An Extended Layered Information Security Architecture (ELISA) for e-Government in Developing Countries
An Extended Layered Information Security Architecture (ELISA) for e-Government in Developing Countries
|© 2023 by IJETT Journal|
|Year of Publication : 2023|
|Author : Miton Abel Konnon, Nathalie Lodonou, Renaud Horacio Gaffan, Eugene Ezin
|DOI : 10.14445/22315381/IJETT-V71I1P210|
How to Cite?
Miton Abel Konnon, Nathalie Lodonou, Renaud Horacio Gaffan, Eugene Ezin, "An Extended Layered Information Security Architecture (ELISA) for e-Government in Developing Countries," International Journal of Engineering Trends and Technology, vol. 71, no. 1, pp. 109-123, 2023. Crossref, https://doi.org/10.14445/22315381/IJETT-V71I1P210
Information technologies are improving service delivery to citizens and businesses through access to e-information. Securing e-Government Information involves protecting some information quality criteria and effectively managing risks. This research paper aims to design an Extended Layered Information Security Architecture (ELISA) for e-Government that may be efficient in developing countries. Therefore, an Information Security Architecture is introduced using some recommendations of the USA “National Institute of Standards and Technology” (NIST) Special publications, ISO/ICE 27000 series, and good practices of the TOGAF and COBIT Frameworks. The designed Information Security Architecture ELISA represents a set of three vertical layers and two side layers. The ELISA layers take into consideration people, processes, technology and the concepts of Trust and Reputation (concerning users and applications) and compliance with the regulations in the information systems and the operating environment. The proposed ELISA model is a tool bringing together several components intended for Security Management by operational departments and Security Governance by a special Executive Management responsible for the strategic direction and compliance activities. All security mechanisms provided by the components of the different layers should help to guarantee at least six criteria of Information quality: integrity, availability, confidentiality, effectiveness, efficiency and reliability. The model's applicability is demonstrated by a case study for electronic document authentication management. The accurate use of the ELISA should help to avoid the cascade development of security solutions with interoperability issues and, on the other hand, to improve e-Government Information Security by aligning security requirements with eGovernment and business objective.
e-Government Information Security, Information Security Architecture, Information Systems Security, Information Security Framework, Information Security Compliance.
 Federal Information Security Modernization Act, USA Public Law 113–283, pp. 1-16, 2014.
 Stephen Gantz, and Daniel Philpott, Risk Management: FISMA and the Risk Management Framework, Elsevier, pp. 329-365, 2013.
 Systems and Software Engineering – Recommended Practice for Architectural Description of Software-Intensive Systems, ISO/IEC 42010, 2007.
 Managing Information Security Risk: Organization, Mission, and Information System View, National Institute of Standards and Technology, pp. 1-36, 2011.
 Nir Kshetri, “Cybercrime and Cybersecurity in Africa,” Journal of Global Information Technology Management, vol. 22, no. 2, pp. 77- 81, 2019. Crossref, https://doi.org/10.1080/1097198X.2019.1603527
 Software Management: Security Imperative, Business Opportunity, Business Software Alliance, 2018.
 Mouna Jouini, Latifa Ben Arfa Rabai, and Anis Ben Aissa, “Classification of Security Threats in Information Systems,” Procedia Computer Science, vol. 32, pp. 489-496, 2014. Crossref, https://doi.org/10.1016/j.procs.2014.05.452
 J. A. Zachman, “A Framework for Information Systems Architecture,” IBM Systems Journal, vol. 26, no. 3, pp. 276-292, 1987.
 Sead Muftic, and Morris Sloman, “Security Architecture for Distributed Systems,” Computer Communications, vol. 17, no. 7, pp. 492- 500, 1994. Crossref, https://doi.org/10.1016/0140-3664(94)90104-X
 Gustavo A. Santana Torrellas, “A Security Architectural Approach for Risk Assessment Using Multi-agent Systems Engineering,” Lecture Notes in Computer Science, pp. 110-124, 2003. Crossref, https://doi.org/10.1007/978-3-540-40010-3_10
 Rose-Mharie Åhlfeldt, Paolo Spagnoletti, and Guttorm Sindre, “Improving the Information Security Model by Using TFI,” New Approaches for Security, Privacy and Trust in Complex Environments, pp. 73-84, 2007. Crossref, https://doi.org/10.1007/978-0-387-72367-9_7
 Rossouw de Bruin, and S H von Solms, “Modelling Cyber Security Governance Maturity,” EEE International Symposium on Technology and Society, pp. 1-8, 2015. Crossref, https://doi.org/10.1109/ISTAS.2015.7439415
 Nguyen Ai Viet et al., “Toward Cyber-Security Architecture Framework for Developping Countries: An Assessment Model,” Proceedings of Advances in Intelligent Systems and Computing, pp. 652-658, 2016. Crossref, https://doi.org/10.1007/978-3-319-49073-1_69
 Robson de Oliveira Albuquerque et al., “A Layered Trust Information Security Architecture,” Sensors, vol. 14, no. 12, pp. 22754-22772, 2014. Crossref, https://doi.org/10.3390/s141222754
 George Farah, Information Systems Security Architecture – A Novel Approach to Layered Protection, SANS Institute, pp. 4-10, 2005.
