Issue Of Non Repudiation

Published Date: 02 Nov 2017

Introduction………………………………………………………………2

Definition of question 1…………………………………………………..3

3.0 Security issues………………………………………………………...4

3.1 Integrity……………………………………………………………...4-5

3.2 Non-repudiation.……………………………………………………...5

3.3 Authenticity…………………………………………………………...6

3.4 Confidentiality………………………………………………………..6

3.5 Availability……………………………………………………………7

Definition of question 2………………………………………………….8

Programme Management………………………………………………...9

Technology……………………………………………………………...9-10

Process………………………………………………………………….10-11

People…………………………………………………………………..11-12

Conclusion……………………………………………………………….13

1.0 Introduction

Nowadays the area of internet was begun more expanded and popularity, cause everyone would using computer to process their requirement on the internet. Therefore, the Multimedia Super Corridor (MSC) has been launched and providing an ideal communication or service environment for the citizens, which purpose to improve more efficiency for our nation and government. But it also included some disadvantage within this development, so in this assignment we would discuss about the E-Government.

In this assignment, it has been recognized in four sections, which are introduction, content conclusion and references, each section would go in to details. First of all, in first question we would talk about some security issues of information and communication technology (ICT). During this section, we would discuss how it affected the public sector and private sector in our country. After that, in second question, we will explain the integration framework and four main components as well.

As a conclusion, although most of the resources of this assignment are taken from internet and reference book, the purpose of this assignment is to present as clearly and completely as possible, the characteristics and nature of today E-government.

2.0 Definition of question 1

During the October in 2000, the “Government Information and Communication Technology (ICT) Security Framework” has been published. This development also was complemented the earlier document, which is the “Security Directive Manual”. Typically, this framework are elaborates onto the security measurement, the main objective mostly is to encompass the technology network with a nature in today world.

Basically, those are this framework was the key contribution that let our country toward the development of the public sector ICT security initiative. In addition, there have some issue maybe would existing within the document address, such as confidentiality, integrity, availability, non-repudiation and authenticity. To recognize those importance data and the data ownership, it would be provide some coverage on the security measures, as well as the role and responsibilities of members within the agency.

Moreover, actually this kind of framework would go as far as to mandate the appointment of ICT Security Officers which under to ministries and the departments. And who will be a responsible to conduct risk analysis and security program that based on the standard, guidelines, and the security measures of ICT. Furthermore, while drawing the essential principles set by the “Government ICT Security Framework”, the Malaysian Public Sector Management of ICT Security Handbook (MyMIS) also has been published in January 2002. The main aim of MyMIS is to covers some diverse range of topic ranging which would be come from the identification of risks and threats, roles and some responsibilities for ICT security that consider expend to the investigation of computer crime. In fact, the MyMIS were serves as a detailed guide for ICT Security infrastructure development and its management as well. It also includes a lot of templates, checklists, and procedures that could be served as a guide for the entire public sector agencies that into the development of ICT security policy for the respective organization.

3.0 Security issues

3.1 Integrity

Integrity is a security relation that ensure between the sender with the receiver, even though it’s consider some business processing or commercial organization which is not without some spoofing in this movement. Actually, there are many people are using e-mail or some internet technology to processing their communication and business, in this movement maybe their detail or information will be recording into another website, for example like pharming.

Issue of integrity

The pharming could be referring to some redirecting website traffic though the hacking. Whereby the implement tool of those hacker, it could redirect the search website to began a fake. Basically, the pharming issue may cause the user to find themselves onto an illegitimate website and without any realizing that they actually have been redirected to the impostor site, those are these fake website may look exactly same like the real site.

The pharning issue would be occur when the hacker has been located the vulnerabilities within the domain name server (DNS) software. So, the pahrming issue may occur by the rearrange the host’s file onto the target computer. However, those are the online banking website or some else the e-commerce organization would become the most popular pharming target. Although the pharming threat has been simultaneously used, and these could cause the most potential for the online identify theft, but unfortunately, the anti-virus or anti-spyware software were often incapable of the protecting against within this kind of cybercrime.

