Stewart Kowalski

Secure e-Government Services: A Comparative Analysis of e-Government Maturity Models for the Developing Regions-The Need for Security Services

E-Government offers many benefits to government agencies, citizens and the business community. However, e-Government services are prone to current and emerging security challenges posing potential threats to critical information assets. Securing it appears to be a major challenge facing governments globally. Based on the international security standards-the paper thoroughly investigates and analyzes eleven e-government maturity models eGMMs for security services. Further, it attempts to establish a common frame of reference for eGMM critical stages. The study utilizes the Soft Systems Methodology SSM of scientific inquiry/ learning cycle adopted from Checkland and Scholes. The findings show that security services technical and non-technical are lacking in eGMMs-implying that eGMMs were designed to measure more quantity of offered e-government services than the quality of security services. Therefore, as a step towards achieving secure e-government services the paper proposes a common frame of reference for eGMM with five critical stages. These stages will later be extended to include the required security services.

Secure e-government services: Towards a framework for integrating it security services into e-government maturity models

e-Government maturity models (eGMMs) lack security services (technical and socio/non-technical) in its critical maturity stages. The paper proposes a comprehensive framework for integrating IT security services into eGMM critical stages. The proposed framework is a result of integrating information security maturity model (ISMM) critical levels into e-government maturity model (eGMM) critical stages. The research utilizes Soft Systems Methodology (SSM) of scientific inquiry adopted from Checkland and Scholes. The paper contributes to the theoretical and empirical knowledge in the following ways: firstly, it introduces a new approach that shows how governments can progressively secure their e-government services; secondly, it outlines the security requirements (technical and non-technical) for critical maturity stages of eGMM; and thirdly, it enhances awareness and understanding to the governments and stakeholders such as practitioners, experts and citizens on the importance of security requirements being clearly defined within eGMM critical stages.

Bridging the gap between general management and technicians - A case study on ICT security in a developing country

The lack of planning, business re-engineering, and coordination in the whole process of computerisation is the most pronounced problem facing organisations. These problems often lead to a discontinuous link between technology and the business processes. As a result, the introduced technology poses some critical risks for the organisations due, in part, to different perceptions of the management and technical staffs in viewing the ICT security problem. This paper discusses a practical experience on bridging the gap between the general management and ICT technicians.

Secure e-learning using a holistic and immune security framework

This paper describes how to secure e-learning systems by applying the Holistic and Immune Security Framework. E-learning has great potential for developing communities but security of e-learning systems has not been fully addressed. We have developed a security framework that considers culture of users and environments where information systems operate. The holistic and immune security framework is a function of the deterrence, prevention, detection, response, and recovery system. The security framework makes an E-learning system learn to adapt to environments and to culture of users. We apply the principles of immune system to secure E-learning systems. We describe how to secure the weak links that are created by culture of users in E-leaning systems.

Two Case Studies in Using Chatbots for Security Training

This paper discusses the result of two case studies performed in a large international company to test the use of chatbots for internal security training. The first study targeted 26 end users in the company while the second study examined 80 security specialists. From a quantitative analytical perspective there does not appears to be any significant findings when chatbots are used for security training. However there does appear to be qualitative data that suggest that the attitudes of the respondents appear to be more positive to security when chatbots are used than with the current traditional e-learning security training courses at the company.

The ABCs and Es of national computer security policies

Researching national computer security policies is almost a crypt0 analytical activity. The agencies responsible for computer security policies seem to be applying Shannon’s [l] two basic cipher principles of diffusion and confusion in their development and distribution of computer security policies. To paraphrase Shannon Diffusion-a [user] must read a tremendous amount of material to tie down the structure.

Cybernetic analysis of national computer security

This paper gives a cybernetic analysis of security models used in four major Western countries. First, the methodology used for the cybernetic analysis will be explained using examples of computer security models developed in the U.S. Second, information obtained about computer security models used in the U.S., England, Germany and France will be compared using the methodology described.

A Day in the Life of a Swedish IT Security Officer: An Attempt at an Empirical Study

This paper describes an attempt to collect data on the day-to-day activities of IT security officers in Sweden. A number of different techniques for collecting data are discussed including, analysis of employment adds for IT-security officers, job descriptions, mail-in questionnaires and interviews. The results of interviews with 10 IT security officers are presented. The interviews indicated that a large portion of the IT-security officer’s day (20–30%) is involved with education and awareness training of personnel. Few of the officers interviewed (two) actually performed operational security matters and most were involved with coordination of security activities within operational units. All interviewed indicated that they see their task as being more social than technical oriented and indicated that their day-to-day decisions are based more on hunch and intuition than in-depth analysis.

Cybernetic analysis of the 12th U.S. National Computer Security Conference

This report is an anlysis of the 1989 12th U.S. National Computer Security Conference using the SIIS projects cybernetic analysis methodology SBC. The papers presented at the conference are classified using the SBC static classification scheme. Once the papers are classified the SBC dynamic classification scheme is used to chart trends and tendencies in the computer security problems and solutions.