 Alfonso Avila, “Identity Theft in Developing Countries’ Online Banking Industry, Real Threat or Artificial Technological Need?,” Global Internet Governance Academic Network, 2007. Crossref, http://dx.doi.org/10.2139/ssrn.2798296
 Ali Hedayati, “An Analysis of Identity Theft: Motives, Related Frauds, Techniques and Prevention,” Journal of Law and Conflict Resolution, vol. 4, no. 1, pp. 1-12, 2012. Crossref, https://doi.org/10.5897/JLCR11.044
 Framework for Improving Critical Infrastructure Cybersecurity, NIST USA, pp. 1-55, 2018.
 Information Technology – Security Techniques – Information Security Management Systems – Requirements, ISO/IEC 27001, 2 nd Edition, pp. 1-22, 2013.
 John Sherwood, Andrew Clark, and David Lynas, Enterprise Security Architecture a Business-Driven Approach, Ed. Taylor & Francis Group, pp. 1-43, 2005.
 The TOGAF Standard, The Open Group, Version 9.2, pp. 1-48, 2018.
 Model Curriculum for Information Security Management, ISACA, 2 nd Edition, pp.1-33, 2012.
 Razieh Sheikhpour, and Nasser Modiri, “An Approach to Map COBIT Processes to ISO/IEC 27001 Information Security Management Controls,” International Journal of Security and its Applications, pp. 13-28, 2012.
 Christopher Oparaugo, “ISO 27001 Process Mapping to COBIT 4.1 to Derive a Balanced Scorecard for IT Governance,” COBIT Focus, 2015.
 Iis Hamsir Ayub Wahab, and Assaf Arief, “An Integrative Framework of COBIT and TOGAF for Designing IT Governance in Local Government,” 2nd International Conference on Information Technology, Computer, and Electrical Engineering, pp. 36-40, 2015. Crossref, http://doi.org/10.1109/ICITACEE.2015.7437766
 Heru Susanto, Mohammad Nabil Almunawar, and Yong Chee Tuan, “Information Security Management System Standards: A Comparative Study of the Big Five,” International Journal of Electrical & Computer Sciences, vol. 11, no. 5, pp. 23-29, 2011.
 ISACA Glossary. [Online]. Available: https://www.isaca.org/resources/glossary
 COBIT 2019 Framework: Introduction and Methodology, ISACA, pp. 1-68, 2018.
 Supply Chain Risk Management Practices for Federal Information Systems and Organizations, NIST SP 800-161, p. 276, 2022. Crossref, http://dx.doi.org/10.6028/NIST.SP.800-161r1
 Daniel Makupi, and Nelson Masese, "Determining Information Security Maturity Level of an Organization based on ISO 27001," SSRG International Journal of Computer Science and Engineering, vol. 6, no. 7, pp. 5-11, 2019. Crossref, https://doi.org/10.14445/23488387/IJCSE-V6I7P102
 Audun Jøsang, Roslan Ismail, and Colin Boyd, “A Survey of Trust and Reputation Systems for Online Service Provision,” Decision Support Systems, vol. 43, no. 2, pp. 618-644, 2007. Crossref, https://doi.org/10.1016/j.dss.2005.05.019
 Audun Jøsang, “The Right Type of Trust for Distributed Systems,” Proceedings of New Security Paradigms Workshop, pp. 119-131, 1996. Crossref, https://doi.org/10.1145/304851.304877
 Audun Jøsang, "Trust and Reputation Systems," Aldini and R. Gorrieri (Eds.), Foundations of Security Analysis and Design IV, FOSAD, vol. 4677, pp. 209-245, 2007. Crossref, https://doi.org/10.1007/978-3-540-74810-6_8
 Andreas Gutscher, Jessica Heesen, and Oliver Siemoneit, “Possibilities and Limitations of Modeling Trust and Reputation,” Proceedings of WSPI, 2008.
