ABSTRACT
This paper examines prior research on the topic of information security analysis in the context of e-Government. Specifically, risk management concept models and analysis techniques are reviewed and their application in e-Government is covered. In addition, this paper will review criminological threat assessment techniques and relate them to risk management methodologies, discussing similarities and differences. This paper offers the conclusion that the fields of information security risk management and criminological threat assessment techniques have a number of similarities and differences and the methodologies should be examined together more closely in future research for the benefit of both fields.
- International Telecommunication Union (2010). Information Communication Technology Indicators Database. Retrieved June 20, 2010 from ITU Statistics page: http://www.itu.int/ITU-D/ict/statistics/index.htmlGoogle Scholar
- Zang, Z. (2002). E-Government in Digital Era: Concept, Practice, and Development. International Journal of The Computer, The Internet, and Management, 10 (2). 1--22.Google Scholar
- Ebrahim, Z., Irani, Z. (2005). E-government adoption: Architecture and barriers. Business Process Management Journal, 15 (5). 589--611. DOI: 10.1108/14637150510619902Google ScholarCross Ref
- Wang, J. F. E-Government security management: Key factors and countermeasures. in Fifth International Conference on Information Assurance and Security. (Xi'an, China, 2009). IEEE Computer Society, 483--486. Google ScholarDigital Library
- Joshi, J., Ghafoor, A., Aref, W. G., Spafford, E. H. Digital government security infrastructure design challenges, IEEE Computer, 34 (2). 66--72. Google ScholarDigital Library
- Hwang, M. S., Li, C. T., Shen, J. J., Chen, Y. P. Challenges in e-government and security of information. Information & Security: An International Journal, 15 (1). 9--20.Google Scholar
- Conklin, A., White, G. B. E-government and cyber security: The role of cyber security exercises. Proceedings of the 39th Hawaii International Conference on System Sciences. (Kauai, HI, 2006). IEEE Computer Society, 1--8. Google ScholarDigital Library
- Luna-Reyes, L. F., Gil-Garcia, J. R. E-government & internet security: Some technical and policy considerations. Proceedings of the 2003 Annual National Conference on Digital Government Research. (Boston, MA, 2003). ACM International Conference Proceeding Series, Vol. 130. Google ScholarDigital Library
- Whitman, M., and Mattord, H. J. Management of Information Security. Thomson Course Technology, Boston, 2010. Google ScholarDigital Library
- Stoneburner, G., Goguen, A., Feringa, A. Risk management guide for information technology systems: recommendations of the national institute of standards and technology. NIST Special Publication 800--30. Retrieved June 20, 2010 from http://csrc.nist.gov/publications/nistpubs/800-30/sp800-30.pdfGoogle Scholar
- Evangelidis, A. A risk assessment framework for e-services. Electronic Journal of e-Government, 2 (1). 21--30.Google Scholar
- Tchankova, L. Risk Identification - Basic Stage in Risk Management. Environmental Management and Health, 13 (3). 290--297.Google Scholar
- Liebermann, Y., Stashevsky, S. Perceived risks as barriers to internet and e-commerce usage. Qualitative Market Research: An International Journal, 5 (4). 291--300.Google Scholar
- Zhou, Z., Hu, C. Study on the e-government security risk management. IJCSNS International Journal of Computer Science and Network Security, 8 (5). 208--213.Google Scholar
- Fein, R. A., Vossekuil, B., & Holden, G. A. (1995). Threat assessment: An approach to prevent targeted violence. National Institute of Justice: Research in Action, 1--7.Google Scholar
- Ackerman, A., Moran, S. Bioterrorism and threat assessment. Weapons of Mass Destruction Terrorism Research Program. Retrieved June 20, 2010 from http://www.wmdcommission.org/files/No22.pdfGoogle Scholar
Index Terms
- A comparison of information security risk analysis in the context of e-government to criminological threat assessment techniques
Recommendations
Taxonomy of information security risk assessment (ISRA)
Information is a perennially significant business asset in all organizations. Therefore, it must be protected as any other valuable asset. This is the objective of information security, and an information security program provides this kind of ...
Including technical and security risks in the management of information systems: A programmatic risk management model
Developing and managing information systems have always been challenging, but increased security concerns and tighter budget resources have made these tasks even more difficult in recent years. Increased networking, mobility, and telecommuting, while ...
A two-phase quantitative methodology for enterprise information security risk analysis
CUBE '12: Proceedings of the CUBE International Information Technology ConferenceAs Enterprise information infrastructure is becoming more and more complex, and connected, amount of risks to enterprise assets is increasing. Hence, the process of identification, analysis, and mitigation of Information Security risks has assumed ...
Comments