Session 3

Global Information





Technology





Session 3











Presented





by





Dr Allen Brown

E-Governance



The use of a range of modern Information


and communication technologies by

government to improve the effectiveness,


efficiency, service delivery and to promote


democracy.






• The application of Information and


Communication Technology (ICT) for:


o Delivering government services.

o Exchange of information communication


transactions.


o Integration various stand-one systems


and services between:


▪ Government-to-Citizens (G2C)


▪ Government-to-Business(G2B)


▪ Government-to-Government( G2G).



Concept of e-governance



• World economies have recognised Information


Technology (IT) as an effective tool in catalysing

economic activity.





1

• In efficient governance and in developing

human resource.


• They have, therefore, made significant

investments in it and successfully integrated it

with the development process.


• Thereby reaping the benefits to their society.

• In India also these


developments have impacted

the industrial, education,

service and Government


sectors.

• As the era of digital economy is


evolving, the concept of

governance has assumed significant

importance.


• The questions often asked in this context are:



• How government can become more

responsive and accessible?


• How can the government enhance its role as a

catalyst of economic growth?

• How can one provide better Government


services?

• How can the government use advanced

technologies for transferring benefits,


improving health care and education?



2

• The e-Governance has consequently become an

accepted method involving the use of IT in:



• Improving transparency.

• Providing information speedily to all citizens.


• Improving administration efficiency.

• Improving public services such as:



Transport Power Health


Water utilities Security Municipal

services




• The provision of health information – in the UK,
















































3

• Here is an example, on obesity and the


body to mass index (BMI).

















































































4

World Perspective



• One example where internation health


information is available is the WHO webpage.































• Here you will see how the WHO is coping with


health emergencies which are happening in the


world.


• Great source of information on health matters.


• Another source of international news is the


United Nations


website.


• Here you will find.



o Live video coverage, both broadcast


quality and web streaming, of meetings

and events at UN Headquarters



5

o Ready-to-air documentary-style

programmes for television, on the breadth

of challenges the UN addresses every day


o Audio news programmes providing daily

coverage of UN meetings and events, plus

weekly magazine programmes


o Photos from UN meetings and events as

well as the Secretary-General's travels

o News articles covering the daily events at


UN Headquarters and in the field

o Archive audio, video and photos dating

from the days of the League of Nations


through to the present day

o Accreditation to gain access to cover


events and meetings

o Social media updates and mobile apps to

help you keep up to date on UN news.



Technologies for e-governance




• E-governance is all about effective


communication.


• The greatest invention in the history of


mankind is the mobile phone – world


wide common communications technology.






6

• No technology has affected so many people on a


daily basis as the mobile.


• With the high numbers of mobiles amongst the


population of most countries, in principle it’s now


possible for government to communicate directly


with its citizens.


• e-governance is an effective tool to manage


the country’s citizens and resources.


• In principles we have the following


o Government to Citizen (G2C)


o Citizen to Government (C2G)


o Government to Government (G2G)


o Government to Business (G2B)


• There needs to be established a set of


guidelines and a framework as to the objectives


of these channels of communication.


• C2G is already well estabilished for as aspects of


life – the UK version is


















7

• When it comes to G2C there is a faility to pay


your taxes using your mobile.


• The Inland Revenue in the UK is quite modern.



Advantages



• Rapid communication, in the UK if there is flood


warning, this information can be sent to you on


your mobile.


• Easy access to a huge amount of government


information on almost all aspects of life.



8

• Easy for a government to send information to its


citizens.


• Government can ask a pool of its citizens to


determine the popularity of a policy.



Disadvantage



• Excludes all those who do have access to a mobile


or other communications device.


• Your location can be tracked using your mobile –


infringement of Civil Liberties.


• You may have information on your mobile of a


private nature – can be hacked.


• Moving towards a cashless


society – no mobile no money.











Promoting Economic Growth using e-governance



• Support start-up companies, government needs


to provide the following:












9

o Free office accommodation


with free utilities for 3


years: fast internet,


electricity, heating/cooling.

o Readily available finance – venture capital.


o New bank to support


start-up companies: The


India Enterprise Bank.


o No red-tape and


unnecessary regulations.


o Unrestricted overseas sales: no export


tariffs.


o Special consideration for AI start-ups.







