The words you are searching are inside this book. To get more targeted content, please make full-text search by clicking here.
Discover the best professional documents and content resources in AnyFlip Document Base.
Published by Cambridge Paperbacks, 2019-12-01 02:40:44

Session 3

Global Information


Session 3



Dr Allen Brown


The use of a range of modern Information

and communication technologies by

government to improve the effectiveness,

efficiency, service delivery and to promote


• The application of Information and

Communication Technology (ICT) for:

o Delivering government services.

o Exchange of information communication


o Integration various stand-one systems

and services between:

▪ Government-to-Citizens (G2C)

▪ Government-to-Business(G2B)

▪ Government-to-Government( G2G).

Concept of e-governance

• World economies have recognised Information

Technology (IT) as an effective tool in catalysing

economic activity.


• In efficient governance and in developing

human resource.

• They have, therefore, made significant

investments in it and successfully integrated it

with the development process.

• Thereby reaping the benefits to their society.

• In India also these

developments have impacted

the industrial, education,

service and Government


• As the era of digital economy is

evolving, the concept of

governance has assumed significant


• The questions often asked in this context are:

• How government can become more

responsive and accessible?

• How can the government enhance its role as a

catalyst of economic growth?

• How can one provide better Government


• How can the government use advanced

technologies for transferring benefits,

improving health care and education?


• The e-Governance has consequently become an

accepted method involving the use of IT in:

• Improving transparency.

• Providing information speedily to all citizens.

• Improving administration efficiency.

• Improving public services such as:

Transport Power Health

Water utilities Security Municipal


• The provision of health information – in the UK,


• Here is an example, on obesity and the

body to mass index (BMI).


World Perspective

• One example where internation health

information is available is the WHO webpage.

• Here you will see how the WHO is coping with

health emergencies which are happening in the


• Great source of information on health matters.

• Another source of international news is the

United Nations


• Here you will find.

o Live video coverage, both broadcast

quality and web streaming, of meetings

and events at UN Headquarters


o Ready-to-air documentary-style

programmes for television, on the breadth

of challenges the UN addresses every day

o Audio news programmes providing daily

coverage of UN meetings and events, plus

weekly magazine programmes

o Photos from UN meetings and events as

well as the Secretary-General's travels

o News articles covering the daily events at

UN Headquarters and in the field

o Archive audio, video and photos dating

from the days of the League of Nations

through to the present day

o Accreditation to gain access to cover

events and meetings

o Social media updates and mobile apps to

help you keep up to date on UN news.

Technologies for e-governance

• E-governance is all about effective


• The greatest invention in the history of

mankind is the mobile phone – world

wide common communications technology.


• No technology has affected so many people on a

daily basis as the mobile.

• With the high numbers of mobiles amongst the

population of most countries, in principle it’s now

possible for government to communicate directly

with its citizens.

• e-governance is an effective tool to manage

the country’s citizens and resources.

• In principles we have the following

o Government to Citizen (G2C)

o Citizen to Government (C2G)

o Government to Government (G2G)

o Government to Business (G2B)

• There needs to be established a set of

guidelines and a framework as to the objectives

of these channels of communication.

• C2G is already well estabilished for as aspects of

life – the UK version is


• When it comes to G2C there is a faility to pay

your taxes using your mobile.

• The Inland Revenue in the UK is quite modern.


• Rapid communication, in the UK if there is flood

warning, this information can be sent to you on

your mobile.

• Easy access to a huge amount of government

information on almost all aspects of life.


• Easy for a government to send information to its


• Government can ask a pool of its citizens to

determine the popularity of a policy.


• Excludes all those who do have access to a mobile

or other communications device.

• Your location can be tracked using your mobile –

infringement of Civil Liberties.

• You may have information on your mobile of a

private nature – can be hacked.

• Moving towards a cashless

society – no mobile no money.

Promoting Economic Growth using e-governance

• Support start-up companies, government needs

to provide the following:


o Free office accommodation

with free utilities for 3

years: fast internet,

electricity, heating/cooling.

o Readily available finance – venture capital.

o New bank to support

start-up companies: The

India Enterprise Bank.

o No red-tape and

unnecessary regulations.

o Unrestricted overseas sales: no export


o Special consideration for AI start-ups.

