An Extended Layered Information Security Architecture (ELISA) for e-Government in Developing Countries

An Extended Layered Information Security Architecture (ELISA) for e-Government in Developing Countries
  IJETT-book-cover           
  
© 2023 by IJETT Journal
Volume-71 Issue-1
Year of Publication : 2023
Author : Miton Abel Konnon, Nathalie Lodonou, Renaud Horacio Gaffan, Eugene Ezin
DOI : 10.14445/22315381/IJETT-V71I1P210

How to Cite?

Miton Abel Konnon, Nathalie Lodonou, Renaud Horacio Gaffan, Eugene Ezin, "An Extended Layered Information Security Architecture (ELISA) for e-Government in Developing Countries," International Journal of Engineering Trends and Technology, vol. 71, no. 1, pp. 109-123, 2023. Crossref, https://doi.org/10.14445/22315381/IJETT-V71I1P210

Abstract
Information technologies are improving service delivery to citizens and businesses through access to e-information. Securing e-Government Information involves protecting some information quality criteria and effectively managing risks. This research paper aims to design an Extended Layered Information Security Architecture (ELISA) for e-Government that may be efficient in developing countries. Therefore, an Information Security Architecture is introduced using some recommendations of the USA “National Institute of Standards and Technology” (NIST) Special publications, ISO/ICE 27000 series, and good practices of the TOGAF and COBIT Frameworks. The designed Information Security Architecture ELISA represents a set of three vertical layers and two side layers. The ELISA layers take into consideration people, processes, technology and the concepts of Trust and Reputation (concerning users and applications) and compliance with the regulations in the information systems and the operating environment. The proposed ELISA model is a tool bringing together several components intended for Security Management by operational departments and Security Governance by a special Executive Management responsible for the strategic direction and compliance activities. All security mechanisms provided by the components of the different layers should help to guarantee at least six criteria of Information quality: integrity, availability, confidentiality, effectiveness, efficiency and reliability. The model's applicability is demonstrated by a case study for electronic document authentication management. The accurate use of the ELISA should help to avoid the cascade development of security solutions with interoperability issues and, on the other hand, to improve e-Government Information Security by aligning security requirements with eGovernment and business objective.

Keywords
e-Government Information Security, Information Security Architecture, Information Systems Security, Information Security Framework, Information Security Compliance.

