A Framework for Securing e-Government Services : The Case of Tanzania

Karokola, Geoffrey Rwezaura

January 2012

e-Government services are becoming one of the most important and efficient means by which governments (G) interact with businesses (B) and citizens (C). This has brought not only tremendous opportunities but also serious security challenges. Critical information assets are exposed to current and emerging security risks and threats. In the course of this study, it was learnt that e-government services are heavily guided and benchmarked by e-Government maturity models (eGMMs). However, the models lack built-in security services, technical as well as non-technical; leading to lack of strategic objectives alignment between e-government services and security services. Information security has an important role in mitigating security risks and threats posed to e-government services. Security improves quality of the services offered. In light of the above, the goal of this research work is to propose a framework that would facilitate government organisations to effectively offer appropriate secure e-government services. To achieve this goal, an empirical investigation was conducted in Tanzania involving six government organizations. The investigations were inter-foiled by a sequence of structural compositions resulting in a proposition of a framework for securing e-government services which integrates IT security services into eGMMs. The research work was mainly guided by a design science research approach complemented in parts by systemic-holistic and socio-technical approaches. The thesis contributes to the empirical and theoretical body of knowledge within the computer and systems sciences on securing e-government structures. It encompasses a new approach to secure e-government services incorporating security services into eGMMs. Also, it enhances the awareness, need and importance of security services to be an integral part of eGMMs to different groups such as researched organizations, academia, practitioners, policy and decision makers, stakeholders, and the community. / <p>At the time of the doctoral defence the following paper was unpublished and had a status as follows: Paper nr. 6: In press</p>

e-Government

information security

maturity models

services

technical security

non-technical security

Småföretags arbetssätt med informationssäkerhet : En kvalitativ studie av utvalda företag / Small business way of working with information security : A qualitative study of selected companies

Emilsson, Daniel

January 2019

Företag lagrar konstant mer information i systemen. I kombination med att mängden hot mot användandet av IT inom företagens verksamheter årligen ökar, höjs kraven på arbetet rörande informationssäkerhet. Risken att företag drabbas av IT-relaterade hot är lika sannolik oavsett storlek. En avgörande skillnad mellan företag är budgetstorlek och resurstillgångar. Företag med 10-49 anställda benämns som småföretag enligt den definition EU‐kommissionen satt upp för företag inom Europeiska Unionen. Småföretag har sannolikt avsatt mindre pengar i budgeten för informationssäkerhetsarbete än stora företag. Småföretagens informationssäkerhetsarbete studeras inte lika frekvent som stora företags, trots att småföretag ihop med medelstora och mikroföretag utgör 99 % av den totala mängden i Europa. Kombinationen av skral budget och stor andel företag utgör en intressant grund i att klargöra hur småföretag arbetar med att uppnå informationssäkerhet. Studien är kvalitativ och saknar befintlig initial teori om informationssäkerhet. Studien analyserar insamlad empiri i form av kvalitativa intervjuer med respondenter från småföretag ihop med litteratur för att uppnå resultat och dra slutsatser för att besvara rapportens frågeställningar. Resultatet visar att småföretagens syn på informationssäkerhet främst är teknikorienterat. Flertalet tekniska åtgärder appliceras för att skydda småföretagen mot hot. Resultatet visar också att ett systematiskt arbete med informationssäkerhet ofta saknas och att den administrativa säkerheten med policys, regelverk och rutiner många gånger är obefintlig. / Companies constantly store more information in their systems. In combination with the fact that the amount of threats to the use of IT within the companies' businesses annually increases, the demands on the work concerning information security are increased. The risk that companies suffer from IT-related threats is just as big regardless of size. A crucial difference between companies is budget size and resources. Companies with 10-49 employees are referred to as small businesses according to the definition the EU Commission set up for companies in the European Union. Small businesses have probably allocated less money in the budget for information security work than large companies. Small business information security work is not being studied as frequently as large companies, although small businesses together with medium and micro enterprises make up 99% of the total amount of companies in Europe. The combination of a small budget and the largest share of the companies is an interesting basis for investigating how small businesses relate to information security. The study is qualitative and lacks an existing initial theory of information security. The study analyzes collected empirical data in the form of qualitative interviews with respondents from small companies together with literature to achieve results and draw conclusions to answer the report's questions. The result shows that the small companies' view of information security is primarily technology-oriented. Most technical measures are applied to protect small businesses against threats. The result also shows that systematic work on information security is often lacking and that the administrative security with policies, regulations, and routines is often non-existent

