THE UNITED REPUBLIC OF TANZANIA
President’s office, Public Service Management
e-Government Agency
Delivering Secure, Public-Oriented e-Government
Facilities in Africa
A Holistic Approach
Dr. Jabiri Kuwe Bakari
Bsc. Computer Sc., Msc. (Eng.) Data comm., PhD.
(CEO)
e-Government Agency (eGA)
Agenda
e-Government Agency - Tanzania
1. Introduction
2. e-Government Facilities in a Nutshell
3. Delivering Secure, Public-Oriented e-Government
Facilities
4. Issues and Challenges - African perspective
5. Suggestions to Address the Challenges
Introduction
e-Government
The use of ICT , and particularly the internet, as a tool to achieve better government.
The process involves people, hardware (computers, networks gadgets), software (operating systems and application systems) and systems (combination of hardware, software and people).
The arrangement requires reliable and secure communication infrastructure to facilitate exchange of information, skilled staff and presence of appropriate e-legislations
e-Government Facilities
These are general systems and components needed to create the necessary government offerings, such as software, hardware, infrastructure and other e-services platforms.
ICT/e-Government Security
The protection of information systems against unauthorised access to or modification of information, whether in storage, processing or transit, and against the denial of or absence of service to authorised user or the provision of service to unauthorised users, including those measures necessary to detect, document, and counter such threats.
© e-Government Agency
4
Infor. System in Various Public Institutions
1-Secured information systems within The public institutions
2 Secured infrastructure between the public institutions
Public services available through
Various platform/service providers
Public getting various services through Various platform/ service providers / operators
Private Cloud Use of Shared resources,
systems, Data centres, secured infrastructure etc
e-Government in a Nutshell
5 Hardware Operating system Applications Store Process Collect Communi cate Hardware Operating system Applications Store Process Collect Communi cate Operational Procedural Operational Procedural Mechanical/Electronic Mechanical/Electronic Administrational Managerial Administrational Managerial Legal/Contractual Legal/Contractual Ethical/Culture Ethical/Culture Database (Various business
records etc. ) (Various businessDatabase
records etc. )
e-Government Facilities in a Nutshell
Valuable asset of public Institution-Information
Valuable asset of Public institution -Information Software (Operating systems, Application software) set of instructions ICT eGov Private Cloud
•It is about business processes, enabled by ICT, taking place within and between different public institutions
•It is about collecting, processing, storing and exchanging information within and between different public institutions
6 Hardware Operating system Applications Store Process Collect Communi cate Hardware Operating system Applications Store Process Collect Communi cate Operational Procedural Operational Procedural Mechanical/Electronic Mechanical/Electronic Administrational Managerial Administrational Managerial Legal/Contractual Legal/Contractual Ethical/Culture Ethical/Culture
• Information security is about protection of
ICT
assets/resources in
terms of
Confidentiality, Integrity and Availability
– (information
and services)
Malicious software (Virus, worm or denial-of-service attack, Backdoors, salami attacks, spyware, etc.) can be introduced here ! Holistic Approach required Database (Various business records etc. ) Database (Various business records etc. )
Valuable asset of the Public institutions -Information Valuable asset of the public
institutions-Information
Delivering secure, public-oriented e-Government
facilities
Physical security of the hardware Authorised user abusing his/her privileges e.g. Disgruntled staff7
Issues and Challenges
1. Cultural and Ethical Challenges
User behaviour - Culture of “sharing”
Unethical behaviour,
2. Legal Challenges
Lack of Legal framework necessary to avail
e-government services to citizenry
8
Issues and Challenges…
3.Administrative and Managerial Challenges
Existence of perception gap between the decision
makers and technical staff on ICT security. Thus,
difficult in getting Strategic Management's Backing.
Inadequacy
of
well
structured
ICT
departments/units, with appropriate skills and
strategically positioned within public institutions.
Lack of competent and vetted human resource to
effectively deal with ICT security.
Inadequate
collaboration
between
the
ICT
departments in public institutions and the
e-Government entity
Acquisition of e-government solutions which are
not derived from institutions requirement (vendor
driven)
9
Issues and Challenges…
4) Operational Procedure Challenges
Absence
of
ICT
security
policies,
standards
and
guidelines
both
at
national and organizational levels
5) Technical Issues
Software,
hardware
and
network
vulnerabilities coupled with Inadequate
management, control and maintenance
of ICT
E-Government systems not integrated
–
exchange of information between one
system and another system is facilitated
by user
Suggestions to address the Challenges
At a Strategic Level
•
Knowing and acknowledging the problem/ issue
•
Bridging the gap between decision makers and
technical staff
•
ICT security concerns should be addressed in the initial
planning of e-government initiatives
•
Formulating ICT Security strategies at national and
organizational levels
•
ICT security challenges should not be dealt in isolation,
instead holistic approach is required.
•
Putting in place coherent legal and regulatory
frameworks -
Whole process of e-Government need to be
guided by sound legal and regulatory environment.
e-Government Agency - TanzaniaSuggestions to address the Challenges
At Tactical and Operational Level
•
HR: Involving skilled and ethical personnel during
acquisition, installation and operationalization of
e-government
•
Capacity building and awareness raising
•
Implementing ICT Security strategies at national and
organizational levels
12
A Holistic Approach for Managing ICT Security in Organisations
Strategic (Top) Management’s Backing (GL-01) Technical Management's Backing (GL-02) Quick Scan (GL-04) Form Project Team & Plan
(GL-03) General Management’s attention & Backing (GL-05) Risk Assessment/ Analysis (GL-08) Mitigation Planning (GL-09) Develop Counter Measures (GL-10) Operationalisation (ICT Security Policy, Services &
Mechanisms) (GL-11) Maintenance (Monitor the Progress) (GL-12) Review/Audit ICT Security (GL-06) Awareness & Backing of General staff (GL-07)
INTERNALISED & CONTINUOUS PROCESS INTRODUCTION OF ICT
SECURITY MANAGEMENT PROCESS (INITIALISATION)
The Organisation
The Organisation’s goal & services
S ta n d a rd s a n d B e s t P ra c ti s e s T h e O rg a n is a ti o n ’s c u lt u re & b e h a v io u r The Environment Stakeholders P u b li c i n fr a s tr u c tu re s T h e O rg a n is a ti o n ’s s tr u c tu re
Presented in a book: ISBN Nr 91-7155-383-8
Each process maps the Holistic View of the
security challenge
Mechanical/Electronic Applications Operating system Hardware Store Process Collect Commu nicate Social Technical Holistic view of ICTSecurity Problem (SBC) Ethical/Culture Legal/Contractual Administrational Managerial Operational Procedural People Users Valuable asset-Information Database (Various business records etc. ) Process (GL - X)
A holistic approach for managing ICT
security is required for public-oriented
e-Government facilities to be secure!
General Management Mechanical/Electronic Applications Operating system Hardware Store Process Collect Commu nicate Social IT managers & Security Personnel Technical Holistic view of ICT
Security Problem (SBC) Ethical/Culture Legal/Contractual Administrational Managerial Operational Procedural People Users Perception Problem Valuable asset-Information Database (Financial, customer records etc. ) General Management This is a technical problem
Lets have the best Firewall, Antivirus etc.
This is a business Problem
Depending on organisation structure - The general management team may comprise of CEO, Assistant to CEO, All Directors, and all CXOs from major
units which are not Directorates