Explain Security Management Model of E-Governance.

-

 Security Management Model of E-Governance

The above facts lead us to the conclusion that the security of the e-governance system has to be managed systematically in three levels, this model is explained with the help of this figure



1) Security at User Level

  • Security at the user level is a very important issue. We can classify user-level security management into three parts:- a) Identify management b) Access Management System, c) Interaction Management System



a) Identity Management

The main purpose of this is to create a unique digital identity or credential for all legal users by providing a unique user name and password, to create and manage ICT systems that ensure that the digital identities are secure.


b) Access Management System

At this level, the unique credentials which are provided to the user at the identity level are matched to identify the user, that he/she is actually the authentic person.


c) Interaction Management System

Interaction management is a most comprehensive and complex phase. It includes assurance of Integrity, Confidentiality, and Non-repudiation principles of comprehensive security.


  • At the user level, we can use various tools such as digital identity token, public key infrastructure (PKI), digital signature, asymmetric key cryptography, etc. to provide or enhance security at the user level.



2)Security at Transport Level

At this level, we consider e-governance security in two aspects which are security within LAN and WAN, and the second one is Security over the Internet. This security level is classified into two systems, i.e. Secure Communication System and Cryptographic System. The data and information reach through user to ICT assets or vice-versa, and when the data is in between these two i.e. in transmission medium which can be either LAN, WAN, or any wireless or any other medium whatever, then we need higher security. For this e-governance administrator use various tools or techniques like creating a Virtual Private Network (VPN), installing Firewalls, using higher and complex Encryption or decryption techniques, etc.





3)Security at ICT Assets level

ICT assets are the most precious for any organization or institution, so to secure this level we have two broad categories of security treatment i.e. Physical security and Electronic security.




a) Physical Security

It is used to protect the data against physical damages or losses like- natural disasters etc. to protect data at this security level we take some steps such as:-  the security level of data centers are highly secured by using the biometric-controlled system, in data centers provision of dust-proof environment, fire protection systems, security alarms, CCTV monitoring of data center, etc. automated backup system. By using some basic instructions we easily secure the data physically.


b) Electronic Security

To give protection against digital threats we want to use electronic security. We have various electronic security tools, and we can manage them in two categories:-Antivirus System, Firewalls


 Anti-virus System

When we discuss digital threats the first thing in our mind is a virus, which affects our ICT assets in various ways such as:- slowing down of the system, occupy disk space, corrupt our valuable data or storage medium, etc. it is also known as malware, worms, and Trojan horses. there are “over 1,122,311 known viruses active in the world as of 2008"


Firewalls

“A system designed to prevent unauthorized access to or from a private network”. A firewall is a security device that can be hardware or software that is mainly used to separate a secure area from a less secure area and to control communications between the two. We have several firewall techniques such as Packet filter, Application gateway, Circuit-level gateway, Proxy server. There are many different brands of software firewalls, some of them are ZoneAlarm, BlackICE and Kerio, etc.











Comments

Post a Comment

Popular posts from this blog

What is the cloud cube model? Explain in context to the Jericho cloud cube model along with its various dimensions.

-
Image
Cloud Cube model   The Cloud Cube model helps classify a four-dimensional factor cloud network. Its concentration is on protecting and safeguarding the cloud network. This cloud cube model lets you securely pick cloud formation. This model serves to provide a safe and secured Internet network for IT administrators enterprises, and business leaders. Jericho cloud cube model  Jericho Forum is an international independent group of information security leaders & their focus is on how to protect and secure cloud networks. They put forward a model that helps to categorize a cloud network based on four-dimensional factors. The Jericho Cloud Cube Model describes the multidimensional elements of cloud computing, framing not only cloud use cases, but also how they are deployed and used. The Cloud Cube Model, established and developed by the Jericho Forum, assists in categorizing cloud networks based on four dimensions: Internal/External Proprietary/Open Perimeterised/De-perimet...
Read more

Explain cloud computing reference model .

-
Image
 CLOUD COMPUTING REFERENCE MODEL The cloud computing reference model is a general high-level architecture and is meant for a cloud computing reference architecture provided, which outlines the primary performer/actor and the understanding of the cloud computing needs, uses, features, and standards. An overview of the NIST primary players, as indicated in the figure below. Each performer is an entity that might be a person or a cloud computing activity and role. The NIST cloud computing reference architecture identifies five organization that takes part in a transaction or process and complete duties in cloud computing. 1. Cloud consumer:  The cloud consumer is the cloud computing service's most significant stakeholder. A cloud consumer is a person or organization who has a commercial connection with a cloud provider and consumes its services. A cloud consumer browses a cloud provider's service catalog, requests the right service, establishes service contracts with the cloud pr...
Read more

Discuss classification or taxonomy of virtualization at different levels.

-
Image
Taxonomy of virtualization Virtualization is mainly used to emulate the execution environment, storage, and networks. The execution environment is classified into two: – Process-level – implemented on top of an existing operating system.  – System-level – implemented directly on hardware and does not or minimum requirement of the existing operating system. OR,  Virtualization covers a wide range of emulation techniques that are applied to different areas of computing. A classification of these techniques helps us better understand their characteristics and use  V irtualization is mainly used to emulate  ● Execution Environments: To provide support for the execution of the programs eg. OS, and Application.  ○ Process Level: Implemented on top of an existing OS that has full control of the hardware  ○ System Level: Implemented directly on Hardware and do not require support from existing OS.  ● Storage: Storage vi...
Read more