SEMINAR REPORT

ON

ROLE OF CYBER SECURITY

IN DIFFERENT APPLICATION OF
E GOVERNANCE

COLLEGE OF COMPUTING SCIENCES AND

INFORMATION TECHNOLOGY
TMU, MORADABAD

Session: JULY 2014- DEC 2014

Submitted To:

Submitted By:

Mr. Ajay Rastogi

Rahul Kumar
MCA(LE) ,SEM 3rd
TCA1405041

1 | Page

COLLEGE OF COMPUTING SCIENCES

AND INFORMATION TECHNOLOGY
TEERTHANKER MAHAVEER UNIVERSITY
DELHI ROAD, MORADABAD

This is to certify that the seminar/presentation report on the topic ROLE OF

CYBER SECURITY IN DIFFERENT APPLICATION OF E GOVERNANCE has
been studied and presented by Rahul Kumar in partial fulfillment of degree of Master of
Computer Application, CCSIT, TMU Moradabad.
This seminar/presentation report has been found satisfactory and is approved for
submission.

Dated :

Mr. Ajay Rastogi

Lecture
CCSIT, TMU

2 | Page

ACKNOWLEDGMENT.
The satisfaction that accompanies that the successful completion of any task would be
incomplete without the mention of people whose ceaseless cooperation made it possible,
whose constant guidance and encouragement crown all efforts with success.
We are grateful to our project guide Mr.Ajay Rastogi for the guidance, inspiration and
constructive suggestions that helpful us in the preparation of this project. We also thank our
colleagues who have helped in successful completion of the project.

Rahul kumar
MCA[LE]
SEM 3rd

3 | Page

Table of Content
1.INTRODUCTION
1.1 Cyber security
1.2 E Governance

2.CONCEPT
2.1 E-GOVERNANCE CONCEPT
2.2 EVOLUTION OF E-GOVERNANCE
2.3 CYBER SECURITY CONCEPT IN E GOVERNANCE

3. APPLICATIONS OF E-GOV
3.1 Real life application of e-Governance
3.2 Application and E-Governance Services

4.ROLE OF CYBER SECURITY

4.1Typical roles
4.2 Key of cyber security

5. CONCLUSION
6. REFERENCE

4 | Page

5 | Page

ROLE OF CYBER SECURITY

IN DIFFERENT APPLICATION OF E GOVERNANCE
1. Introduction:
1.1 Cyber security
Cyber security refers generally to the ability to control access to networked systems and the
information they contain. Where cyber security controls are effective, cyberspace is
considered a reliable, resilient, and trustworthy digital infrastructure. Where cyber security
controls are absent, incomplete, or poorly designed, cyberspace is considered the wild west of
the digital age. Even those who work in the security profession will have a different view of
cyber security depending on the aspects of cyberspace with which they personally interact.
Whether a system is a physical facility or a collection of cyberspace components, the role of a
security professional assigned to that system is to plan for potential attack and prepare for its
consequences.

Fig 1.cyber security

Although the word cyber is mainstream vernacular, to what exactly it refers is elusive.
Once a term of science fiction based on the then-emerging field of computer control and
communication known as cybernetics, it now refers generally to electronic automation (Safire
1994). The corresponding term cyberspace has definitions that range from conceptual to
technical, and has been claimed by some to be a fourth domain, where land, sea and air are
the first three (Kuehl 2009). There are numerous definitions of cyberspace and cyber security
6 | Page

scattered throughout literature. Our intent is not to engage in a debate on semantics, so we do

