Professional Documents
Culture Documents
2020-21 Spring
Student Name:
London Met ID:
College ID:
Assignment Due Date:
Assignment Submission Date:
Word Count:
I confirm that I understand my coursework needs to be submitted online via Google Classroom under the relevant module page
before the deadline for my assignment to be accepted and marked. I am fully aware that late submissions will be treated as
non-submission and a mark of zero will be awarded.
Cyber Security Management CC7178NI
Abstract
With the rise of technology and digital transition, e-government has been an important
medium for the government and its citizens to interact. It has been very helpful to both the
1
Cyber Security Management CC7178NI
Table of Contents
Table of Figures …..….……………………………………………………………………….3
Table of Abbreviations....…..……………………………………………………….………..4
Introduction……………………………………………………………………………..……5
General Introduction……...………………………………………………………....…….5
Problem Background.…….………...……………………….………………………....…..6
Current Scenario…………….…………………………….……………………………….6
Status of e-government security in Nepal…….…….…….……………………….6
Literature review…….……………………………………………………………………….8
e-Government……….…………………………………………………………………….8
Information security ….…………………………………………………………………..11
Designing Robust Security Policies & Practices for e-Government. …………………….11
a. Security Policies…….………………………………………………………..12
b. Security Practices..…………………………………………………………...13
Critical Analysis….………………………………………………………………………....14
3.1 Case Study 1 : Data breach on US Federal government..….………………………..14
3.1.1 Background..……….……………………………………………………....14
3.1.2 Objectives……….….……………………………………………………...14
3.1.3 Issue Identification....………………………………………………………15
3.1.4 Mitigation………..………………………………………………………....16
3.1.5 Case Study Summary……..………………………………………………..17
3.2 Case Study 2: Massive Cyber Attack on Atlanta City Government………..……….18
3.2.1 Background…...…………………………………………………………....18
3.2.2 Objectives...………………………………………………………………...19
3.2.3 Issue Identification……....…………………………………………………19
3.2.4 Mitigation ..………………………………………………………………....19
3.2.5 Case Study Summary…………..…………………………………………..20
Conclusion……..…………………………………………………………………………….21
References……..…………………………………………………………………………….22
2
Cyber Security Management CC7178NI
Table of Figures
Figure 1: E-governance security architecture (Joshi A, 2012, pp-254-257)...................…...5
Figure 3: Estimated Average Loss from Cyber Attacks (Smith, Z., Lostri, E., 2020)...........7
Figure 11: Stats Showing e-government services mostly affected by Ransomware ( Panettieri.
J., 2021)….….….….….….….….….….….….….….….….….….….….….….…………..17
3
Cyber Security Management CC7178NI
Table of Abbreviations
IT Information Technology
US United States
4
Cyber Security Management CC7178NI
Introduction
a. General Introduction
Modern government has been gradually moving to e-government operations.
e-Government is the utilization of ICT assets to provide services to citizens. This has
made the government and its citizens closer.
Security policies and practices are essential to protect Information and communication
technologies(ICT) assets of e-government.
5
Cyber Security Management CC7178NI
b. Problem Background
Not a single element of the digital world is free from cybersecurity risks, so there is
no chance of e-government being risk-free too. There are many issues faced in
e-government implementation and its ongoing operations.
c. Current Scenario
Worldwide e-government systems have been facing various security threats. It has
affected the data and information of citizens and government bodies. In figure 3 we
can see how the loss from cybersecurity is increasing every year and only in 2020 it
was near 1 trillion dollars.
6
Cyber Security Management CC7178NI
Figure 3: Estimated Average Loss from Cyber Attacks (Smith, Z., Lostri, E., 2020)
The first IT policy of Nepal was proposed in 2000 B.S. This policy aims to connect all
ministries, departments, and offices with the government. The policy was altered and
updated many times since then.
7
Cyber Security Management CC7178NI
Literature review
a. e-Government
e-Government is the implementation of information communication technologies that
work as tools to provide different services to people.
There is another term that comes frequently with e-government called e-governance
which refers to the utilization of information and communication technology (ICT)
for providing government services, disseminating information, and communication
operations with the general public [5].
Advantages :
- Provide uninterrupted service to citizens minimizing time and cost.
- Assists in improving services, understanding citizens feedback and
requirements.
- Helps minimize government operational costs.
8
Cyber Security Management CC7178NI
9
Cyber Security Management CC7178NI
- Malware:
- Ransomware:
- Phishing:
- Packet Sniffer:
10
Cyber Security Management CC7178NI
b. Information security
Information security is the protection of user information from unauthorized access
and maintaining its integrity. Information security is defined by the CIA triangle :
- Confidentiality: involves keeping the information private and only accessed by
authorized users.
- Integrity: involves data that cannot be modified.
- Availability: involves the data can be available anytime to its requested user.