References
[1] Federal Information Security Modernization Act, USA Public Law 113–283, pp. 1-16, 2014.
[2] Stephen Gantz, and Daniel Philpott, Risk Management: FISMA and the Risk Management Framework, Elsevier, pp. 329-365, 2013.
[3] Systems and Software Engineering – Recommended Practice for Architectural Description of Software-Intensive Systems, ISO/IEC 42010, 2007.
[4] Managing Information Security Risk: Organization, Mission, and Information System View, National Institute of Standards and Technology, pp. 1-36, 2011.
[5] Nir Kshetri, “Cybercrime and Cybersecurity in Africa,” Journal of Global Information Technology Management, vol. 22, no. 2, pp. 77- 81, 2019. Crossref, https://doi.org/10.1080/1097198X.2019.1603527
[6] Software Management: Security Imperative, Business Opportunity, Business Software Alliance, 2018.
[7] Mouna Jouini, Latifa Ben Arfa Rabai, and Anis Ben Aissa, “Classification of Security Threats in Information Systems,” Procedia Computer Science, vol. 32, pp. 489-496, 2014. Crossref, https://doi.org/10.1016/j.procs.2014.05.452
[8] J. A. Zachman, “A Framework for Information Systems Architecture,” IBM Systems Journal, vol. 26, no. 3, pp. 276-292, 1987.
[9] Sead Muftic, and Morris Sloman, “Security Architecture for Distributed Systems,” Computer Communications, vol. 17, no. 7, pp. 492- 500, 1994. Crossref, https://doi.org/10.1016/0140-3664(94)90104-X
[10] Gustavo A. Santana Torrellas, “A Security Architectural Approach for Risk Assessment Using Multi-agent Systems Engineering,” Lecture Notes in Computer Science, pp. 110-124, 2003. Crossref, https://doi.org/10.1007/978-3-540-40010-3_10
[11] Rose-Mharie Åhlfeldt, Paolo Spagnoletti, and Guttorm Sindre, “Improving the Information Security Model by Using TFI,” New Approaches for Security, Privacy and Trust in Complex Environments, pp. 73-84, 2007. Crossref, https://doi.org/10.1007/978-0-387-72367-9_7
[12] Rossouw de Bruin, and S H von Solms, “Modelling Cyber Security Governance Maturity,” EEE International Symposium on Technology and Society, pp. 1-8, 2015. Crossref, https://doi.org/10.1109/ISTAS.2015.7439415
[13] Nguyen Ai Viet et al., “Toward Cyber-Security Architecture Framework for Developping Countries: An Assessment Model,” Proceedings of Advances in Intelligent Systems and Computing, pp. 652-658, 2016. Crossref, https://doi.org/10.1007/978-3-319-49073-1_69
[14] Robson de Oliveira Albuquerque et al., “A Layered Trust Information Security Architecture,” Sensors, vol. 14, no. 12, pp. 22754-22772, 2014. Crossref, https://doi.org/10.3390/s141222754
[15] George Farah, Information Systems Security Architecture – A Novel Approach to Layered Protection, SANS Institute, pp. 4-10, 2005.
[16] Alfonso Avila, “Identity Theft in Developing Countries’ Online Banking Industry, Real Threat or Artificial Technological Need?,” Global Internet Governance Academic Network, 2007. Crossref, http://dx.doi.org/10.2139/ssrn.2798296
[17] Ali Hedayati, “An Analysis of Identity Theft: Motives, Related Frauds, Techniques and Prevention,” Journal of Law and Conflict Resolution, vol. 4, no. 1, pp. 1-12, 2012. Crossref, https://doi.org/10.5897/JLCR11.044
[18] Framework for Improving Critical Infrastructure Cybersecurity, NIST USA, pp. 1-55, 2018.
[19] Information Technology – Security Techniques – Information Security Management Systems – Requirements, ISO/IEC 27001, 2 nd Edition, pp. 1-22, 2013.
[20] John Sherwood, Andrew Clark, and David Lynas, Enterprise Security Architecture a Business-Driven Approach, Ed. Taylor & Francis Group, pp. 1-43, 2005.
[21] The TOGAF Standard, The Open Group, Version 9.2, pp. 1-48, 2018.
[22] Model Curriculum for Information Security Management, ISACA, 2 nd Edition, pp.1-33, 2012.
[23] Razieh Sheikhpour, and Nasser Modiri, “An Approach to Map COBIT Processes to ISO/IEC 27001 Information Security Management Controls,” International Journal of Security and its Applications, pp. 13-28, 2012.
[24] Christopher Oparaugo, “ISO 27001 Process Mapping to COBIT 4.1 to Derive a Balanced Scorecard for IT Governance,” COBIT Focus, 2015.
[25] Iis Hamsir Ayub Wahab, and Assaf Arief, “An Integrative Framework of COBIT and TOGAF for Designing IT Governance in Local Government,” 2nd International Conference on Information Technology, Computer, and Electrical Engineering, pp. 36-40, 2015. Crossref, http://doi.org/10.1109/ICITACEE.2015.7437766
[26] Heru Susanto, Mohammad Nabil Almunawar, and Yong Chee Tuan, “Information Security Management System Standards: A Comparative Study of the Big Five,” International Journal of Electrical & Computer Sciences, vol. 11, no. 5, pp. 23-29, 2011.
[27] ISACA Glossary. [Online]. Available: https://www.isaca.org/resources/glossary
[28] COBIT 2019 Framework: Introduction and Methodology, ISACA, pp. 1-68, 2018.