not include these definitions. Moreover, such debates are unnecessary for our purpose, as we
generally use the term cyber not as a noun, but as an adjective that modifies its subject with
the property of supporting a collection of automated electronic systems accessible over
networks. As well reflected in language-usage debates in both the field of cognitive
linguistics and popular literature on lexicography, the way language is used by a given
community becomes the de facto definition (Zimmer 2009), and so we request that our
readers set aside the possibility that they will be confused by references to cyberspace and
cyber security and simply refer to their own current concept of these terms when it makes
sense to do so, while keeping in mind that we generally the term cyber as an adjective whose
detailed attributes will change with the system of interest
. At a high level, cyber security is typically explained in terms of a few triads that describe the
objectives of security professionals and their methods, respectively (Bayuk 2010).
Three that combine to cover most uses of the term are:
prevent, detect, respond
people, process, technology
confidentiality, integrity, and availability.
These reflect the goals of cyber security, the means to achieve cyber security, and the
mechanisms by which cyber security goals are achieved, respectively.
Prevent, detect, respond addresses goals common to both physical and cyber security.
Traditionally, the primary goal of security planning has been to prevent a successful
adversary attack. However, all security professionals are aware that it is simply not possible
to prevent all attacks, and so planning and preparation must also include methods to detect
attacks in progress, preferably before they cause damage. However, whether or not detection
processes are effective, once it becomes obvious that a system is threatened, security includes
the ability to respond to such incidents. In physical security, the term first responders refers
to the heroic individuals in policy, fire, and emergency medical professions. Response
typically includes repelling the attack, treating human survivors, and safeguarding damaged
assets. In cyber security, the third element of the triad is often stated in slightly more
optimistic form. Rather than respond it is recover or correct. This more positive
expectation on the outcome of the third triad activity, to recover rather than simply respond,
reflects the literature of information security planning, wherein security management is
recommended to include complete reconstitution and recovery of any business critical
system. Because information technology allows diversity, redundancy, and reconstitution for
the data and programs required to operate systems, information security professionals expect
that damage can be completely allayed. In either case, the lessons learned in response are
expected to inform prevention planning, creating a loop of continuous security improvement.
People, process, technology addresses methods common to both technology
management in general and to cyber security management as a specialized field. This triad
observes that systems require operators, and operators must follow established routines in
order for systems to accomplish their missions. When applied to security, this triad highlights
the fact that security is not achieved by security professionals alone, and also that cyber
security cannot be accomplished with technology alone. The system or organization to be
secured is acknowledged to include other human elements whose decisions and actions play a
7 | Page

vital role in the success of security programs. Even if all these people had motivation and
interest to behave securely, they would individually not know how to collectively act to
prevent, detect, and recover from harm without preplanned process. So security professionals
are expected to weave security programs into existing organizational processes and make
strategic use of technology in support of cyber security goals.
Confidentiality, integrity, and availability addresses the security objectives that are
specific to information. Confidentiality refers to a systems capability to limit dissemination
of information to authorized use. Integrity refers to ability to maintain the authenticity,
accuracy, and provenance of recorded and reported information. Availability refers to the
timely delivery of functional capability. These information security goals applied to
information even before they were on computers, but the advent of cyberspace has changed
the methods by which the goals are achieved, as well as the relative difficulty of goal
achievement. Technologies to support confidentiality, integrity, and availability are often at
odds with each other. For example, efforts to achieve a high level of availability for
information in cyberspace often make it harder to maintain information confidentiality.
Sorting out just what confidentiality, integrity, and availability means for each type of
information in a given system is the specialty of the cyber security professional. Cyber
security refers in general to methods of using people, process, and technology to prevent,
detect, and recover from damage to confidentiality, integrity, and availability of information
in cyberspace.
1.2 E-GOVERNANCE
"E-Governance" or "eGov" means using electronic media, particularly the web, to deliver
public information and public services
eGovernance applications empower citizens and businesses to transact Governance business
on-line that might otherwise require "a trip downtown". Agencies benefit, too, from
reduced paperwork, improved databases, and increased efficiency.

8 | Page

Information and Communication Technologies can enhance the transformation of work

culture by serving a variety of ends, better delivery of Governance services to citizens,
improved Governance interactions with business and industry, citizen empowerment through
access to information and participation for decision-making and more efficient Governance
management. e-Governance is not meant only for introducing or using technological tools, it
fundamentally strives to bring about a change in mindset and work culture to integrate
Governance processes and functions to serve the citizens better. In this process, it is crucial
that the capacity of Governance to be open to criticism as well as the application of new
social contract between all stakeholders, confirming a shared responsibility on the
transformation processes.
The interaction between a citizen and a Governance agency take space in a Governance
office. With emerging Information and Communication technologies it is possible to locate
service centers closed to clients. In all the cases public traditionally look for information and
services addressing his or her needs and in both cases quality, relevance and efficiency are of
paramount importance. Therefore, the establishment of e-Governance requires a good
knowledge of the needs that exist in the society and that can be offered using ICT. The
effectiveness of ICT in Governance is closely related with the capacity of Governance to
induce a culture change-placing network within its institutions as instrumental to
transparency and knowledge exchange and creation.
In E-Governance, Governance makes best possible use of internet technology to
communicate and provide information to common peoples and businessman. Today,
electricity, water, phone and all kinds of bills can be paid over the internet. All this is what
Governance and citizens is using and doing. All are dependent on internet and when citizens
depends on Governance internet services all that come is E-Governance.

