Information Security Management in Digital Government

Abstract

Ensuring security for its information systems, including computers and networks, is a fundamental prerequisite for a digital government to function to the expectation of its people. The security problem can be “visualized” by projecting it onto a three-level hierarchy: management level, system level, and application and data level. The key elements of information security include integrity, confidentiality, availability, authentication and non-repudiation, which have to be taken into account at different levels within the hierarchy. Since there are specific articles in this encyclopedia to address the security issues at the lowest two levels, this article will focus on the management level at the top level of the hierarchy. At the management level, the main emphases are to prevent security breaches from happening and to minimize the impact when security events happen. The decision of security investment and deployment requires clear identification of risks posed to the information systems and feasible cost analyses. In addition, to ensure that the investment and deployment are worthwhile, information security policies and procedures have to be thoughtfully devised and effectively enforced. Therefore, at the management level, risk assessment, cost analysis, policymaking, procedure definition, and policy and procedure enforcement have to be looked into.