Global Information
Technology
Session 3
Presented
by
Dr Allen Brown
E-Governance
The use of a range of modern Information
and communication technologies by
government to improve the effectiveness,
efficiency, service delivery and to promote
democracy.
• The application of Information and
Communication Technology (ICT) for:
o Delivering government services.
o Exchange of information communication
transactions.
o Integration various stand-one systems
and services between:
▪ Government-to-Citizens (G2C)
▪ Government-to-Business(G2B)
▪ Government-to-Government( G2G).
Concept of e-governance
• World economies have recognised Information
Technology (IT) as an effective tool in catalysing
economic activity.
1
• In efficient governance and in developing
human resource.
• They have, therefore, made significant
investments in it and successfully integrated it
with the development process.
• Thereby reaping the benefits to their society.
• In India also these
developments have impacted
the industrial, education,
service and Government
sectors.
• As the era of digital economy is
evolving, the concept of
governance has assumed significant
importance.
• The questions often asked in this context are:
• How government can become more
responsive and accessible?
• How can the government enhance its role as a
catalyst of economic growth?
• How can one provide better Government
services?
• How can the government use advanced
technologies for transferring benefits,
improving health care and education?
2
• The e-Governance has consequently become an
accepted method involving the use of IT in:
• Improving transparency.
• Providing information speedily to all citizens.
• Improving administration efficiency.
• Improving public services such as:
Transport Power Health
Water utilities Security Municipal
services
• The provision of health information – in the UK,
3
• Here is an example, on obesity and the
body to mass index (BMI).
4
World Perspective
• One example where internation health
information is available is the WHO webpage.
• Here you will see how the WHO is coping with
health emergencies which are happening in the
world.
• Great source of information on health matters.
• Another source of international news is the
United Nations
website.
• Here you will find.
o Live video coverage, both broadcast
quality and web streaming, of meetings
and events at UN Headquarters
5
o Ready-to-air documentary-style
programmes for television, on the breadth
of challenges the UN addresses every day
o Audio news programmes providing daily
coverage of UN meetings and events, plus
weekly magazine programmes
o Photos from UN meetings and events as
well as the Secretary-General's travels
o News articles covering the daily events at
UN Headquarters and in the field
o Archive audio, video and photos dating
from the days of the League of Nations
through to the present day
o Accreditation to gain access to cover
events and meetings
o Social media updates and mobile apps to
help you keep up to date on UN news.
Technologies for e-governance
• E-governance is all about effective
communication.
• The greatest invention in the history of
mankind is the mobile phone – world
wide common communications technology.
6
• No technology has affected so many people on a
daily basis as the mobile.
• With the high numbers of mobiles amongst the
population of most countries, in principle it’s now
possible for government to communicate directly
with its citizens.
• e-governance is an effective tool to manage
the country’s citizens and resources.
• In principles we have the following
o Government to Citizen (G2C)
o Citizen to Government (C2G)
o Government to Government (G2G)
o Government to Business (G2B)
• There needs to be established a set of
guidelines and a framework as to the objectives
of these channels of communication.
• C2G is already well estabilished for as aspects of
life – the UK version is
7
• When it comes to G2C there is a faility to pay
your taxes using your mobile.
• The Inland Revenue in the UK is quite modern.
Advantages
• Rapid communication, in the UK if there is flood
warning, this information can be sent to you on
your mobile.
• Easy access to a huge amount of government
information on almost all aspects of life.
8
• Easy for a government to send information to its
citizens.
• Government can ask a pool of its citizens to
determine the popularity of a policy.
Disadvantage
• Excludes all those who do have access to a mobile
or other communications device.
• Your location can be tracked using your mobile –
infringement of Civil Liberties.
• You may have information on your mobile of a
private nature – can be hacked.
• Moving towards a cashless
society – no mobile no money.
Promoting Economic Growth using e-governance
• Support start-up companies, government needs
to provide the following:
9
o Free office accommodation
with free utilities for 3
years: fast internet,
electricity, heating/cooling.
o Readily available finance – venture capital.
o New bank to support
start-up companies: The
India Enterprise Bank.
o No red-tape and
unnecessary regulations.
o Unrestricted overseas sales: no export
tariffs.
o Special consideration for AI start-ups.