There are four pillars of E-Governance:1. CONNECTIVITY:-Connectivity is required to connect the people to the services of the
Governance. There should be a strong connectivity for an effective e-governance.
2. KNOWLEDGE: - Here knowledge refers to IT knowledge. Governance should employ
skill full engineers who can handle the e-governance in an efficient way. These engineers also
handle all kind of fault that may occur during the working of e-governance.
3. DATA CONTENT: - To share any kind of knowledge or information over the internet,
there should be its database. This database should have the data content which is related to
Governance services.
4. CAPITAL:-Capital can be on public or private partnership. It refers to money used by
Governance to provide their services or to that sector of the economy based on its operation

9 | Page

Fig.3 Pillars of eGovernance

In this paper, we discuss about the Role of cyber security in different in e Governance
Cybersecurity starts with an understanding of your critical assets and the threats you face.
Only then you can devise strategies to manage your riskseven if you cannot eliminate
them. A life-cycle approach to security marries the strategy of constant process improvement
to the operational tactics of continual monitoring and defense in depth. In this view, cyber
protection, defense, response, and recovery are ongoing concerns, each requiring a plan.EGovernance security is considered one of the crucial factors for achieving an advanced stage
of e-Governance. As the number of e-Governance services introduced to the user increases, a
higher level of e-Governance security is required
This paper contributes to the e-Governance literature by establishing an analytical framework
for understanding, clarification and investigation of the management issues involved in
improving e-Governance security in technologically-developing countries.

10 | P a g e

2.Concepts
2.1 E-Governance concept
The concept of an e-Governance system is to provide access to Governance services
anywhere at any time over open networks. This leads to issues of security and privacy in the
management of the information systems. Managing such issues in the public sector has
different emphases than in the private sector. The broader e-Governance approach is sociotechnical by nature, involving people and processes as well as technologies; hence,
particularly in transitional countries, the social culture and characteristics of the country are
factors in successful e-Governance development. In the open literature there are four distinct
aspects to e-Governance. The remainder of this section gives an overview of this literature.

2.2 Evolution of E-Governance

Global shifts towards increased deployment of IT by Governances emerged in the nineties,
with the advent of the World Wide Web (WWW). The technology as well as e-governance
initiatives have come a long way since then. With the increase in Internet and mobile
connections, the citizens are learning to exploit their new mode of access in wide ranging
ways. They have started expecting more and more information and services online form
Governances and corporate organizations to further their civic, professional and personal
lives, thus creating abundant evidences that the new e-citizenship is taking hold.
The concept of e-Governance has its origins in India during the seventies with a focus
on development of in-house Governance applications in the areas of defense, economic
monitoring, planning and the deployment of IT to manage data intensive functions related to
elections, census, tax administration etc. The efforts of the National Informatics Center (NIC)
to connect all the district headquarters during the eighties was a very significant development.

11 | P a g e

Fig.4 Evolution of Governance

From the early nineties, IT technologies were supplemented by ICT technologies to extend its
use for wider sect oral applications with policy emphasis on reaching out to the rural areas
and taking in greater inputs from NGOs and private sector as well. There has been
increasing involvement of international donor agencies under the framework of e-governance
for development to catalyze the development of e-governance laws and technologies in
developing countries
. While the emphasis has been primarily on automation and computerization, state
Governances have also endeavored to use ICT tools into connectivity, networking, setting up
systems for processing information and delivering services. At a micro level, this has ranged
from IT automation in individual departments, electronic file handling and workflow
systems, access to entitlements, public grievance systems, service delivery for high volume
routine transactions such as payments of bills, tax dues to meeting poverty, alleviation goals
through the promotion of entrepreneurial models and provisions of market information. The
thrust has varied across initiatives, with some focusing on enabling the citizen-state interface
for various Governance services, and others focusing on bettering live hoods. Every state
Governance has taken the initiatives to form an IT task force to outline IT policy document
for the state and the citizen charters have started appearing on Governance websites.
For Governances, the more overt motivation to shift from manual processes to ITenabled processes may increased efficiency in administration and service delivery, but this
shift can be conceived as a worthwhile investment with potential for returns.