3.2 Non-repudiation

The non-repudiation could be referring as the method of which guarantee message to transmitting between the parties via with the digital signature or encryption. This is the one of the important pillar of information assurance (IA). Normally, those are the non-repudiation often to use for the digital signature, contract, and some email message. For using the data hash, the proof of authentic would indentify some data or data origination which could be obtained. Along with the digital signature, the public key could become as a problem when it’s come to the non-repudiation, if the message of recipient has been exposed, or either that is belong to knowingly or unknowingly, their encrypted or a secret key.

Issue of non-repudiation

The spoofing is the most common existed issue within non-repudiation. In general, the meaning of spoofing which is the various fraudulent or malicious practice that existing into which communication that was been sent from the unknown sources, and although the unknown source are disguised as the source who known to the receiver. As long as we can say, spoofing was the most prevalent that within the communication mechanisms for lack the higher level of the security. Basically, the spoofing issue normally could be found on the e-mail or website. For example, some of the people which would like to visit to the website, but because that maybe have some spoofing issue within that website, the spoofing was deceiving the people to believe some e-mail or website originates from a source that it is does not at all. The most common type of spoofing is webpage spoofing, but mail spoofing and IP spoofing as popular as well.

3.3 Authenticity

In authenticity, the characteristic of a document or record for created by the entity represented as it is a creator, and it is preserved into the original form without some tampering and falsification. In fact the genuine signature is usually the best proof of the authenticity.

Issue of Authenticity

The issue of authenticity is phishing. Phishing is an email fraud method in which the perpetrator send out legitimate for looking email into the attempt to gather financial and personal information from the recipient. In addition, the messages appear to come from well trustworthy website. Some of the frequently spoofed by phishes are including eBay, MSN, Yahoo and some government website as well. The phishing expedition like the fishing expedition it is the name for, some of the phishes like to put the lure hoping to fool at least a few preys that encounter bait.

3.4 Confidentiality

Confidentiality is an ability that can be ensuring the message and data should available only for those authorized to view. Now a day some of the business relationship between the companies are mutual want to know mutual confidentially, that are the good opportunity for sniffer who are the theft the information to know about in is into the all confidential information.

Issue of confidentiality

The issue of confidentiality is sniffing. Some of the sniffer can be a hardware device or the software program with the firmware programming. Usually Sniffer is a wire-tap devices that plugs into the computer networks and eavesdrops on to networks traffic. However, it would consider some issue of stealing information by the web visitor.

3.5 Availability

The meaning of availability is to ensure the system ability to continue intended and function. Usually it is provided through some redundancy, which is often referred to denial-ofâ€"service. For example it will give some virus.

Issue of availability

The purpose of hacking, which is to unauthorized the instruction into the computer system or network system. The person who was be engaging in the activities of hacking which generally call them as a hacker. Typically, the hacker would alter the security or system features for accomplish the goal that differ from their original purpose. Basically, the hacker would employ some variety of techniques for the hacking activity, such as password cracking, packet sniffing, spoofing attack, Trojan horse, virus, and the key logger as well. Most of the issue of availability is the virus redirect the system and make it malfunction. The purpose almost is to attach to the user host’s file or boot sector, and in order to copy their information as they doesn’t know, then continuously spread the virus to the entire system. Therefore, it could break down the entire system.

4.0 Definition of question 2

For objective of the implementation framework which is designed to managing and guide the execution of the E-Government strategies. Those are the framework was an adaptation of the Accenture’s Business Integration Framework, which could be classify into the four main components as well, such as programme management, technology, people, and the process.

In fact, in each of the project of E-government have its own versions for the implementation frameworks. Therefore where the elements were within the four components could begin to differ according to the individual agency’s business or technical needs.

5.0 Programme Management

The Programme Management component was a critical which use to ensuring the development of the e-Government flagship as a whole as the coordinated, timely and meets its objectives. In addition, the Programme Management was begun to group within MAMPU. It totally provides some guidance, management and much more advisory services to the project teams, as well as to ensure the application maintain into the common level standards, and it also ensure some of the guideline that across to all projects, which have some common standards and guidelines that were include within the systems design and testing, graphical user interface, business process reengineering, transition planning, security, benefits capture and many more.

