1. Information security for
increased usage of e-Services
Ana Meskovska,
ana.meskovska@tpconsulting.com.mk
8th SEEITA – 7th SEE ICT Forum Meeting & 7th MASIT Open Days Conference
14-15 October 2010, Ohrid www.seeita.org
2. About me
• Consultant and Trainer in Trajkovski & Partners
Consulting
• Quality and Information Security Manager
• B.Sc. in Electrical Engineering
• Master student – e-Business management
• ICMCI Certified Management Consultant – CMC
• ECQA certified IT Security and e-Security Manager
• Member of Board of Directors and Chairman of the
Committee for Events of itSMF Macedonia
8th SEEITA – 7th SEE ICT Forum Meeting & 7th MASIT Open Days Conference
14-15 October 2010, Ohrid www.seeita.org
3. CONTENT
• INTRODUCTION
– Purpose of presentations issues and understanding
the issues
• STARTING FROM THE BASICS
– What is e-service, information security
• ANSWER THE CHALLENGES
8th SEEITA – 7th SEE ICT Forum Meeting & 7th MASIT Open Days Conference
14-15 October 2010, Ohrid www.seeita.org
4. INTRODUCTION
8th SEEITA – 7th SEE ICT Forum Meeting & 7th MASIT Open Days Conference
14-15 October 2010, Ohrid www.seeita.org
5. Purpose of the presentation
• Main topic - increasing usage of e-services
• Why this topic?
– Explosive development and advancement of ICT
– Significant growth of internet usage
– Rapid increase of e-services
– Flat-lining in usage of e-services
8th SEEITA – 7th SEE ICT Forum Meeting & 7th MASIT Open Days Conference
14-15 October 2010, Ohrid www.seeita.org
6. Households with Internet access
• 81.0% in 2009
• 78.6% in 2008
• 16.5% in 2007
• 14% in 2006
Source: State Statistical Office
8th SEEITA – 7th SEE ICT Forum Meeting & 7th MASIT Open Days Conference
14-15 October 2010, Ohrid www.seeita.org
7. Households that used computer
and Internet in 2008 and 2009
Source: State Statistical Office
8th SEEITA – 7th SEE ICT Forum Meeting & 7th MASIT Open Days Conference
14-15 October 2010, Ohrid www.seeita.org
8. Purpose of using the Internet in
the first quarter 2009
Source: State Statistical Office
8th SEEITA – 7th SEE ICT Forum Meeting & 7th MASIT Open Days Conference
14-15 October 2010, Ohrid www.seeita.org
9. Citizens using the Internet and e-
Government
Overall progress
in citizen using
governmental e-
services between
2004 and 2008:
• 4% - 7% for EU15
• 3% - 4% for EU12
Figure 1. Percentage of citizens using the Internet and e-Government (Source: Eurostat 2009)
8th SEEITA – 7th SEE ICT Forum Meeting & 7th MASIT Open Days Conference
14-15 October 2010, Ohrid www.seeita.org
10. WHY, not to use e-services?
• The e-service doesn’t offer any additional
benefits vs. the regular service
• The e-service is not relevant
• It is too complicated
• It is not as quality as the regular service
• A trust issue
• It is not obligatory
• …….
8th SEEITA – 7th SEE ICT Forum Meeting & 7th MASIT Open Days Conference
14-15 October 2010, Ohrid www.seeita.org
11. Understanding the issues
• Why is trust an issue:
– involvement of sensitive and personal information
– risk from disclosure and misuse of important
information and documents
– absence of physical contact, visual communication
and tangibility
• How to start overcoming this issue?
– Information security
– …….
8th SEEITA – 7th SEE ICT Forum Meeting & 7th MASIT Open Days Conference
14-15 October 2010, Ohrid www.seeita.org
12. How to use Information security to
increase usage of e-services?
