicated to a single national entity cluster, (see Figure 3). Members of that cluster are the only legitimate users. Extra-Cloud computing "EXCC" is a community cloud that enables entities from different clusters to integrate and to aggregate their work as required. There are two types of EXCC. The first type connects multiple IACC of a specific national entity cluster, Figure 3. The second type connects different national entity clusters that differ in their functions and services, (see Figure 2). Inter-Cloud computing "IECC" is a public cloud that enables any user (citizen, guest, organizations) to require specific requests and receives their responses or outcomes, (see Figure 2). In IECC, it is expected to store the least sensitive data and to run the related application software. Figure. 2 Proposed model for Egyptian E-Government Cloud Computing Figure. 3 IACC and EXCC for National entity A. 2.3 A Secure Maturity Model for Protecting e-Government Services: A Case of Tanzania The proposed secured e- Government maturity model consists of four layers, namely: (1) secured digital presence, (2) secured interaction, (3) secured transaction, and (4) secured transformation. The implementation of the proposed model is neither based on a specific technology/protocol nor a certain security system/product, but rather an approach towards a structured and efficient implementation of those technologies. The security layers include technical and non-technical security control elements. The proposed security layers are further described in the following paragraphs. [10] 2.3.1 Secured Digital Presence This stage involves simple provision of government information through website (static) with basic information that the citizen can access [11]. This is a one-way communication between governments, businesses and citizens. Generally, the information provided by organizations at this stage are public and normally with zero security. At this stage, the security layer should have the ability to verify e- Government services identity in order to build trust between government agencies and users. The users would like to be sure that they are connected to the e-Government service belonging to the administration in question [12]. 2.3.2 Secured Interaction At this stage the interaction between government and the public (Government-to-Citizens and Government-to- Businesses) is stimulated by various applications. Citizens can ask questions via e-mail, use search engines and download forms and documents [12]. The communication is performed in two ways, but the interactions are relatively simple and generally revolve around information provision. At this stage, the security layer should have the ability to authenticate a user/ citizen asking for a service. The most important security aspects at this stage are identity authentication, availability and integrity. 2.3.3 Secured Transaction At this stage public organizations provide electronic initiatives and services with capabilities and features that facilitate clients to complete their transactions in full without the necessity of visiting government offices [37]. The public can carry out their financial transactions with the government Such services also allow the government to function in a 24/7 mode. The most important security aspects at this stage are personal information confidentiality, identity authentication, availability, non-repudiation, accountability and integrity. 2.3.4 Secured Transformation This stage allows users of e-Government services to interact with government as one entity instead of Information systems are integrated, and the citizens' individual government organizations [14]. can get services at one virtual counter. The integration of information systems can result in situations where the privacy of individual citizens is in danger. The most important security aspects of this stage are personal information confidentiality, identity authentication, availability, nonrepudiation, accountability and integrity. At this stage, the security layer should restrict the utilization of
  • 3. International Journal of Computer Applications Technology and Research Volume 5– Issue 7, 439 - 442, 2016, ISSN:- 2319–8656 www.ijcat.com 441 personal information, and secure such information from access by unintended parties. A government agency should be able to authenticate another government agency that requires a service on behalf of the users. 2.4 A Security E-government Model Based on Service-oriented Architecture Service-oriented architecture is an IT architectural style that supports integrating business as linked services which users can combine and reuse them in the production of business applications [15]. It provides an effective way for constructing loose coupled web services. It relies on services exposing their functionality via interfaces that other services can understand how to utilize those services. SOA logical architecture is shown in Figure 4 [16]. Figure. 4 SOA logical architecture The SOA technology framework to integrate E-government: using BEPL implement work process; realizing seamless integration between services by ESB. Taking the case of online application processing, a scheme of integration E- government system based on SOA is shown as Figure 5. [16] Figure. 5 A scheme of integration E-government system based on SOA 2.5 Research on Role-Based Access Control Policy (RBAC) of E-government The access control system includes subjects, objects and access control policy, and their relationship is shown in figure 6 [17]. Figure. 6 Access Control System Model The RBAC is a new access control technique and notion. It is the development and amelioration of DAC and MAC, and it has been regarded as an effective measure to resolve resource unified access control of large information systems by the public. The RBAC contains five kinds of entities, such as users, roles, constraints, permissions, and sessions. In the RBAC model, it injects the idea of roles between users and access permissions, and a user connects with one or more specific roles, and a role connects with one or more permissions, and roles can be created or canceled according to actual working requirements. The sessions show the relationship between users and roles. The users should activate roles by creating sessions every time and get the specific resource access authorities as shown in Figure 7 [18- 19]. Figure. 7 Basic RBAC Model 2.6 Security System based on Information Security Model The system is designed through modularization and it is mainly divided into initialization module, management module and various application modules. In which, the initialization module is used to manage the original data of the initial management module and various application modules, the management module is used to manage the content which has effect in the overall system, such as the users, privileges and a series of rules in the system. Various application modules work together by using the initialized data and through the transmission media to complete the overall function of the system. The secure e-government system structure is shown in Figure 8.