Information security

small business

IT

administrative security

technical security

Informationssäkerhet

småföretag

IT

administrativ säkerhet

teknisk säkerhet

Information Systems

Webbläsares inbyggda lösenordshanterare : Faktorer som påverkar privatpersoners användning/ickeanvändning av webbläsares inbyggda lösenordshanterare / Web-browsers built-in password managers : Factors affecting the use/non-use of browsers' built-in password managers by individuals

Klaar, Jonathan, Masak, Allen

January 2021

Kunskap om lösenord och deras säkerhet är idag något som förbises av den gemene datoranvändaren. Lösenordshanterare kan både hjälpa och skydda vid hanteringen av lösenord. De flesta webbläsare idag har inbyggda funktioner för lösenordshantering. Utifrån existerande litteratur kunde det identifieras att det behövs data kring vilka faktorer som påverkar webbläsares användare att använda respektive inte använda dessa inbyggda lösenordshanterare. Syftet med rapporten är att presentera en analys av faktorer som påverkar varför privatpersoner väljer att använda respektive inte använda webbläsares inbyggda lösenordshanterare. Resultatet presenteras med hjälp av kvalitativa semi-strukturerade intervjuer där 33 respondenter deltagit och besvarat frågor kring deras hantering av lösenord och användning av webbläsares inbyggda lösenordshanterare. Resultat från intervjuer visade att faktorer som var av betydande roll för ickeanvändande respondenter var starkt kopplade till datorvana och hur ofta respondenter använde datorn. De faktorer som spelade störst roll för användare av verktyget var enkelhet och tidseffektivitet. Icke-användare tenderade att ha en behovsbrist gällande verktyget, mestadels på grund av deras avsaknad av datoranvändning. Faktorer som påverkar användare och icke-användare visade sig stämma överens med tidigare forskning. Dessutom sammanfattades att antalet respondenter som var användare av lösenordshanterare var betydligt högre än vad som tidigare hävdats i litteratur. Majoriteten av respondenterna (79%) var användare av lösenordshanterare, vilket motsäger tidigare studier som utförts där endast 23% använder sig av lösenordshanterare. / Knowledge of passwords and their security is today something that is overlooked by the everyday computer user. Password managers can both help and protect when managing passwords. Most web browsers today have built-in password management features. Based on existing literature, it could be identified that there is a need for knowledge concerning which factors influence web browser users to use or not use their built-in password managers. The purpose of the report is to present an analysis of factors that affect why private individuals choose to use or not use browsers built-in password managers. The results are presented with the help of qualitative semi-structured interviews in which 33 respondents participated and answered questions about their handling of passwords and the use of web browsers built-in password managers. Results from the interviews showed that factors that were significant for non-user respondents were strongly linked to computer skills and how often respondents used the computer. The factors that played the biggest role for users of the tool were simplicity and time efficiency. Non-users tended to have a lack of need for the tool, mostly because of their lack of computer usage. Factors affecting users and non-users were found to be consistent with previous research. In addition, it was concluded that the number of respondents who were users of password managers was significantly higher than previously claimed in the literature. The majority of respondents (79%) were users of password managers, which contradicts previous studies conducted where only 23% use password managers.

Password management

technical security

informational security

web browsers builtin password managers

password security

master password

memorization

Lösenordshantering

teknisk säkerhet

informationssäkerhet

lösenordssäkerhet

huvudlösenord

memorering

Information Systems