8th SEEITA – 7th SEE ICT Forum Meeting & 7th MASIT Open Days Conference
14-15 October 2010, Ohrid www.seeita.org
13. STARTING FROM THE BASICS
8th SEEITA – 7th SEE ICT Forum Meeting & 7th MASIT Open Days Conference
14-15 October 2010, Ohrid www.seeita.org
14. What means e-service?
• The attainment and delivery of services
through electronic media
• Any asset, deed, effort or performance
that is made available via the Internet to
drive new revenue streams or create new
efficiencies
8th SEEITA – 7th SEE ICT Forum Meeting & 7th MASIT Open Days Conference
14-15 October 2010, Ohrid www.seeita.org
15. Types of e-services
• E-services that don’t have critical impact on
our lives or business
– e-mails, social networks, chats, blogs,
collaboration workspaces…
• E-services that have crucial impact on our
lives, private and business wise
– e-banking, e-procurement, e-auctions, e-
government, e-healthcare…
8th SEEITA – 7th SEE ICT Forum Meeting & 7th MASIT Open Days Conference
14-15 October 2010, Ohrid www.seeita.org
16. Example of e-service activities
• registering for user identity - e.g. membership application
• updating user information - e.g. new address
• updating user status - e.g. credit card account balance
• submitting application - e.g. credit card, driving license
• placing order - e.g. buying and selling of stocks and funds
• doing payment transaction - e.g. credit card payment
• searching for information - e.g. business matching
• exchanging information - e.g. chatroom
• receiving information and service - e.g. education notes
• doing survey, etc…
8th SEEITA – 7th SEE ICT Forum Meeting & 7th MASIT Open Days Conference
14-15 October 2010, Ohrid www.seeita.org
17. What means Information?
• Information is an asset to the organization,
which has value to organization and needs to
be protected appropriately
• Types of information:
– Printed or written on paper
– Electronic
– Send by mail or other electronic connections
– Presented on company’s promotional materials,
web site
– Spoken
8th SEEITA – 7th SEE ICT Forum Meeting & 7th MASIT Open Days Conference
14-15 October 2010, Ohrid www.seeita.org
18. What means Information Security?
• Providing confidentiality, integrity and
availability of written, spoken and electronic
information
– Confidentiality - limiting information access and
disclosure to authorized users and preventing
access by or disclosure to unauthorized ones
– Integrity - accuracy and completeness
– Availability - accessibility and usability upon
demand by an authorized entity
8th SEEITA – 7th SEE ICT Forum Meeting & 7th MASIT Open Days Conference
14-15 October 2010, Ohrid www.seeita.org
19. ANSWER THE CHALLENGES
8th SEEITA – 7th SEE ICT Forum Meeting & 7th MASIT Open Days Conference
14-15 October 2010, Ohrid www.seeita.org
20. Implement Information Security
Management System
• Conduct risk assessment
• Define and enforce IS policies
– ISMS policy, Privacy policy, e-Privacy policy
• Define and enforce IS procedures
– Business continuity planning, Access control ….
• Identify and implement relevant IS controls
– firewall, cryptography, SSL, PKI and DC
• Take in consideration best practices and standards
– ISO 27001, ITIL, ISO 20000, COBIT, ITAF …
8th SEEITA – 7th SEE ICT Forum Meeting & 7th MASIT Open Days Conference
14-15 October 2010, Ohrid www.seeita.org
21. Identify and achieve CIA balance
8th SEEITA – 7th SEE ICT Forum Meeting & 7th MASIT Open Days Conference
14-15 October 2010, Ohrid www.seeita.org
22. Raise awareness
• Raise awareness for:
– the purpose of e-service
– the benefits from the e-service
– the need for information security
– how is information security organized and
implemented
– importance and existence of IS controls and tools
among management, employees, clients, users, ….
8th SEEITA – 7th SEE ICT Forum Meeting & 7th MASIT Open Days Conference
14-15 October 2010, Ohrid www.seeita.org
23. Summary
• Trend: Flat-lining of usage of services
• Issue: the trust issue
• Answer: first step in dealing with the trsut
issue - information security
• Conclusion: Create and communicate an
Information Security Management
System
8th SEEITA – 7th SEE ICT Forum Meeting & 7th MASIT Open Days Conference
14-15 October 2010, Ohrid www.seeita.org
24. Relevant links
• www.iso27001security.com
• http://bledconference.org/index.php/eConference/2010
• http://www.infosec.gov.hk/english/information/services.h
tml
• http://epp.eurostat.ec.europa.eu/portal/page/portal/euro
stat/home/
• www.stat.gov.mk
• www.isaca.org
• www.itil-officialsite.com
8th SEEITA – 7th SEE ICT Forum Meeting & 7th MASIT Open Days Conference
14-15 October 2010, Ohrid www.seeita.org
25. Ana Meskovska
anameskovska@gmail.com
8th SEEITA – 7th SEE ICT Forum Meeting & 7th MASIT Open Days Conference
14-15 October 2010, Ohrid www.seeita.org