[29] Supply Chain Risk Management Practices for Federal Information Systems and Organizations, NIST SP 800-161, p. 276, 2022. Crossref, http://dx.doi.org/10.6028/NIST.SP.800-161r1
[30] Daniel Makupi, and Nelson Masese, "Determining Information Security Maturity Level of an Organization based on ISO 27001," SSRG International Journal of Computer Science and Engineering, vol. 6, no. 7, pp. 5-11, 2019. Crossref, https://doi.org/10.14445/23488387/IJCSE-V6I7P102
[31] Audun Jøsang, Roslan Ismail, and Colin Boyd, “A Survey of Trust and Reputation Systems for Online Service Provision,” Decision Support Systems, vol. 43, no. 2, pp. 618-644, 2007. Crossref, https://doi.org/10.1016/j.dss.2005.05.019
[32] Audun Jøsang, “The Right Type of Trust for Distributed Systems,” Proceedings of New Security Paradigms Workshop, pp. 119-131, 1996. Crossref, https://doi.org/10.1145/304851.304877
[33] Audun Jøsang, "Trust and Reputation Systems," Aldini and R. Gorrieri (Eds.), Foundations of Security Analysis and Design IV, FOSAD, vol. 4677, pp. 209-245, 2007. Crossref, https://doi.org/10.1007/978-3-540-74810-6_8
[34] Andreas Gutscher, Jessica Heesen, and Oliver Siemoneit, “Possibilities and Limitations of Modeling Trust and Reputation,” Proceedings of WSPI, 2008.
[35] Félix Gómez Mármol, and Gregorio Martínez Pérez, “Towards Pre-Standardization of Trust and Reputation Models for Distributed and Heterogeneous Systems,” Computer Standards & Interfaces, vol. 32, no. 4, pp. 185-196, 2010. Crossref, https://doi.org/10.1016/j.csi.2010.01.003
[36] Jordi Sabater, and Carles Sierra, “Regret: Reputation in Gregarious Societies,” Proceedings of International Conference on Autonomous Agents, no. 5, pp. 194-195, 2001. Crossref, https://doi.org/10.1145/375735.376110
[37] Evans Mwasiaji, and Kenneth Iloka, "Cyber Security Concerns and Competitiveness for Selected Medium Scale Manufacturing Enterprises in the Context of Covid-19 Pandemic in Kenya," SSRG International Journal of Computer Science and Engineering, vol. 8, no. 8, pp. 1-7, 2021. Crossref, https://doi.org/10.14445/23488387/IJCSE-V8I8P101
[38] Robson de Oliveira Albuquerque, Luis Javier García Villalba, and Tai-Hoon Kim, “GTrust: Group Extension for Trust Models in Distributed Systems,” International Journal of Distributed Sensor Networks, vol. 10, no. 2, 2014. Crossref, https://doi.org/10.1155/2014/872842
[39] S. H. Von Solms, “Information Security Governance – Compliance Management vs Operational Management,” Computers & Security, vol. 24, no. 6, pp. 443–447, 2005. Crossref, https://doi.org/10.1016/j.cose.2005.07.003
[40] S. H. Von Solms, and Rossouw von Solms, “The Control Part of the Model – An Information Security Compliance Management Environment,” Information Security Governance, pp. 1-13, 2008. Crossref, https://doi.org/10.1007/978-0-387-79984-1_7
[41] Shayak Sen et al., “Bootstrapping Privacy Compliance in Big Data Systems,” IEEE Symposium on Security and Privacy, pp. 327-342, 2014. Crossref, https://doi.org/10.1109/SP.2014.28
[42] Zsolt István, Soujanya Ponnapalli, and Vijay Chidambaram, “Software-Defined Data Protection: Low Overhead Policy Compliance at the Storage Layer is Within Reach!,” Proceedings of VLDB Endowment, vol. 14, no. 7, pp. 1167-1174, 2021. Crossref, https://doi.org/10.14778/3450980.3450986
[43] Aristeidis Chatzipoulidis, Theodosios Tsiakis, and Theodoros Kargidis, “A Readiness Assessment Tool for GDPR Compliance Certification,” Computer Fraud & Security, vol. 2019, no. 8, pp. 14-19, 2019. Crossref, https://doi.org/10.1016/S1361-3723(19)30086-7
[44] Wilson Goudalo, Christophe Kolski, and Vanderhaegen Frédéric, “Towards Advanced Security Engineering for Enterprise Information Systems: Solving Security, Resilience and Usability Issues Together within Improvement of User Experience,” Proceedings of ICEIS, pp. 436-459, 2016. Crossref, https://doi.org/10.1007/978-3-319-62386-3_20
[45] Information Technology - Security Techniques - Code of Practice for Information Security Controls, ISO/ICE 27002, 2 nd Edition, pp 1- 80, 2013.
[46] A Business Framework for the Governance and Management of Enterprise IT, ISACA, pp. 1-94, 2012.
[47] Ryan Hand, Michael Ton, and Eric Keller, “Active Security,” Proceedings of ACM Workshop on Hot Topics in Networks, no. 17, pp. 1- 7, 2013. Crossref, https://doi.org/10.1145/2535771.2535794
[48] N. Lodonou oke, “Implementation of a Layered Information System Security Architecture: Case of the DGI,” University of AbomeyCalavi, Abomey-Calavi, Rep. Benin, 2020.
[49] A Profile for U.S. Federal Cryptographic Key Management Systems, NIST SP 800-152, p. 146, 2015. Crossref, http://dx.doi.org/10.6028/NIST.SP.800-152
[50] Piero Bonatti et al., “On the Integration of Trust with Negotiation, Argumentation and Semantics,” The Knowledge Engineering Review, vol. 29, no. 1, pp. 31-50, 2014. Crossref, https://doi.org/10.1017/S0269888913000064