Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Community
Ask the community for help and clear up your study doubts
Discover the best universities in your country according to Docsity users
Free resources
Download our free guides on studying techniques, anxiety management strategies, and thesis advice from Docsity tutors
A framework for securing e-Governance
Typology: Study notes
1 / 7
This page cannot be seen from the preview
Don't miss anything!
i | P a g e
of the Ph.D. Thesis
Submitted to
for the award of the Degree of Doctor of Philosophy
Submitted by
(Prof. M. N. Doja) Supervisor FTK-Centre for Information Technology. Jamia Millia Islamia, New Delhi , 110025.
FTK-Centre for Information Technology Jamia Millia Islamia, New Delhi. December, 2017
ii | P a g e
Keywords: e-Governance, Cloud Computing, Security Assessment, Security Framework, Analytical Hierarchy Process.
Abstract : Now-a-days the whole paradigm of governance has changed. Governments are providing e-services through Internet. e-citizens are now well aware of their rights and expect delivery of services to be more transparent, efficient as well as at a faster speed. This has made the use of ICT imperative for achieving good governance. e-Governance refers to the use of Information and Communication Technologies (ICT) for providing convenient and efficient access to the government information & services to citizens, business and government agencies with improved quality of services at greater speed. e- Governance is also a powerful vision for enhancing democratic processes, providing citizens opportunities to participate in different kinds of democratic processes and thus improving the quality of lives of e-citizens, enabling their economic development and renewing the role of government in society. During last decade, the National e- Governance Plan is the most significant initiative taken in India for providing efficient delivery of e-services. It focuses on various 31 Mission Mode Projects at the central, state and integrated levels.
The emergence of Information and Communication Technology (ICT) and new computing paradigms has provided significant opportunities to the governments for faster & better information processing leading to qualitative better decision making, greater accountability, wider reach, better utilization of resources and thus overall good governance. Traditionally accessing government services is very difficult due to slow,
iv | P a g e
identify and quantify the risks associated with the implementation of the Cloud. Further, organizations should have a proper risk management system to manage and mitigate these risks. The risk management system should routinely identify, monitor, assess, and manage those risks to avert their occurrence or mitigate their impacts. Risk Assessment is the first step in the process of Risk Management, in which security risks are identified along with its probability of risk occurrence; its impact are determined and countermeasures to mitigates those risks are implemented. Defining necessary controls for reducing or eliminating those risks is also very important objective of Risk Assessment. One of the security challenges for a Cloud based e-governance is to define suitable security standards and assessment method for the evaluation of security service level. It is absolutely necessary to have a robust security assessment system for the Cloud Computing environment, which can quantitatively evaluate security level of the system, so that users of the system have high-level of confidence to use it. During literature survey, it has been found that there are some security risk assessment standards released by governments and private organizations such as NIST and the International Organization for Standardization (ISO),which have released standards like NIST SP800- 30, SP 800-37; (ISO) 27005, ISO 31000, ISO/IEC 31010 and COBIT. Although these standards are generic standards but are not specific for the Cloud environment. These frameworks assume that the assets and security processes are fully managed by the organization itself, which is not true in case of Cloud Computing environments. The risk assessment framework released by European Network and Information Security Agency (ENISA) is based on the survey of related works and research recommendations. Although the framework is a generic framework and is specific for Cloud Computing, but
v | P a g e
it does not map the specifics of Cloud Service Providers (CSPs) & Cloud Service Customers (CSCs) to the 35 risks specified in the framework. It also does not quantify the observations. The Cloud Security Alliance (CSA) standard defines security domains related with specific functional domains like Identity Management, Virtualization, Governance etc. but the framework does not quantify the observations. Some research work have also been done in proposing risk assessment model in the Cloud, but these works are limited to specific security problems, such as Denial of Service (DoS), Attacks in Cloud, Data Transmission with Cloud Computing, Insider Attacks, Virtualization threats, Anti-virus in the Cloud service, Service-Level Agreement and Identity Management.
The study further highlighted the fact that there is a lack of suitable risk management approaches for the government organizations in a Cloud environment. Most of the current frameworks are generic and are either not at all specific for the Cloud environment or are limited to specific security problems of the Cloud. Therefore, there is a need of new Risk Management Framework to monitor the effectiveness of the current Security Controls for fully secured operations, so that citizens can trust Government organizations. If the security risk level is not high, then citizens will be using the e-services without any hesitations. As the security requirements of an organization vary based on the specific security risks of the Organization, it is absolutely essential to have a comprehensive end- to-end Security Framework based on industry Standards, but tailored to the specific requirement of an Organization.
In view of the lack of security standards and Security Management approaches available in Cloud environment as mentioned above, the goal of this research work was to propose
vii | P a g e
Muzaffar Azim received B. Tech degree in Engineering from Institute of Technology, B.H.U. in 1985 and the Masters in Computers Applications degree from Birla Institute of Technology, Ranchi, India in 1994. He has more than 16 years working experience in the field of Information Technology with an expertise in Project Management. As the Project Manager of various Multinational Companies, he has accomplished various onsite assignments at Japan, Singapore & Holland. At present he is working at FTK-Centre for Information Technology, Jamia Millia Islamia, New Delhi. His research interest includes Security & Privacy of Cloud Computing, Information System Security, e-Governance and Fuzzy Mathematics. He has published a number of papers in National/International Journals of Information Security and Privacy. Academic Qualification: Masters in Computer Application (MCA) from Birla Institute of Technology, Mersa Ranchi in 1993 (1st^ Class IIIrd^ ). B. Tech degree in Engineering from Institute of Technology, B.H.U. in 1985. Diploma in Financial Management, IGNOU in 1993.
Personal Details: Nationality: Indian Fathers Name: ( late ) Dr. Md. Azimuddin Date of Birth: 30 th^ December 1962 Place of Birth: Patna, (Bihar ) Phone: 9718385887 Email: mazim@jmi.ac.in