Security Management
The biggest problem with digital information
relates to its safety management. Keeping it
secure and free from unwanted access.
10
The Information Security
• When you register on a website for whatever
reason, you are normally asked to choose a
password.
• Used to restrict access to registered people
only – how easy is to hack a password?
• Ten most popular passwords.
123456 123456789 qwerty
password 111111 12345678
abc123 1234567 password1
12345
• For all intents and pourposes, emails are never
private or their attachments.
Data encryption
• Data encryption is the process of translating
data from one form into another form so
that only people with the proper password,
or decryption key, can access it.
11
o Cipher: the act of encoding something
into secret language.
o Decipher: the act of converting a code
into normal language.
o Algorithm: a set of rules to be followed
in calculations or problem-solving
operations, especially by a computer.
o Key: a secret, like a password, that is
used to encrypt or decrypt information
(in the context of data security).
• Here is an example of a very early cipher.
• The key is the position of A in the array, A can be
anywhere.
12
• Here are examples of encryption algorithms.
EIGamal RSA
DSA PKCS
Elliptic curve techniques
• Matrices can be used to encrypt information,
by this we mean the true information can be
hidden. To do this we first allocate numbers
to the letters of the alphabet as shown in the
table below
(SPACE) = 0 A = 1 B = 2 C = 3 D = 4 E = 5 F = 6
G = 7 H = 8 I = 9 J = 10 K = 11 L = 12 M =13
N = 14 O = 15 P = 16 Q = 17 R = 18 S = 19 T = 20
U = 21 V = 22 W = 23 X = 24 Y = 25 Z = 26
• The table can be augmented to include
lower case and all the other symbols used in
written English.
• Any sentence can now be represented as a
sequence of numbers.
• Encode the sentence THE TREES ARE TALL .
Attach numbers from the above table to the
letters in the sentence.
13
T H E T R E E S A R E T A L L
(20 8 5) (0 20 18)(5 5 19)(0 1 18)(5 0 20)(1 12 12)
• You will have noticed the numbers are
grouped as (1 × 3) matrices.
• If the input data is A, when B acts A it will
produce output data C, in other words,
= 1
and
= −1 2
• Eq:1 is the encryption process and Eq:2 is
the decryption process.
• To perform the encryption a matrix B is
required, here is an example,
1 −2 2
= (−1 1 3 )
1 −1 −4
• The input data is going to be written as
column matrices.
• In the example sentence there are six input
matrices, the encrypted matrices are,
14
1 −2 2 20
= (−1 1 3 ) ( 8 )
1
1 −1 −4 5
1 −2 2 0
= (−1 1 3 ) (20)
2
1 −1 −4 18
1 −2 2 5
= (−1 1 3 ) ( 5 )
3
1 −1 −4 19
. . .
1 −2 2 1
= (−1 1 3 ) (12)
6
1 −1 −4 12
• After the calculations have been performed,
the encrypted sentence is therefore
[14 3 -8 -4 74 -92 33 57 -76 34 55 -73 45 55 -75 1 47 -59]
• To decrypt this data, you require the inverse
of matrix B as indicated in Eq:2. Therefore,
14 −4 1
= −1 ( 3 ), = −1 ( 74 ), … = −1 ( 47 )
6
1
2
−8 −92 −59
15
• In effect the data has been decrypted; the
message cannot be decrypted easily
without the encryption matrix B.
• For a successful encryption matrix, only
integers should appear in the encrypted
data.
-1
• This means the elements in B must be
-1
integers [det(B ) = 1].
• An encryption matrix can be created by
using the following,
1 1 0 0
= (0 1 ) ( 1 0) 3
0 0 1 1
where {a, b, c, d, e, f } are integers.
• There are many apps available for
encrypting files: www.vitrium.com
System Vulnerability and Abuse
• The vulnerability management process is a
continuous information security risk
undertaking that requires management
oversight.
16
• There are four high-level processes that
encompass vulnerability management:
o Discovery: should find every computing
asset on the network and build a database
of knowledge other VM processes can use.
Since the network is in a constant state of
change, the information about your assets
needs to be continually refreshed.
o Reporting: Reports should create a
prioritisation matrix that feeds into
vulnerability management processes.