Security Management



The biggest problem with digital information


relates to its safety management. Keeping it


secure and free from unwanted access.














10

The Information Security



• When you register on a website for whatever


reason, you are normally asked to choose a


password.


• Used to restrict access to registered people


only – how easy is to hack a password?


• Ten most popular passwords.



123456 123456789 qwerty

password 111111 12345678


abc123 1234567 password1


12345




• For all intents and pourposes, emails are never


private or their attachments.






Data encryption



• Data encryption is the process of translating


data from one form into another form so


that only people with the proper password,


or decryption key, can access it.








11

o Cipher: the act of encoding something


into secret language.


o Decipher: the act of converting a code


into normal language.

o Algorithm: a set of rules to be followed


in calculations or problem-solving


operations, especially by a computer.


o Key: a secret, like a password, that is


used to encrypt or decrypt information


(in the context of data security).


• Here is an example of a very early cipher.






















• The key is the position of A in the array, A can be


anywhere.
















12

• Here are examples of encryption algorithms.



EIGamal RSA

DSA PKCS


Elliptic curve techniques



• Matrices can be used to encrypt information,


by this we mean the true information can be


hidden. To do this we first allocate numbers


to the letters of the alphabet as shown in the


table below



(SPACE) = 0 A = 1 B = 2 C = 3 D = 4 E = 5 F = 6
G = 7 H = 8 I = 9 J = 10 K = 11 L = 12 M =13
N = 14 O = 15 P = 16 Q = 17 R = 18 S = 19 T = 20

U = 21 V = 22 W = 23 X = 24 Y = 25 Z = 26


• The table can be augmented to include


lower case and all the other symbols used in


written English.


• Any sentence can now be represented as a


sequence of numbers.


• Encode the sentence THE TREES ARE TALL .


Attach numbers from the above table to the


letters in the sentence.






13

T H E T R E E S A R E T A L L


(20 8 5) (0 20 18)(5 5 19)(0 1 18)(5 0 20)(1 12 12)

• You will have noticed the numbers are


grouped as (1 × 3) matrices.


• If the input data is A, when B acts A it will


produce output data C, in other words,



= 1



and



= −1 2



• Eq:1 is the encryption process and Eq:2 is


the decryption process.


• To perform the encryption a matrix B is


required, here is an example,



1 −2 2

= (−1 1 3 )


1 −1 −4


• The input data is going to be written as


column matrices.


• In the example sentence there are six input


matrices, the encrypted matrices are,








14

1 −2 2 20


= (−1 1 3 ) ( 8 )
1
1 −1 −4 5




1 −2 2 0

= (−1 1 3 ) (20)
2

1 −1 −4 18



1 −2 2 5

= (−1 1 3 ) ( 5 )
3

1 −1 −4 19


. . .



1 −2 2 1

= (−1 1 3 ) (12)
6
1 −1 −4 12



• After the calculations have been performed,


the encrypted sentence is therefore



[14 3 -8 -4 74 -92 33 57 -76 34 55 -73 45 55 -75 1 47 -59]


• To decrypt this data, you require the inverse


of matrix B as indicated in Eq:2. Therefore,



14 −4 1
= −1 ( 3 ), = −1 ( 74 ), … = −1 ( 47 )
6
1
2
−8 −92 −59





15

• In effect the data has been decrypted; the


message cannot be decrypted easily


without the encryption matrix B.


• For a successful encryption matrix, only


integers should appear in the encrypted


data.


-1
• This means the elements in B must be

-1
integers [det(B ) = 1].

• An encryption matrix can be created by


using the following,



1 1 0 0

= (0 1 ) ( 1 0) 3


0 0 1 1


where {a, b, c, d, e, f } are integers.



• There are many apps available for


encrypting files: www.vitrium.com



System Vulnerability and Abuse



• The vulnerability management process is a


continuous information security risk

undertaking that requires management


oversight.




16

• There are four high-level processes that

encompass vulnerability management:


o Discovery: should find every computing


asset on the network and build a database

of knowledge other VM processes can use.


Since the network is in a constant state of


change, the information about your assets

needs to be continually refreshed.


o Reporting: Reports should create a

prioritisation matrix that feeds into


vulnerability management processes.