Security Management

The biggest problem with digital information

relates to its safety management. Keeping it

secure and free from unwanted access.


The Information Security

• When you register on a website for whatever

reason, you are normally asked to choose a


• Used to restrict access to registered people

only – how easy is to hack a password?

• Ten most popular passwords.

123456 123456789 qwerty

password 111111 12345678

abc123 1234567 password1


• For all intents and pourposes, emails are never

private or their attachments.

Data encryption

• Data encryption is the process of translating

data from one form into another form so

that only people with the proper password,

or decryption key, can access it.


o Cipher: the act of encoding something

into secret language.

o Decipher: the act of converting a code

into normal language.

o Algorithm: a set of rules to be followed

in calculations or problem-solving

operations, especially by a computer.

o Key: a secret, like a password, that is

used to encrypt or decrypt information

(in the context of data security).

• Here is an example of a very early cipher.

• The key is the position of A in the array, A can be



• Here are examples of encryption algorithms.



Elliptic curve techniques

• Matrices can be used to encrypt information,

by this we mean the true information can be

hidden. To do this we first allocate numbers

to the letters of the alphabet as shown in the

table below

(SPACE) = 0 A = 1 B = 2 C = 3 D = 4 E = 5 F = 6
G = 7 H = 8 I = 9 J = 10 K = 11 L = 12 M =13
N = 14 O = 15 P = 16 Q = 17 R = 18 S = 19 T = 20

U = 21 V = 22 W = 23 X = 24 Y = 25 Z = 26

• The table can be augmented to include

lower case and all the other symbols used in

written English.

• Any sentence can now be represented as a

sequence of numbers.

• Encode the sentence THE TREES ARE TALL .

Attach numbers from the above table to the

letters in the sentence.



(20 8 5) (0 20 18)(5 5 19)(0 1 18)(5 0 20)(1 12 12)

• You will have noticed the numbers are

grouped as (1 × 3) matrices.

• If the input data is A, when B acts A it will

produce output data C, in other words,

= 1


= −1 2

• Eq:1 is the encryption process and Eq:2 is

the decryption process.

• To perform the encryption a matrix B is

required, here is an example,

1 −2 2

= (−1 1 3 )

1 −1 −4

• The input data is going to be written as

column matrices.

• In the example sentence there are six input

matrices, the encrypted matrices are,


1 −2 2 20

= (−1 1 3 ) ( 8 )
1 −1 −4 5

1 −2 2 0

= (−1 1 3 ) (20)

1 −1 −4 18

1 −2 2 5

= (−1 1 3 ) ( 5 )

1 −1 −4 19

. . .

1 −2 2 1

= (−1 1 3 ) (12)
1 −1 −4 12

• After the calculations have been performed,

the encrypted sentence is therefore

[14 3 -8 -4 74 -92 33 57 -76 34 55 -73 45 55 -75 1 47 -59]

• To decrypt this data, you require the inverse

of matrix B as indicated in Eq:2. Therefore,

14 −4 1
= −1 ( 3 ), = −1 ( 74 ), … = −1 ( 47 )
−8 −92 −59


• In effect the data has been decrypted; the

message cannot be decrypted easily

without the encryption matrix B.

• For a successful encryption matrix, only

integers should appear in the encrypted


• This means the elements in B must be

integers [det(B ) = 1].

• An encryption matrix can be created by

using the following,

1 1 0 0

= (0 1 ) ( 1 0) 3

0 0 1 1

where {a, b, c, d, e, f } are integers.

• There are many apps available for

encrypting files:

System Vulnerability and Abuse

• The vulnerability management process is a

continuous information security risk

undertaking that requires management



• There are four high-level processes that

encompass vulnerability management:

o Discovery: should find every computing

asset on the network and build a database

of knowledge other VM processes can use.

Since the network is in a constant state of

change, the information about your assets

needs to be continually refreshed.

o Reporting: Reports should create a

prioritisation matrix that feeds into

vulnerability management processes.