2.3Cyber security concept in e Governance

12 | P a g e

Cyber Security is traditionally concerned with information properties of confidentiality,

integrity and availability. These properties underpin services such as user authentication,
authorization, accountability and reliability. Much has been published on the changing role of
cyber security (Dhillon and Torkzadeh, 2006; ISO/IEC, 2005; von Solms, 2000; 2005; 2006)
as its general perception has transformed from the purely technical in the 1970s to its current
mainstream role in organizations.
In the broader sense cyber /information security involves people as well as technologies. A
small number of publications in the literature address the social acceptance of security
technologies, known as the organizational security culture (Dhillon, 1999; May and Lane,
2006; Ruighaver et al., 2007; Siponen and Oinas-Kukkonen, 2007). Information security
standards are well represented in the open literature (Hone and Eloff, 2002; Saint-Germain,
2005; von Solms, 1999; 2005). These standards attempt to describe the various processes and
controls needed for successfully implementing an information security policy, rather than
advising what the policy should look like (Hone and Eloff, 2002). In general these standards
have been developed through the experiences of leading technological countries.
According to Heeks (2002; 2003) most ICT programs such as e-Governance in developing
countries fail with 35% being classified as total failures and 50% partial failures. The author
attributes these figures to the gap between the current reality (physical, cultural, economic
and other contexts) and the design of the ICT program - the greater the gap, the greater the
chances of failure. Security has always been identified as one of an information system's
important components. Contemporary information assurance management recognizes the
imperative to include people and processes, as well as the more traditional technology
security issues, in ensuring the quality of information in all modern organizations. To a large
extent technological solutions for the majority of security issues have been previously
developed. There are however still many application challenges, the people and processes
components of information assurance management. This leads to the need for the sociotechnical approach to focusing on these issues in the required context for technologicallydeveloping countries.
ICT in developing countries is generally under-represented in the open literature. A few
publications fleetingly concede that there can be major issues with transitional countries
developing their systems, but the subject is not treated in any depth or breadth. Given the
widespread prescription of IT, particularly e-Governance for developing countries, the
urgency of their needs, and the often paucity of their economic resources, it would be useful
to understand in depth the factors and issues that underpin them. Yet there are very few
published empirical studies directly addressing the issue.
e-Governance is at the forefront of current public sector reform policies across Europe and
the rest of the world where the use of information and communication technologies (ICTs) to
digitize transactions and deliver public services is seen as a major leverage of public sector
innovation. However, providing public sector information and services online also poses
profound challenges to security and citizens' trust in Governances, including threats to
identity, privacy and data systems. Thus, safeguarding data and systems is of pivotal
13 | P a g e

importance since it can influence Governances and users willingness to adopt the online
services offered. The European Parliament, via the Science and Technology Options and
Assessment has asked The European Technology Assessment Group (ETAG), which includes

3. Application
3.1 REAL LIFE APPLICATION OF e-Governance

Web-based recreation field and facility scheduling

Online interactive maps shows city streets and neighborhoods, including ball fields, tennis
courts, and other parks & recreation facilities. Coaches, players, leagues, schools and
individuals can visit the departmental web site from home or office, at any hour, weekends &
weekdays. Users of the online system can locate facilities by name, neighborhood or street
address. They can query the database to find available fields, courts, etc. for specific times
and dates.
The interactive map can color-code facilities, based on availability, simplifying the process of finding
an available facility that is also nearby. Interactive maps are easily printed directly from the eGov
web site. Advanced systems can accept reservations online, and collect appropriate fees paid via
credit card.

Online land ownership maps and tax valuation

Online maps showing real estate maps, including streets, property boundaries and property
descriptions. To find a parcel, citizens type a street address or navigate using an interactive
Yahoo-like map. By zooming in on a street or parcel, users can see property boundary lines
and descriptive information drawn automatically from public databases. Print a map and/or
report about the parcel.

