Development of a Comprehensive Information Security System for UAE e-Government

Electronic versions

Dogfennau

  • Ibrahim Humaid Al Mayahi

Abstract

The UAE has a vision of delivering unified e-Government services across numerous departments of seven emirates. The primary goal is to bring all aspects of the government information services online for every citizens and business by completely replacing the existing paper-based bureaucracy. This creates significant risks and information security challenges which the UAE e-Government is seeking to address. This thesis makes a comprehensive review of the UAE e-Government’s information security posture. An analysis of the current strengths and weaknesses of the e-Government was carried out, SWOT analysis was employed and based on the results, a TOWS matrix was constructed facilitating the development of new e-Government strategies to mitigate external threats. To implement an Information Security Management System (ISMS) across the e-Government departments, a framework was developed based on a multi-layered approach that is used to structure the information security program. It considers three factors; technology, operations and people (employees), to increase the effectiveness of information security system. To implement the framework, several international standards were evaluated and subsequently the ISO 27001 standard was used as a benchmark for achieving a secure e-Government. A Gap Analysis was carried out to evaluate the current state of the security culture within the e-Government against the standard and a Risk Assessment was carried out to demonstrate the existing risks faced by e-Government services. A comprehensive series of penetration tests were commissioned on e-Government network infrastructure. Having made interventions to improve the security of physical information technologies and organisational operations, a comprehensive questionnaire was developed to obtain quantitative evaluation of the security culture within the organisation. Subsequently, a training programme was devised and developed for the employees to demonstrably improve the security culture as measured by this approach. Finally, the findings, in conjunction with a consultation with security heads within the UAE e-Government, are used to construct a single comprehensive information security policy that can be rolled out to all e-Government departments within the seven emirates.

Details

Iaith wreiddiolSaesneg
Sefydliad dyfarnu
Goruchwylydd / Goruchwylwyr / Cynghorydd
    Dyddiad dyfarnuIon 2016

    Cyhoeddiadau (1)

    Gweld y cyfan