Ideally, these reports can also be used for

tactical operations tasks.

o Prioritisation: The goal of prioritisation is to

use a vulnerability management tool to

create a customised list of prioritised


o Response: Risk falls into three categories:

remediate, mitigate or accept. Risk

acceptance is making a choice to accept the

risk without remediation or mitigation.

• In a strong vulnerability management

framework, each process and sub processes

within it need to be part of a continuous cycle


focused on improving security and reducing the

risk profile of network assets.

• An example of software vulnerability

software is

Security Threats

• The five most common

cyber threats →

• Social Engineering:

making people reveal

pass words and bank

details – phishing –

gaining confidence.

Also malware in


• Vulnerabilities: assessing the weaknesses of

a computer network that can be exploited

by a hacker.

• Poor patch management: providing

upgrades to system software which leaving



• Mobile cyber attacks: Compromising an end

point in a network – a mobile for example.

Caused by social engineering problems.

• Advanced Persistent Threats: Expect weekly

attacks on a network. Part of the duties of a

network manager is to manages these

threats. Trying to manage several

simultaneous attacks.

• Dramatic growth in the scale of attacks, as

attackers employ large networks of

automated bots.

• For example, in March of 2013 a

distributed denial of service attack (DDoS)

against U.S. financial institutions used over

3000 bots to generate 190Gbps in peak

network traffic.

• A rise in application layer attacks as hackers

probe and exploit vulnerabilities in web

service security using techniques such as:

o HTTP floods

o Buffer overflow exploits

o SQL injection.


• The advent of multi-dimensional attacks

that combine multiple tactics and attack

avenues, such as an attention-diverting DoS

attack coupled with a SQL injection attack

aimed at stealing data.

• New types of highly dedicated attackers—

particularly, the emergence of politically-

motivated hacktivists who seek to advance

their cause with high-profile attacks on

corporate or government web properties.

Malicious Software

• Worm: A program or command file that uses

a computer network as a means for

adversely affecting a system’s integrity,

reliability, or availability.


o A network worm can attack from one

system to another by establishing a

network connection.

o It is usually a self-contained program

that does not need to attach itself to a

host file to infiltrate network after


• Virus: A program that is designed to spread

from computer to computer on its own,

potentially damaging the system software

by corrupting or erasing data, using

available memory, or by annoying the user

by altering data.

o A virus is designed to replicate.

o Generally, it is spread by infecting other


• Trojan: Trojan Horse hides malware in what

appears to be a normal file.

o Most Trojans are typically aimed at

taking control of a user’s computer,

stealing data and inserting more

malware on to a victim’s computer.


• Adware: Advertising supported software, is

software that displays unwanted

advertisements on your computer.

o Adware programs will tend to serve you

pop-up ads, can change your browser’s


• Spyware: Is a blanket term given to software

that gathers information about your

computer and the things you do on it.

o Sends that information over the Internet

to a third party.

Definition of Cyber Crime

Offences that are committed against individuals or

groups of individuals with a criminal motive to

intentionally harm the reputation of the victim or

cause physical or mental harm, or loss, to the

victim directly or indirectly, using modern

telecommunication networks such as Internet

(networks including chat rooms, emails, notice

boards and groups) and mobile phones.


Antivirus: Antivirus software is a program or set

of programs that are designed to prevent,

search for, detect, and remove software viruses,

and other malicious software like worms,

trojans, adware, and more.

Firewalls: Network firewalls filter traffic between

two or more networks and run on network


• Host-based firewalls run on host computers

and control network traffic in and

out of those machines.


Anti-Spyware: Software is a type of program

designed to prevent and detect unwanted

spyware program installations and to remove

those programs if installed.

• Detection may be either rules-based or

based on downloaded definition files that

identify currently active spyware programs.

Security Audit

• A security audit is a systematic evaluation

of the security of a company's information

system by measuring how well it conforms

to a set of established criteria.

• A thorough audit typically assesses the

security of the system's physical

configuration and environment, software,


information handling processes, and user


• Security audits are often used to determine

regulatory compliance with legislation.

• Every country has it’s own legislation.

• When there is a breach, the legislation

specifies how organisations are expected to


This concludes Session 3


Click to View FlipBook Version