Importance of User Security Awareness to E-Government Initiatives
One of the most significant threats to information security could come from the system's users, because they are quite familiar with the infrastructure. It is not always dissatisfied workers and corporate spies who are a threat. Often, it is the non malicious, uninformed employee (user) [“Corporate Technology”, 2008]. “E-Government” refers to the use by government agencies of information technologies (such as Wide Area Networks, the Internet, and mobile computing) that have the ability to transform relations with citizens, businesses, and other arms of government [“worldbank”, 2009]. Ntiro in [Ntiro, 2000] states that E-Government has three main domains to cover: the improving government processes (E-Administration), connecting citizens (E-Citizens and E-Services), and building external interactions (E-Society). In E-Administration domain E-Government initiatives deal particularly with improving the internal workings of the public sector. However, second and third domains the Initiatives deal particularly with the relationship between government and public agencies from one side, and citizens and other institutions on the other side.
To deal with citizens as customers who consume public services means: talking to them to provide details about public service activities, listing to them to increase their input into public sector decisions and actions, and improving the services delivered to them in terms of quality, convenience, and cost. As the end user for the E-Government is a citizen, and to spread the use of public E-Services, the E-Government policy should consider a citizen-centered approach. However many people don't use E-Government for several reasons, such as unfamiliarity with ICT, lack of access, lack of training, and concerns about privacy and security of information. As far as the privacy and security of information is of a concern in this research, there is a need for providing a way of assuring citizens that their personal information will not be compromised. This challenge could be achieved by building a user security awareness culture. In this paper we present our proposal to build user security awareness. The proposed security policies aim to increase and maintain a certain level of user security awareness and could be implemented along side with E-Government services or/and within specific organizational administration tools.
The Internet is the most powerful means for delivering E-Government [Patricia, 2003]. The Internet represents different things to different people, it provides a powerful new framework for connection, commerce, and communication, forming what is called E-Society. However, it also brings the outside world directly into our homes or working environments. This transformation puts new requirements on our online security and safety. Being aware of these your new surroundings and thereby realizing the potential threats you may be facing is the first step in your security plan [FrontLine, 2008]. Different situations in which people could face e-threats could be classified as: home, business and academic environments.
Home users include several categories of people beginning from children and they have very diverse level of computer knowledge and security awareness. As these users face security threats at homes alone the psychology issues play here main role.
Psychologically, when we leave the safety of our homes and venture into the outside world, we instinctively raise our guard and become more alert to possible dangers. Once we back home, we lower our guard and relax. Those actions are so embedded that we do them without thinking—but staying safe and secure online requires us to keep our guard or awareness up even when inside our homes or other places where we usually feel safe[“Microsoft”, 2008].
Because we all are part of the e-society as the Internet transforms our computers into a doorway through which the world can enter our homes, staying safe online means using the tools that can help us to control who and what comes in, and exercising our own good judgment about the people we choose to trust. Home users have to protect themselves, for example, by learning about new security tools through online training offered by leading software companies [“Microsoft”, 2008].
In business environment an organization has to ensure that the staff acts in appropriate manner to keep sensitive information secure. Nowadays there is a broad increase in reliance on IT systems and information stored electronically. This is coupled with an extraordinary increase in the use of Internet services [ENISA, 2008].
Often huge amounts of money and time are invested by organizations in technical solutions while the human factor receives less attention. Technical solutions are necessary to address vulnerabilities such as viruses, denial of service attacks, etc. However, the involvement of humans in information security is of equal importance and many examples of security issues such as “Phising” and Social Engineering, where humans are involved, exist [Kruger H.A, 2008]. Therefore, information security awareness is major component within industry good practice for security.
In an academic environment security awareness could be comparable to the organization environments, especially for administrative and academic staff. But, as the threat from organized Internet crime is on the rise, awareness tends to play more crucial role in the future and an adoption of a strong security culture is needed to become a goal of an educational process of students. Moreover, academic institutes to fulfill their role in serving the community are required to make the first steps towards building secure e-society.
After we have presented the importance of security awareness and in order to carry on with this research, it would be useful to define what information security awareness is. The Information Security Forum (ISF) one of the world's leading independent authorities on information security defines information security awareness as: “An ongoing process of learning that is meaningful to recipients, and delivers measurable benefits to the organization from lasting behavioral change” [Kruger H.A., 2008].