14 | P a g e

Fig.5 Yahoo Map

Auto-notification of road repair & construction
Online interactive maps showing up-to-date locations of current and projected road or other
construction projects. This list and map is updated automatically as city staff add to or edit
an online database. Advance notice can lead travelers to pick alternative routes, avoiding the
annoyance, delays & pollution related to unexpected road congestion.
Option: "Opt-in" auto-emails to alert nearby citizens/business if construction might affect
them.
Online stream quality monitoring
Currently a variety of volunteers survey stream or other waterway conditions. An interactive
map system could collect their observations using online forms, then immediately update
interactive maps. Turbidity, debris, and/or other stream conditions would be symbolized or
colored differently based on survey values in the online database. The web-based interactive
maps would illustrate stream conditions, helping stream "stewards" manage their waterways
and helping educate young people about environmental affairs. Data-driven web map
software would update the maps automatically, as database records are added or updated.
Example #5: Fish & Game, Health
Online harvest area maps and health warnings
Create an online web map application, based on a database of fish or shellfish harvest areas.
The web map system would allow users to interactively zoom in to see shoreline details, boat
facilities, etc. or zoom back for a wider-area views. The data-driven map could use colors or
symbols to graphically flagareas where the season is "open" and also areas affected by "red
tide", industrial pollution, etc.
Season and harvest conditions can change rapidly. The online system makes it possible to
communicate changes immediately and efficiently. To maintain the map, Fish & Game or
Health staff would update values in data tables in background database. The interactive web
map software automatically refreshes the map based on the new information. Option: Autonotification by email, for bait shops, boat rentals, license holders, public safety agencies, and
any others who choose to sign up for optional alerts.
Online Block Watch & Crime incidence maps
Online maps let citizens navigate to their neighborhood by typing an address, intersection,
community name, or zip code. Users display maps of recent burglaries, car prowls, or other
community safety events. The data-driven mapping system may automatically color-code
event locations by type of event, date/time, or modus operandi. Neighbors may print maps
from their web browsers for offline use or to post at the corner store.
Optionally, residents could register to receive auto-emails if, for example, there was an
attempted break-in near them. Similarly neighbors could use online forms to quickly share
15 | P a g e

information about everything from suspicious events, to abandoned vehicles, to neighborhood

yard sales.

E Gov Examples

Public services and community statistics: Increase citizen participation and awareness
by making it easy to obtain up-to-date maps and reports of services, facilities, and
statistics.

Health conditions and epidemiology system: The U. S. Center for Disease Control
helps prevent disease and accidents by presenting incidence, mortality, and other
statistics using this interactive web map system

Interactive bicycle route maps:

Polling place locator system: Encourage voting by mapping current polling places
based on voter address.

School bus route finder system: Improve customer service by letting parents find the
nearest school bus route.

Economic development system: Promote economic development bymapping &

profiling available industrial & commercial sites.

Tax rate locator: Improve tax return accuracy and increase tax collections by letting
business map their locations vis a vis boundaries of Local Improvement districts and
other special assessment zones
.
Community services locator: Improve public access to existing services by mapping
locations of elderly services, community health clinics, "little city halls", and
community police offices
.
Assisted housing locator: Help families and elderly choose subsidized housing units
by mapping available units & showing proximity to transit and other facilities.

3.2 Application and E-Governance Services

Enterprise Applications
E-Payment
16 | P a g e

The E-Payment provides the capability for any e-commerce website to accept electronic
payment methods. This service allows any web application to enable its customers to make
payments online. Features include:

Design with Governance in mind

Accepts major credit cards and e-checks

Flexible batching/update of information

Off-line payment processing

Address verification services

Fig.6 E-Payment
Enterprise Authorization & Authentication
Enterprise A&A is the State of Iowa's shared logon service. It handles user registration,
account management (like changing and recovering passwords) and simple privilege
management functions.
The service lets users enjoy having just one account to give them access to multiple
applications and a consistent way to manage that account. Implementing a common account
resource makes it less expensive and easier to offer multiple services and applications to
citizens and employees alike. Features include:

Use of common identifiers across multiple platforms and services

Allows creation of accounts for the public and other non-employees

Permits self-registration by users creating new accounts

Establishes application-specific capabilities

17 | P a g e

Fig.7Enterprise Authorization & Authentication

Single Contact Repository (SING)
The Single Contact Repository (SING) is an internet application developed and sponsored by
the State Department of Administrative Services / Information Technology Enterprise that
allows registered users to perform background checks on potential employees, volunteers,
and students doing clinical, from a single web screen. The application lets a user check Iowa
criminal history, three abuse registries (child, dependent adult, and sex offender), and over 40
Public Health professional license types from one click on the screen.
This data resides on various platforms within Iowa stateGovernance, including a mainframe
and several departmental LAN servers. SING performs its background checks against the
original registries, rather than using point-in-time copies, which become out-of-date between
refreshes. In addition to ensuring that employers receive up-to-date information, SING's
technique provides an extra measure of security. Each confidential database is stored in its
original secure location, and nowhere else. No data resides on the web server itself. This
means that SING must communicate with multiple databases (from different vendors) on
multiple platforms (also from different vendors). Some of the databases accessed include
SQL, Oracle, Sybase, and a mainframe CA/IDMS.
The SING web site is a secured site - only registered users can access the information.
Depending on what type of an organization they are determines to which of the databases
they have legal access. This is done by putting them in groups, with the group having access
only to certain databases, or all of them. The application is used by over 1,000 users each
month, doing an average of 17,500 transactions, or searches, a month. This application has
18 | P a g e

expedited the process of checking backgrounds of employees and volunteers as often required
by regulations and policies.

eLeave
eLeave Service allows employees and supervisors to input and review leave requests
while using the internet. As long as the internet is available, a person can input leave
requests and review requests. This provides an easy way for supervisors to quickly see
who has requested leave as well as those who have worked overtime. They can also
approve or deny a request. This provides a quick feedback to the person requesting the
leave. The following items are available:

View your most recent requests

Enter a new request

View requests that are pending or reviewed

Search previously entered requests

Export the information

View a calendar with your leave requests

View a calendar with the leave requests of your department. This allows each person
to view who has requested leave. It does not provide the details of the leave requests.

19 | P a g e

Address Validation
Address Validation is the verification of address information. The service uses a database
supplied by the United States Postal Service (USPS) to determine if an address is a
deliverable address. The service will also return the address in the standardized USPS format.
The service can be accessed either by providing a file which will be run as a batch process or
by submitting addresses one at a time to our web service. In addition to the return of the
address itself, we can also provide additional information such as county number, county
name, geo code and congressional district. An additional item that is offered is the National
Change of Address. If you provide 100 or more unique addresses, we can process the files
through the National Change of Address (NCOA) data to determine if the person, family or
business has moved. If the move is within the last 18 months, we can return the new address.
We can also provide information detailing if the move is for an individual, a family or a
business. There are many advantages to address verification:
Addresses in a database can be searched more effectively as they are in the same
format. The spellings of streets and cities are the same throughout the database.
Postal discounts can be obtained when the addresses are standardized and processed
through the NCOA. Agencies can see a decrease of as much as 10 cents per item
mailed.
Service-Oriented Architecture (SOA)
Service-Oriented Architecture (SOA) is a Utility that provides the service oriented
infrastructure for use by state agencies. SOA has been adopted as a standard for software
development, to drive reuse among agencies and foster greater sharing of information. An
SOA Advisory Committee was created by the Technology Governance Board to develop
standards for IT-related initiatives within the Board's purview. The Committee is led by DASITE with volunteer members from State agencies and oversight by the JCIO (joint council of
large-agency CIOs).

20 | P a g e

4. ROLE OF CYBER SECURITY

4.1 Typical roles

Fig.8 Typical roles

INCIDENT & THREAT MANAGEMENT & FORENSICS
Front line Defenders managing networks and mobile devices. Examples are managing
network to keep attackers out; testing others networks to assess their security and advising
on making them less vulnerable; incident managers; forensics analysts unpicking what
happened; analysts of new malware/production of countermeasures. (Please note: the e-crime
unit has now been absorbed into the NCA)
RISK ANALYSTS & MANAGEMENT
Risk Analysts and Managers need to understand which threats will have the worst business
impact and advise Boards in non-technical language why and how they should spend on
reducing these risks. Risk managers may be non-technical or technical people. Some audit
networks and ensure compliance and legal issues are dealt with.
POLICY MAKERS & STRATEGISTS