Ideally, these reports can also be used for

tactical operations tasks.


o Prioritisation: The goal of prioritisation is to

use a vulnerability management tool to


create a customised list of prioritised


actions.

o Response: Risk falls into three categories:


remediate, mitigate or accept. Risk

acceptance is making a choice to accept the


risk without remediation or mitigation.


• In a strong vulnerability management


framework, each process and sub processes

within it need to be part of a continuous cycle



17

focused on improving security and reducing the

risk profile of network assets.


• An example of software vulnerability


software is www.Divice42.com



Security Threats




• The five most common

cyber threats →




• Social Engineering:


making people reveal

pass words and bank


details – phishing –


gaining confidence.

Also malware in


emails.


• Vulnerabilities: assessing the weaknesses of

a computer network that can be exploited


by a hacker.


• Poor patch management: providing


upgrades to system software which leaving

vulnerability.











18

• Mobile cyber attacks: Compromising an end

point in a network – a mobile for example.


Caused by social engineering problems.


• Advanced Persistent Threats: Expect weekly


attacks on a network. Part of the duties of a

network manager is to manages these


threats. Trying to manage several


simultaneous attacks.




• Dramatic growth in the scale of attacks, as


attackers employ large networks of

automated bots.


• For example, in March of 2013 a


distributed denial of service attack (DDoS)


against U.S. financial institutions used over

3000 bots to generate 190Gbps in peak


network traffic.


• A rise in application layer attacks as hackers

probe and exploit vulnerabilities in web


service security using techniques such as:


o HTTP floods

o Buffer overflow exploits


o SQL injection.





19

• The advent of multi-dimensional attacks

that combine multiple tactics and attack


avenues, such as an attention-diverting DoS


attack coupled with a SQL injection attack

aimed at stealing data.


• New types of highly dedicated attackers—


particularly, the emergence of politically-


motivated hacktivists who seek to advance

their cause with high-profile attacks on


corporate or government web properties.






Malicious Software




















• Worm: A program or command file that uses


a computer network as a means for


adversely affecting a system’s integrity,


reliability, or availability.









20

o A network worm can attack from one


system to another by establishing a


network connection.


o It is usually a self-contained program

that does not need to attach itself to a


host file to infiltrate network after


network.



• Virus: A program that is designed to spread

from computer to computer on its own,


potentially damaging the system software


by corrupting or erasing data, using


available memory, or by annoying the user


by altering data.


o A virus is designed to replicate.


o Generally, it is spread by infecting other


files.


• Trojan: Trojan Horse hides malware in what


appears to be a normal file.


o Most Trojans are typically aimed at


taking control of a user’s computer,


stealing data and inserting more


malware on to a victim’s computer.



21

• Adware: Advertising supported software, is


software that displays unwanted


advertisements on your computer.


o Adware programs will tend to serve you


pop-up ads, can change your browser’s


homepage.


• Spyware: Is a blanket term given to software


that gathers information about your


computer and the things you do on it.


o Sends that information over the Internet


to a third party.




Definition of Cyber Crime



Offences that are committed against individuals or


groups of individuals with a criminal motive to

intentionally harm the reputation of the victim or

cause physical or mental harm, or loss, to the


victim directly or indirectly, using modern

telecommunication networks such as Internet

(networks including chat rooms, emails, notice


boards and groups) and mobile phones.









22

Antivirus: Antivirus software is a program or set

of programs that are designed to prevent,

search for, detect, and remove software viruses,

and other malicious software like worms,

trojans, adware, and more.
























Firewalls: Network firewalls filter traffic between

two or more networks and run on network


hardware.



















• Host-based firewalls run on host computers

and control network traffic in and

out of those machines.









23

Anti-Spyware: Software is a type of program

designed to prevent and detect unwanted


spyware program installations and to remove


those programs if installed.

• Detection may be either rules-based or


based on downloaded definition files that


identify currently active spyware programs.



























Security Audit




• A security audit is a systematic evaluation

of the security of a company's information


system by measuring how well it conforms


to a set of established criteria.

• A thorough audit typically assesses the


security of the system's physical


configuration and environment, software,




24

information handling processes, and user

practices.


• Security audits are often used to determine


regulatory compliance with legislation.


• Every country has it’s own legislation.

• When there is a breach, the legislation


specifies how organisations are expected to


respond.







This concludes Session 3

















































25