11
Cyber Security Management CC7178NI
Some examples of common security policy and practices that organizations have
implemented are :
a. Security Policies
-
12
Cyber Security Management CC7178NI
b. Security Practices
-
13
Cyber Security Management CC7178NI
Critical Analysis
3.1.1 Background
In 2020, many US government agencies and lots of organizations around the world found a
serious data breach attack.
14
Cyber Security Management CC7178NI
In December 2020, a cybersecurity firm FireEye found that hackers had inserted malicious
code on SolarWind’s Orion software which was used to steal confidential information from
various private and federal organizations.
Over 3000 email accounts of the Department of Justice have been accessed [12]. Also, the
Department of Homeland security reported its top officials' email accounts were also
15
Cyber Security Management CC7178NI
accessed. In some agencies, it appeared that the attacker had altered records and settings
which needed manual review.
3.1.4 Mitigation
Cyber Security policies and practices of government and organizations should be updated
along with time. Following were some of the mitigation policy that was applied immediately
[18] :
1.
Some more mitigation security policies and practices to prevent such data breach to occur in
future are :
1.
16
Cyber Security Management CC7178NI
7.
17
Cyber Security Management CC7178NI
3.2.1 Background
In March 2018, the city of Atlanta faced a huge cyberattack on its multiple services leading
to a big loss. The attackers used multiple attempts and techniques including ransomware
attacks.
18
Cyber Security Management CC7178NI
3.2.4 Mitigation
If the City of Atlanta had implemented proper security policies and practices it would have
prevented such huge loss. Following security measures can be implemented to prevent such
attacks in future :
1. Frequent auditing of software and applications used by the city.
2.
19
Cyber Security Management CC7178NI
4.
20
Cyber Security Management CC7178NI
Conclusion
E-government is now an important part of the country's economy. The benefits provided by it
are numerous. But along with its benefit, the risk of security threats and sensitive information
leakage has been increased.
21
Cyber Security Management CC7178NI
References
[1] Joshi A., Tiwari H., 2012. Security For E-Governance. Journal of Information and
Operations Management, vol. 3, no. 1, pp-254-257
[2] ictpost, 2013. Security vulnerabilities and threats existing in the e-Governance. Available
at: http://ictpost.com/security-vulnerabilities-and-threats-existing-in-the-e-governance/ [
Accessed April 28, 2021 ].
[5] Singh, H., 2017. What is the difference between e-Government & e-Governance?.
Available at: https://www.jagranjosh.com/general-knowledge/what
-is-the-difference-between-egovernment-and-egovernance-1503018565-1 [ Accessed April
22, 2021 ].
[8] Tyson, J., 2019. The CIA Triad. Available at: https://blog.jamestyson.co.uk/the-cia-and-
dad-triads [ Accessed April 23, 2021 ]
[10] Zorz, Z., 2020. Hackers breached U.S. government agencies via compromised
SolarWinds Orion software. Available at: https://www.helpnetsecurity.com/2020/
12/14/compromised-solarwinds-orion/ [ Accessed May 1, 2021 ]
[11] Panettieri. J., 2021. SolarWinds Orion Security Breach: Cyberattack Timeline and
Hacking Incident Details. Available at: https://www.channele2e.com/technology/security/
22
Cyber Security Management CC7178NI
[12] Paul, K., 2021. DoJ confirms email accounts breached by SolarWinds hackers. Available
at : https://www.theguardian.com/technology/2021/jan/06/doj-email-systems-
Solarwinds-hackers [ Accessed May 2, 2021 ]
[13] Eric, C., 2021. Ransomware Facts, Trends & Statistics for 2021. Available at :
https://www.safetydetectives.com/blog/ransomware-statistics/ [ Accessed April 30, 2021 ]
[14] HCCIC, 2018. Report on Ongoing SamSam Ransomware Campaigns. Available at:
https://www.aha.org/system/files/2018-04/corrected-HCCIC-2018-002W-SamSam-Ransomw
are-Campaign.pdf [ Accessed on May 2, 2021 ]
[15] Cyberdefenses, 2019, Local Governments Held for Ransom: Lessons Learned from the
Atlanta Cyber Attack. Available at : https://cyberdefenses.com/wp-content/uploads
/2019/11/Local-Governments-Held-for-Ransom-Lessons-Learned-from-the-Atlanta-Cyber-At
tack-9.24.18.pdf [ Accessed on May 3, 2021 ]
[16] Ozer, M., Varlioglu, S., Gonen, B., Basting, M., A Prevention and a Traction System for
Ransomware Attacks, Conference of Computational Science & Computational Intelligence
(CSCI’19); Dec 05-07, 2019;
[17] Smith, Z., Lostri, E., 2020, The Hidden Cost of Cybercrime. Available at :
https://www.mcafee.com/enterprise/en-us/assets/reports/rp-hidden-costs-of-cybercrime.pdf [
Accessed on May 5, 2021 ]
23