Those are the application or project that within E-Government are heading by the lead agency, such as the Project Manager has its own Project Management Team. Although there have some ownership of the project was lies with their lead agency, as custodian of the E-government flagship, the MAMPU would be assisted by provide some consultancy and more project management services.

6.0 Technology

The Technology component was addressing some of the implementation with the new emerging technology which into the environment of government. Typically, it was use to finding some right technology that support the brand process, and as well as to provide a useful information and tools for support to the users. In addition, those are the element within this component are the various important to warrant further warrant further discussion with shared infrastructure, security and privacy, and technologies for E-Government.

The government of Malaysia has taken up the challenge of implementing the E-government. To succeed, it would have to reinvent the way it provide service and some interact with the people, to increase efficiency, convenience and the accessibility of public sector service to individual and of its internet operation. A number of the online pilot projects have already gone ‘live’. With the E-Procurement pilot, for example, the automation and streamlining of the procurement processes between the government and the businesses, has led to increase transparency, a smoother purchasing cycle and cost saving. With E-Service, issuance and renewal of driver licenses have been automated and can be carried out on the personal computer.

The setting up of the E-Government Data Centre (EGDC) would be involving within the SSO, which was a strategic more that will catalyze the shared for services initiative. With the relocation of federal agencies to Putrajaya, the opportunity arises for the consolidation of data centre into a centralized shared facility. Government departments and ministries that typically establish their own data centre in the past can now leverage on utilizing the EGDC. This practice will reduce the need for isolated skilled personnel, systems management tools and site facilities. In addition, it will bring multiple benefits in terms of reduced infrastructure costs, human resource synergies and increased operating efficiency.

7.0 Process

The Process component where would be a look for the opportunity that process of government could be improve, those are regarding with redesign or reengineer that taken away the traditional function boundaries. In fact, the Process component was the operating business standard and the procedures need to facing the objective of business within the programme. Typically those are the element would be guide and bring the organization to its stage of desire, and it would be discuss with a great length into the business model, such as the business process reengineering and the cyber law.

The purpose of the cyber law would use to prevent and reduce some large scale damage from the cybercriminal activity, such as protection of information access, privacy, intellectual property, communication and the freedom of speech. Although would be related to the use of website, email, computer, internet, cell phone, software and hardware, and some data storage devices as well. The increasingly in the internet traffic had begin to led with a higher proportion of the legal issue worldwide. Because the cyber law are vary by the country and jurisdiction, it enforcement could be challenging, and the restitution range from fines to imprisonment. The cyber law was a both part of the process component and the brand new component within itself. This is an area of the digital world that is still exists within very much adolescence; much thought, analysis, practice and modification that still ongoing.

6.0 People

Finally the last component is people, the People component which may often thought to be the most important within the whole implementation framework. Basically, this kind of component would used to encapsulate the entire element with some people-related, and to ensure the successfully of the new system, especially the one which have some change and impact to human performance.

The component of People may involve some organizing, motivating and empowering people for helping them to succeed into the embracing and sustaining E-government. Such as an initiatives which could be involving a clearly communicating goals with the objectives of E-Government and some respective pilot projects, early and often, as well as demonstrating their benefits. However, there have two variables could be make it successful and have a biggest impact for the human performance, which is Change and Human Resources.

Just because of the history could prove the time and again for success the project ultimately is all depend on the people. Besides that, it would regardless of how well the process that having reengineer, and how well the new technologies application would be applied. Finally it could be said as a people who run the business and delivering the goods. It would never be stress enough to giving due importance for process and the technology, but it never underestimates the worth of the investing of the people.

7.0 Conclusion

In a conclusion, obviously E-government is a very useful service for our daily use. Just because of it was the use of information and communication technologies within the public administration combined with organizational change and new skills to improve public services and democratic processes and to strengthen support to public policies. It would provide much more personalized and inclusive services to each of the citizen. In fact, it make us more convenient and save time to process what we needed, and without any complicated progression.

Besides that, the advantage of the integration framework also would provide our organization and citizen with more convenient to access the government information or services, and also clearly classify with each sector would provide some delivery of public services to the citizen, business partners, and those who would working in the public sector. Each component would involve its important usage for the whole E-government project. Finally, in this assignment, since we understand there still have some security issue within the E-government service, but I could believe it still have a big improvement to become better.