 Félix Gómez Mármol, and Gregorio Martínez Pérez, “Towards Pre-Standardization of Trust and Reputation Models for Distributed and Heterogeneous Systems,” Computer Standards & Interfaces, vol. 32, no. 4, pp. 185-196, 2010. Crossref, https://doi.org/10.1016/j.csi.2010.01.003
 Jordi Sabater, and Carles Sierra, “Regret: Reputation in Gregarious Societies,” Proceedings of International Conference on Autonomous Agents, no. 5, pp. 194-195, 2001. Crossref, https://doi.org/10.1145/375735.376110
 Evans Mwasiaji, and Kenneth Iloka, "Cyber Security Concerns and Competitiveness for Selected Medium Scale Manufacturing Enterprises in the Context of Covid-19 Pandemic in Kenya," SSRG International Journal of Computer Science and Engineering, vol. 8, no. 8, pp. 1-7, 2021. Crossref, https://doi.org/10.14445/23488387/IJCSE-V8I8P101
 Robson de Oliveira Albuquerque, Luis Javier García Villalba, and Tai-Hoon Kim, “GTrust: Group Extension for Trust Models in Distributed Systems,” International Journal of Distributed Sensor Networks, vol. 10, no. 2, 2014. Crossref, https://doi.org/10.1155/2014/872842
 S. H. Von Solms, “Information Security Governance – Compliance Management vs Operational Management,” Computers & Security, vol. 24, no. 6, pp. 443–447, 2005. Crossref, https://doi.org/10.1016/j.cose.2005.07.003
 S. H. Von Solms, and Rossouw von Solms, “The Control Part of the Model – An Information Security Compliance Management Environment,” Information Security Governance, pp. 1-13, 2008. Crossref, https://doi.org/10.1007/978-0-387-79984-1_7
 Shayak Sen et al., “Bootstrapping Privacy Compliance in Big Data Systems,” IEEE Symposium on Security and Privacy, pp. 327-342, 2014. Crossref, https://doi.org/10.1109/SP.2014.28
 Zsolt István, Soujanya Ponnapalli, and Vijay Chidambaram, “Software-Defined Data Protection: Low Overhead Policy Compliance at the Storage Layer is Within Reach!,” Proceedings of VLDB Endowment, vol. 14, no. 7, pp. 1167-1174, 2021. Crossref, https://doi.org/10.14778/3450980.3450986
 Aristeidis Chatzipoulidis, Theodosios Tsiakis, and Theodoros Kargidis, “A Readiness Assessment Tool for GDPR Compliance Certification,” Computer Fraud & Security, vol. 2019, no. 8, pp. 14-19, 2019. Crossref, https://doi.org/10.1016/S1361-3723(19)30086-7
 Wilson Goudalo, Christophe Kolski, and Vanderhaegen Frédéric, “Towards Advanced Security Engineering for Enterprise Information Systems: Solving Security, Resilience and Usability Issues Together within Improvement of User Experience,” Proceedings of ICEIS, pp. 436-459, 2016. Crossref, https://doi.org/10.1007/978-3-319-62386-3_20
 Information Technology - Security Techniques - Code of Practice for Information Security Controls, ISO/ICE 27002, 2 nd Edition, pp 1- 80, 2013.
 A Business Framework for the Governance and Management of Enterprise IT, ISACA, pp. 1-94, 2012.
 Ryan Hand, Michael Ton, and Eric Keller, “Active Security,” Proceedings of ACM Workshop on Hot Topics in Networks, no. 17, pp. 1- 7, 2013. Crossref, https://doi.org/10.1145/2535771.2535794
 N. Lodonou oke, “Implementation of a Layered Information System Security Architecture: Case of the DGI,” University of AbomeyCalavi, Abomey-Calavi, Rep. Benin, 2020.
 A Profile for U.S. Federal Cryptographic Key Management Systems, NIST SP 800-152, p. 146, 2015. Crossref, http://dx.doi.org/10.6028/NIST.SP.800-152
 Piero Bonatti et al., “On the Integration of Trust with Negotiation, Argumentation and Semantics,” The Knowledge Engineering Review, vol. 29, no. 1, pp. 31-50, 2014. Crossref, https://doi.org/10.1017/S0269888913000064