Ideally, these reports can also be used for
tactical operations tasks.
o Prioritisation: The goal of prioritisation is to
use a vulnerability management tool to
create a customised list of prioritised
actions.
o Response: Risk falls into three categories:
remediate, mitigate or accept. Risk
acceptance is making a choice to accept the
risk without remediation or mitigation.
• In a strong vulnerability management
framework, each process and sub processes
within it need to be part of a continuous cycle
17
focused on improving security and reducing the
risk profile of network assets.
• An example of software vulnerability
software is www.Divice42.com
Security Threats
• The five most common
cyber threats →
• Social Engineering:
making people reveal
pass words and bank
details – phishing –
gaining confidence.
Also malware in
emails.
• Vulnerabilities: assessing the weaknesses of
a computer network that can be exploited
by a hacker.
• Poor patch management: providing
upgrades to system software which leaving
vulnerability.
18
• Mobile cyber attacks: Compromising an end
point in a network – a mobile for example.
Caused by social engineering problems.
• Advanced Persistent Threats: Expect weekly
attacks on a network. Part of the duties of a
network manager is to manages these
threats. Trying to manage several
simultaneous attacks.
• Dramatic growth in the scale of attacks, as
attackers employ large networks of
automated bots.
• For example, in March of 2013 a
distributed denial of service attack (DDoS)
against U.S. financial institutions used over
3000 bots to generate 190Gbps in peak
network traffic.
• A rise in application layer attacks as hackers
probe and exploit vulnerabilities in web
service security using techniques such as:
o HTTP floods
o Buffer overflow exploits
o SQL injection.
19
• The advent of multi-dimensional attacks
that combine multiple tactics and attack
avenues, such as an attention-diverting DoS
attack coupled with a SQL injection attack
aimed at stealing data.
• New types of highly dedicated attackers—
particularly, the emergence of politically-
motivated hacktivists who seek to advance
their cause with high-profile attacks on
corporate or government web properties.
Malicious Software
• Worm: A program or command file that uses
a computer network as a means for
adversely affecting a system’s integrity,
reliability, or availability.
20
o A network worm can attack from one
system to another by establishing a
network connection.
o It is usually a self-contained program
that does not need to attach itself to a
host file to infiltrate network after
network.
• Virus: A program that is designed to spread
from computer to computer on its own,
potentially damaging the system software
by corrupting or erasing data, using
available memory, or by annoying the user
by altering data.
o A virus is designed to replicate.
o Generally, it is spread by infecting other
files.
• Trojan: Trojan Horse hides malware in what
appears to be a normal file.
o Most Trojans are typically aimed at
taking control of a user’s computer,
stealing data and inserting more
malware on to a victim’s computer.
21
• Adware: Advertising supported software, is
software that displays unwanted
advertisements on your computer.
o Adware programs will tend to serve you
pop-up ads, can change your browser’s
homepage.
• Spyware: Is a blanket term given to software
that gathers information about your
computer and the things you do on it.
o Sends that information over the Internet
to a third party.
Definition of Cyber Crime
Offences that are committed against individuals or
groups of individuals with a criminal motive to
intentionally harm the reputation of the victim or
cause physical or mental harm, or loss, to the
victim directly or indirectly, using modern
telecommunication networks such as Internet
(networks including chat rooms, emails, notice
boards and groups) and mobile phones.
22
Antivirus: Antivirus software is a program or set
of programs that are designed to prevent,
search for, detect, and remove software viruses,
and other malicious software like worms,
trojans, adware, and more.
Firewalls: Network firewalls filter traffic between
two or more networks and run on network
hardware.
• Host-based firewalls run on host computers
and control network traffic in and
out of those machines.
23
Anti-Spyware: Software is a type of program
designed to prevent and detect unwanted
spyware program installations and to remove
those programs if installed.
• Detection may be either rules-based or
based on downloaded definition files that
identify currently active spyware programs.
Security Audit
• A security audit is a systematic evaluation
of the security of a company's information
system by measuring how well it conforms
to a set of established criteria.
• A thorough audit typically assesses the
security of the system's physical
configuration and environment, software,
24
information handling processes, and user
practices.
• Security audits are often used to determine
regulatory compliance with legislation.
• Every country has it’s own legislation.
• When there is a breach, the legislation
specifies how organisations are expected to
respond.
This concludes Session 3
25