  • 4. International Journal of Computer Applications Technology and Research Volume 5– Issue 7, 439 - 442, 2016, ISSN:- 2319–8656 www.ijcat.com 442 Figure. 8 Secure e-government system 3. CONCLUSION Based on the research that led up to this paper, the security model for e-government that adopt layers in its structure is more coherent and comprehensive because of covering all threats that faced e-government in each country. Also this type of models is so easy to be understandable to the employees in any organization. 4. REFERENCES [1] G. Dhillon, (2000). Challenges in managing Information Security in the millennium, Idea Group Publisher, Las Vegas, USA. [2] S. Woodhouse, (2007). Information Security: End User Behavior and Corporate Culture, 7th International Conference on Computer and Information Technology. (IEEE). Pp 767- 774. University of Aizu. Fukushima, Japan. [3] G. Karokola, L. Yngström, & S. Kowalski, (2010). A Comparative Analysis of e-Government Maturity Models for Developing Regions: The Need for Security Services. International Journal of Electronic Government Research. 8: 1-25. [4] P. W. Anderson. (2001). Information security governance. information security technical report. 6: 60 – 70. [5] G. McGraw, (2005). Software Security. Volume1. Addison-Wesley software. USA. [6] M. Bishop, (2006). Computer Security – Arts and Science. Volume1. Addison-Wesley, USA. [7] M. Wimmer, & B. Bredow, (2001). E-Government: Aspect of Security on different layers, In: Proceedings. 12th International Workshop. (Database and Expert Systems Applications) Pp 350-355. IEEE, Linz University., Austria [8] Al-Azazi, S (2008). Amulti-layer model for e-government information security assessment. Grandfield university, dubai [9] Hana, M (2013). E-Government Cloud Computing Proposed Model: Egyptian E_Government Cloud Computing. International Conference on Advances in Computing, Communications and Informatics (ICACCI). Pp 848-852. Electrical and Communication Department Canadian International College ElSheikh Zaid. Egypt [10] Waziri, M. Yonah , Z. (2014). A Secure Maturity Model for Protecting e-Government Services: A Case of Tanzania. Advances in Computer Science: An International Journal 3: 98-106. [11] G. Karokola and L. Yngström, (2009). Discussing E- Government Maturity Models for the Developing World- Security View. Information Systems Security Association Pp81-98. [12] Zhang, F. (2008). Design of E-government Security System based on Information Security Model. 2008 International Conference on Advanced Computer Theory and Engineering. (Research Center of Cluster and Enterprise Development) Pp359-362. Jiangxi University of Finance and Economics. China [13] www.clknet.or.tz J. Yonazi, Adoption of Transactional Level e-Government Initiatives in Tanzania. (Retrieved 13Apr2014) [14] www.utumishi.go.tz, President's Office, Public Service Managements, Tanzania e-Government Strategy, ed, 2012. (Retrieved 10Feb2013) [15] Erl, T, (2005). Service-oriented Architecture: Concepts, Technology, and Design. Volume2. Upper Saddle River: Prentice Hall PTR, USA [16] Ziyao W, Junjie N, Z Duan, (2008). SOA core technologies and application, Publishing House of Electronics Industry, Beijing, Pp.495-497, [17] L Lin, Yongzhao Z, Yi N. (2006) Improved RBAC model based on organization. Journal of Jiangsu University (Natural Science Edition) 27(2):147-150 [18] Zeng Zhongping, Li Zonghua, Lu Xinhai. (2007). The Access Control Policy Study of E-government Information Resource Based on RBAC. Journal of Information, 10:39-41 [19] Barka E, Sandhu R S. (2000). Framework for role-based delegation models. In: Proc. of the 16th Annual Computer Security Application Conf. IEEE Computer Society Press. Pp 168-176