21 | P a g e

Policy Makers and Strategists define how a company deals with different security risks and
meets its legal obligations and gets these policies implemented. Private sector has CISOs
(Chief Information Security Officers) often supported by a team. Governance has ITSOs (IT
security officers) and DSOs (Departmental security officers).
OPERATIONS & SECURITY MANAGEMENT
Operations and Security Managers protect data on networks, laptops and mobile devices, they
may manage encryption and other protective measures like firewall rules.
ENGINEERING, ARCHITECTURE & DESIGN
Engineering, Architecture and Design Designing secure code and applications; architecting a
secure system or creating new security tools are all essential parts of cyber security but
nothing stays still so you will need to keep changing fast.
EDUCATION, TRAINING AND AWARENESS
Education Training and Awareness are demanding whether the job is about training
newcomers, keeping experts up to date or enabling staff or customers to benefit fully from
technology they are using.
RESEARCH
Research may be highly technical or more policy or psychology orientated. Areas include
Complex models to help understand and manage risks. invention of new technologies or new
ways to apply them to reduce risks; looking for the next big thing.
LAWYERS SPECIALISING IN ADVICE AND PROSECUTION FOR INTERNET
CRIME AND DATA PROTECTION
Lawyers specializing in the advice and prosecution of data security and Internet crime. The
need for expert advice is growing with high levels of crime and penalties for organizations
that dont protect data sufficient

4.2 Key of cyber security

System administration: client systems and servers;

Network administration and network security operations;

Security assessment, security auditing and information assurance;

Threat analysis, intrusion and data analysis, intelligence and counter intelligence;
22 | P a g e

Forensics investigation;

Programming;

Technical writing;

Security architecture and engineering; and

Information security and incident management.

"Systems administrators, network administrators, those who write code are typically not
identified as cybersecurity types," Reeder said in an interview Tuesday. "But what they do or
the manner in which they do it is critical both to deploying technology that is to the extent
that we can make it safe and given that there is no such thing as absolutely safe technology,
having the skills necessary to protect it and defend it and ultimately recover when bad stuff
happens because bad stuff will happen."
The Federal Chief Information Officers Council and the Office of Personnel Management, as
well as other organizations, are working to develop occupational classes for cybersecurity
professionals, and the commission recommendations are aimed at identifying the key roles in
cybersecurity, the functions they perform and the specific skills - including requisite training
and education - required to do those jobs.
Occupational classifications for IT security within Governance would help simplify recruiting
- recruiters would know the specific expertise to seek - and facilitate training by defining
what skills need to be developed. Today, most cybersecurity professionals are classified as
information technology specialists.
"Because cybersecurity work is performed in many different positions and places throughout
the federal Governance, it is not easy to identify them by looking solely at job titles or
organization charts," John Berry, director of the Office of Personnel Management, said last
November when he unveiled the Governance's IT security classification initiative.
By reaching a consensus on the roles and requisite skills, the commission report says,
educators would have a much better understanding of the labor market their graduates will
enter, purchasers of cybersecurity services could more clearly specify the qualifications they
seek from service providers and the sometimes confusing regime of professional
certifications programs could reflect the needs of potential employees.
IMPROVING SECURITYIN E-GOVERNENCE
To make information available to those who need it andwho can be trusted with it, a robust
defense requires a flexible strategy that allows adaptation to the changing environment, well23 | P a g e

defined policies and procedures, the use of robust tools, and constant vigilance. It is helpful to
begin a security improvement program by determining the current state of security at the site.
Methods for making this determination in a reliable way are becoming available. Integral to a
security program [5] are documented policies and procedures, and technology that support
their implementation.
A. Security policy
If it is important to be secure, then it is important to be sure. All of the security policy is
enforced by mechanisms that are strong enough. There are organized methodologies and risk
assessment strategies to assure completeness of security policies and assure that they are
completely enforced. In complex systems, such as information systems, policies can be
decomposed into sub-policies to facilitate the allocation of security mechanisms to enforce
sub-policies. A policy is a documented high-level plan for organization-wide computer and
information security. It provides a framework for making specific decisions, such as which
defense mechanisms to use and how to configure services, and is the basis for developing
secure programming guidelines and procedures for users and system administrators to follow.
Because a security policy is a long-term document, the contents avoid technology-specific
issues.
Definition of acceptable use for users
Guidelines for reacting to a site compromise.
High-level description of die technical environment of the site, the legal environment
(governing laws), the authority of the policy, and the basic philosophy to be used when
interpreting the policy
Risk analysis that identifies the site's assets, the threats that exist against those assets, and
the costsof asset loss
Guidelines for system administrators on how to manage systems

