d1 - 2 introduction to information security in e-governance (60min).pdf

8/14/2019 D1 - 2 Introduction to Information Security in e-Governance (60min).pdf

1/53

C: I M

G

D 1

2: I I

G


2/53

A

N I

E I

A I

I O ,


3/53

What is Information?

BS ISO 27002:2005 defines

Information as :

'Information is an asset which, likeother important business assets,has value to an organization andconsequently needs to be suitablyprotected

3


4/53

What is Information?

D /

I

4

Whatever form the information takes, or means by which it is

shared or stored, it should always be appropriately protected

(BS ISO 27002:2005)


5/53

I G G G , ,

B , , , ,

.

.

I , G .

O , , G I (..

, , )

5


6/53

I G

, .

A .

A , ,

.

I G.

6


7/53

I G M G F , G

( IC) :

(1) G G

,

(2) G ,G G

7


8/53

I

G

I

I,

CI,

CD,

F O,

B

I,

I.

8

B , ,

G .


9/53

I G I :

E , .

( , , ) ,

, , D

N N , L , .

O , , , , C

9


10/53

C N: D N

G .

G I: G.

B : D B II

10


11/53

F I Information available at end user levelwhich could be trusted , un-trusted , ThirdParty etc .

Service Layer Information is availableat the applications , databases etc level

Network Layer Information resides atthe network level which encompasses

the entire business functions of theGovernments.

Service Delivery platforms have a hugeasset in terms of government data

InternetThird-PartyApplication

A

Service Delivery Platform

Common Framework

Backbone Network

D


12/53

&

, ,

I

G , G

G , ,

12


13/53


14/53

N I

G (..) G

, , , , .

M ,

.

A , , , , , ,

14


15/53

N I

G (..) E

A /

..

A

A

: O ??

, !!

15


16/53

M

&

( , , & )

16


17/53

C I

C I

H

D

D

M

17


18/53

C & I

D & A

( )

L

L K

E

C G

H &

H

M L E

I

I

F

18


19/53

G L

A

.

F ,

. A , .

19


20/53

.

.

.

I , 80%

.

I ,

.

,

, ,

.

I , 40% I

!!!!


21/53

Defining the risks , threats and

vulnerabilities A

, I .

A , I ,

21


22/53


23/53

G

23

Critical Information Assets

DisclosureModificationLoss, DestructionInterruption




A

A

D

D

I

O


24/53

I

,

. C H M L (HML),

.

.

A C J , A , J,

B

.

E G

.

M .

24


25/53

I

C , H

. .

M .

F , I , .

I () G .

M I .

I I

, , .

25


26/53

I

C

. I

.

, ,

. I

.

I

G G.

.

26


27/53

I

,

. , () .

G , , H C G I (CGI) .

. E .

B G ,

.

/ .

I , .

27


28/53

I

A C G I (CGI)

,

. B CGI ,

.

G , , .

I , .

28


29/53

Threat Sources

29

Source Motivation Threat

External HackersChallengeEgo

Game Playing

System hacking

Internal HackersDeadlineFinancial problems

BackdoorsFraudPoor documentation

External AgentsRevengePolitical

System attacksLetter bombsVirusesDenial of service

Poorly trainedemployees

Unintentional errors

Programming errorsData entry errors

Corruption of data

Malicious code introductionSystem bugsUnauthorized access


30/53

Threat Sources

30

,

,

/

/

/ /

, ,

, , ,

/

, ,


31/53

Threat Sources

31

High UserKnowledge of IT

Systems

Theft,Sabotage,

Misuse

Virus Attacks

Systems &NetworkFailure

Lack OfDocumentation

NaturalCalamities &

Fire

Lack of security


32/53


33/53

I

, , , ,

.

I O

(I) , ,

, CIIEN.

,

.

, , , .

33


34/53

I

I

.

I .

I

, , , ,

I , , . .. , .

34


35/53

O :

, .

.

,

, , .

,

.


36/53


37/53

I

I

C D

D & A

O

L

D

A

K I

L F GI


38/53

Technology which ourBusiness use

Elements of Information

Security

38

OrganizationStaff

Our Business

Process

Elements of Security People


39/53

Elements of Security.. People

& Processes M

E

B

C

C

I

39

H /

I

M

C

A

I L /

M

I ...

"" .

Technology what we use to


40/53

Technology what we use to

improve what we do C, D/ N

(AB), I , IDN , C

O C .

I I

N

F , A, I , H ,A

.

40


41/53


42/53


43/53

A A

D F

I .

, , , .

D .

B .

.


44/53

E L C

44

Security requirement

Security Policy

Security InfrastructureSpecification

Security InfrastructureImplementation

Security Testing

RequirementValidation


45/53

E L C

E L C , ,

, ,

,

.

A G .

, .

45


46/53

E L C

.

I .

, , , , .

46


47/53

E L C

I , , ,

, .

G

.

C , , ,

E L C.

47

G A


48/53

G A

F (AFE)

48

C I

BC

I

ME

C

B C


49/53

B C

49

B L B

B M B


50/53

A I

A I

A

50

&


51/53

D

E D

I

51

M E C


52/53

M E C

M

E H

M

52


53/53

...

..

53

d1 - 2 introduction to information security in e-governance (60min).pdf

Documents