This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
The term “e-Government” is initially used in the US government report “Reengineering Through Information Technology” in 1993. But the concept matured for administrative services in about 1995.
Dissociation between government and citizen
Efficiency Improvement
Information Disclosure
Serviceability Improvement
1993 1995 2000 2005 2010
Remove a barrier among public administrations
High quality services of public administrations to citizens
High
Low
Remove a barrier between public Administration and citizens
Digitization of In house Administrative process - Non-digitized information such as p such as papers (size, quality, thickness), drawings, pictures - Use same terminologies by state/local government, agency - Government PKI
Information Disclosure to citizens Such as offering administrative information to citizens through the Internet Homepage
Online applications of administrative services - Citizens are not necessary to visit administration counters for the service - Administrative applications (Japanese government) Number: More than 10 Thousand Volume : More than 1 Trillion / Year
Utilization of IT for government and citizens - Seamless : 24 Hr, 365 Days, One Stop, Non Stop - Paperless : Digital administration - Disclosure: Internet Portal, FOIA in US - Open : e-procurement
- Aug. 1994 Headquarters for Promotion of Advanced Information and Communications Society - Dec. 1999 Millennium Project - Jul. 2000/7 IT Strategy Headquarters - Jan. 2001 e-Japan Strategy - Mar. 2001 e-Japan Priority Policy Program - Jun. 2002 e-Japan Priority Policy Program - 2002 - Jul. 2003 e-Japan Strategy II - Aug. 2003 e-Japan Priority Policy Program – 2003(e-Japan) by 2005 Being the world’s highest-level country(e-Japan II) 2006 Keeping up to be the world’s highest-level country
- Aug. 1994 Headquarters for Promotion of Advanced Information and Communications Society - Dec. 1999 Millennium Project - Jul. 2000/7 IT Strategy Headquarters - Jan. 2001 e-Japan Strategy - Mar. 2001 e-Japan Priority Policy Program - Jun. 2002 e-Japan Priority Policy Program - 2002 - Jul. 2003 e-Japan Strategy II - Aug. 2003 e-Japan Priority Policy Program – 2003(e-Japan) by 2005 Being the world’s highest-level country(e-Japan II) 2006 Keeping up to be the world’s highest-level country
Aug. 1999 Law of the Basic Resident Registers amended Aug. 1999 Law of Prohibition of Illegal Access enacted Nov. 2000 Basic IT Law enacted Apr. 2001 Digital Signature law enforced (Aug. 2002 Basic resident registry network system enacted) Dec. 2002 Law about Signatures and Certification Services enforced Feb. 2003 Three laws related to administrative procedure enforced (about 52,000 procedures)
IT Engineers Examination The Government of Japan has agreed with 7 Asian countries (China, India, Korea, Philippines, Singapore, Thailand and Vietnam) about mutual recognition of IT Engineers Examination.
Asia Open Source Software (OSS) ForumCurrently 18 Asian economies are participating to the Asia OSS Forum. The first forum was held in Phuket in Mar. 2003 and the second forum was held in Singapore in Nov. 2003.
Asia Public Key Infrastructure (PKI) ForumAsia PKI Forum was established in June 2001 with the purpose of promoting inter-operability of PKI in Asia and Oceania and the use of PKI in e-Commerce.
Security becomes more serious topics nowadays - Terrorist attacks in New York, the US on Sept. 11 2001 - Hansin earthquake in Kobe, Japan on Jan. 17 1995 - Cable fire stops computer system operation in the area - Increment of cyber attack
If your system has a security hole, your system is no longer free from a clacker’s attack
- How to secure the system from disasters- How to protect the system from attack
- ISO 17799: 2000 (Code of practice for information security management) - BS 7799 (British Standard) - JIS X 5080 (Japan Industrial Standard)
- ISO 15408 (Common Criteria) - ISO/IEC TR 13335 (GMITS: Guidelines for the Management of IT Security) - OECD Recommendation Guideline (on 25 July 2002)
10 essential key controls for providing effective information security 1 Security policy 2 Organizational security 3 Assets classification and control 4 Personnel security 5 Physical and environmental security 6 Communications and operations management 7 Access control 8 Systems development and maintenance 9 Business continuity management 10 Compliance BS7799-2:1999, ISMS
ISMS Certification Standard security
Essential key controls (10 controls)
Possible purposes of the management (36 purposes)
Possible measures for the management (127 measures)
Step 1 Determine the scope of the ISMS Step 2 Define an ISMS policy Step 3 Define a systematic approach to risk AssessmentStep 4 Identify risksStep 5 Undertake risk assessment Step 6 Undertake risk treatmentStep 7 Select control objectives and controlsStep 8 Prepare a statement of applicabilityStep 9 Approve residual risks and permit the introduction of the ISMS
RiskTreatment
RiskAssessment
Scope
List of risks
SecurityPolicy
Standards of measures for risks
ISMS Framework
Step 10 Execution of security measures based on the policyStep 11 Operation and recordsStep 12 Internal auditing and lesson learned
(1) Statement by the top management (2) Scope of the activity (3) Purpose of the activity on information security (4) Definition of the information security and appeal of its importance (5) Declaration that the activity is ordered into all members of the organization (6) Determination of the policy - Penalty, Familiarize to members, Responsibility, Compliance
The world is now facing problems of computer attacking, data leaking of company’s secrets or trespasses of privacy. They are no longer other party’s problem but are also our problem. I sincerely concern about the impact of those problems to the company, I would like to emphasize the importance of security measurements in order to protect our-self from such fears.
(1) We will take an action of security measures to our properties based on their importance and secret level. (2) All staff must be in compliance with the security measurement that we will determine separately. (3) The security measurement must review time to time in accordance with the necessity and its technology enhancement. (4) All staff are required to understand the Policy. (5) I appoint the IT director for the security administrator and all board of directors for the security policy steering committee members.
Effects of the ISMS (1) Internal effects - Standardized security level in the organization - Helping to boost members morale - Minimize the cost for maintaining security - Being able to apply the certification under the certification scheme (e.g. JIPDEC* in Japan, UKAS** in UK)
(2) External effects - Being able to appeal to be a certificated organization in operation and management based on security policy - Improve the trust of society * JIPDEC: Japan Information Processing Development Corporation ** UKAS : United Kingdom Accreditation Service
1) Awareness Participants should be aware of the need for security of information systems and networks and what they can do to enhance security
2) Responsibility All participants are responsible for the security of information systems and networks
3) Response Participants should act in a timely and co-operative manner to prevent, detect and respond to security incidents
4) Ethics Participants should respect the legitimate interests of others.
5) Democracy The security of information systems and networks should be compatible with essential values of a democratic society
6) Risk assessment Participants should conduct risk assessments.
7) Security design and implementation
Participants should incorporate security as an essential element of information systems and networks.
8) Security management
Participants should adopt a comprehensive approach to security management
9) Reassessment Participants should review and reassess the security of information systems and networks, and make appropriate modifications to security policies, practices, measures and procedures
OECD Guidelines for the Security of Information Systems and Networks