24 | P a g e

Fig.9 Security policy

B. Security Practices
The daily barrage of spam, now infested with zero-day malware attacks, not to mention the
risks of malicious insiders, infected laptops coming and going behind the packet-inspecting
firewalls and cyber-attacks-prevention systems is the fact of networked communication today.
This establishes need for steps of due care and due diligence towards a regulatory
compliance, which must be put in place for smooth operations, if not in existence already.
System administration practices play a key role in network security. Checklists and general
advice on good security practices are readily available. Below are examples
of commonly recommended practices:
Ensure all accounts have a password and that thepasswords are difficult to guess. A onetime password system is preferable.
Use tools such as MD5 checksums (8, a strong cryptographic technique, to ensure the
integrity of system software on a regular basis.
Use secure programming techniques when writing software. These can be found at securityrelated sites on the World Wide Web.
Be vigilant in network use and configuration, making changes as vulnerabilities become
known.
Regularly check with vendors for the latest available fixes and keep systems current with
upgrades and patches. Regularly check on-line security archives, such as those maintained by
incident response International Conference on Computer Science and Information
Technology (ICCSIT'2011) Pattaya Dec. 2011 122 teams, for security alerts and technical
advice.
Audit systems and networks, and regularly check logs. Many sites that suffer computer
security incidents report that insufficient audit data iscollected, so detecting and tracing
ancyber-attacks is difficult Best practices are things done - steps taken - actions and plans
carried out.
For example-;, encryption is a best practice and not a product or tool. There are many
commercially and freely available tools which may prove to be most suited for a best-practice
model.

25 | P a g e

Fig.10 Security practices

C. Security Procedures
Procedures are specific steps to follow that are based on the computer security policy.
Procedures address such topics as retrieving programs from the network, connecting to the
site's system from home or while traveling, using encryption, authentication for issuing
accounts, configuration, and monitoring.

26 | P a g e

CONCLUSION
It is evident from above discussion that information security in an essential part of any egovernance initiative.
In Indian e-governance scenario, however, the security aspects are not being taken as
seriously. In large number of cases it is not difficult to see that the decision-makers in the
Governance prefer to compromise when it comes to high end technology adoption,
implementation and maintenance. Digital security is critical in e-governance initiatives.
Confidentiality of any transaction or information available on the network is crucial. The
Governance document and other important material have to be protected from unauthorized
users in case of e-governance projects. Hence security is critical for successful
implementation of such projects. E-governance coupled with security systems providing
adequate protection is the requirement of any system design effort to beat the inertia.

27 | P a g e

REFERENCES
[1]E-Governance in India: Opportunities and challenges, JOAAG, Vol.
3. No. 2, 2008.
[2]Shailendra Singh, Sanjay Silakari. A Survey of Cyber Attack
Detection Systems, International Journal of Computer Science and
Network Security, ISSN-1738-7906, Vol.9 No.5, pp1-10 May 2009.
[3]A busive behavior http://www.us-rt.gov/control_systems/pdf/undirEcted_attack0905.pdf
[4]DefiningMalware:FAQ".technet.microsoft.com.http://technet.micros
oft.com/en-us/library/dd632948.aspx. Retrieved 2009-09-10.
[5]Cho, Dong-ki. The information society and privacy, media and
culture in the information age, Seoul, 1998.
[6]Clarkke, R. A hidden challenge to the regulation of data surveillance,
Jounrnal of Law and Information Science 4(2), 1993
[7]Steven H. Spewak& Steven C. Hill, Enterprise Architecture
Planning: Developing a Blueprint for Data, Application and
Technology, John Wiley & Sons, New York, ISBN 0-471-599859

28 | P a g e