IS for increased usage of e-services

8th SEEITA – 7th SEE ICT Forum Meeting & 7th MASIT Open Days Conference14-15 October 2010, Ohrid www.seeita.org

Information security for increased usage of e-Services

Ana Meskovska,[email protected]

mailto:[email protected]


About me

• Consultant and Trainer in Trajkovski & Partners Consulting

• Quality and Information Security Manager

• B.Sc. in Electrical Engineering

• Master student – e-Business management

• ICMCI Certified Management Consultant – CMC

• ECQA certified IT Security and e-Security Manager

• Member of Board of Directors and Chairman of the Committee for Events of itSMF Macedonia


CONTENT

• INTRODUCTION

– Purpose of presentations issues and understanding the issues

• STARTING FROM THE BASICS

– What is e-service, information security

• ANSWER THE CHALLENGES


INTRODUCTION


Purpose of the presentation

• Main topic - increasing usage of e-services

• Why this topic?

– Explosive development and advancement of ICT

– Significant growth of internet usage

– Rapid increase of e-services

– Flat-lining in usage of e-services


Households with Internet access

• 81.0% in 2009

• 78.6% in 2008

• 16.5% in 2007

• 14% in 2006

Source: State Statistical Office


Households that used computer and Internet in 2008 and 2009



Purpose of using the Internet in the first quarter 2009



Citizens using the Internet and e-Government

Figure 1. Percentage of citizens using the Internet and e-Government (Source: Eurostat 2009)

Overall progress

in citizen using

governmental e-

services between

2004 and 2008:

• 4% - 7% for EU15

• 3% - 4% for EU12


WHY, not to use e-services?

• The e-service doesn’t offer any additional benefits vs. the regular service

• The e-service is not relevant

• It is too complicated

• It is not as quality as the regular service

• A trust issue

• It is not obligatory

• …….


Understanding the issues

• Why is trust an issue:

– involvement of sensitive and personal information

– risk from disclosure and misuse of important information and documents

– absence of physical contact, visual communication and tangibility

• How to start overcoming this issue?

– Information security

– …….


How to use Information security to increase usage of e-services?


STARTING FROM THE BASICS


What means e-service?

• The attainment and delivery of services

through electronic media

• Any asset, deed, effort or performance

that is made available via the Internet to

drive new revenue streams or create new

efficiencies


Types of e-services

• E-services that don’t have critical impact on our lives or business

– e-mails, social networks, chats, blogs, collaboration workspaces…

• E-services that have crucial impact on our lives, private and business wise

– e-banking, e-procurement, e-auctions, e-government, e-healthcare…


Example of e-service activities

• registering for user identity - e.g. membership application

• updating user information - e.g. new address

• updating user status - e.g. credit card account balance

• submitting application - e.g. credit card, driving license

• placing order - e.g. buying and selling of stocks and funds

• doing payment transaction - e.g. credit card payment

• searching for information - e.g. business matching

• exchanging information - e.g. chatroom

• receiving information and service - e.g. education notes

• doing survey, etc…


What means Information?

• Information is an asset to the organization, which has value to organization and needs to be protected appropriately

• Types of information:– Printed or written on paper

– Electronic– Send by mail or other electronic connections– Presented on company’s promotional materials,

web site– Spoken


What means Information Security?

• Providing confidentiality, integrity and availability of written, spoken and electronic information

– Confidentiality - limiting information access and disclosure to authorized users and preventing access by or disclosure to unauthorized ones

– Integrity - accuracy and completeness

– Availability - accessibility and usability upon demand by an authorized entity


ANSWER THE CHALLENGES


Implement Information Security Management System

• Conduct risk assessment

• Define and enforce IS policies– ISMS policy, Privacy policy, e-Privacy policy

• Define and enforce IS procedures– Business continuity planning, Access control ….

• Identify and implement relevant IS controls– firewall, cryptography, SSL, PKI and DC

• Take in consideration best practices and standards– ISO 27001, ITIL, ISO 20000, COBIT, ITAF …


Identify and achieve CIA balance


Raise awareness

• Raise awareness for:

– the purpose of e-service

– the benefits from the e-service

– the need for information security

– how is information security organized and implemented

– importance and existence of IS controls and tools

among management, employees, clients, users, ….


Summary

• Trend: Flat-lining of usage of services

• Issue: the trust issue

• Answer: first step in dealing with the trsutissue - information security

• Conclusion: Create and communicate an Information Security Management System


Relevant links

• www.iso27001security.com

• http://bledconference.org/index.php/eConference/2010

• http://www.infosec.gov.hk/english/information/services.html

• http://epp.eurostat.ec.europa.eu/portal/page/portal/eurostat/home/

• www.stat.gov.mk

• www.isaca.org

• www.itil-officialsite.com

http://www.infosec.gov.hk/english/information/services.html






http://epp.eurostat.ec.europa.eu/portal/page/portal/eurostat/home/

http://epp.eurostat.ec.europa.eu/portal/page/portal/eurostat/home/

http://www.stat.gov.mk/

http://www.itil-officialsite.com/






Ana Meskovska

[email protected]

mailto:[email protected]

Technology

IS for increased usage of e-services