The strategic importance of e-government is recognized around the world now. It is generally a portal — or more — that provides citizens the means to communicate with government representatives, public information and downloadable governmental forms. The main objectives and ideas of e-governments are to provide full access for services and efficiency, thereupon enhances transparency and greater quality of public government services. That’s the reason of the increased concern regarding the security and integrity of the applications and websites of e-government, as the current trend now is to arrange more secure, reliable services to customers through these applications. High quality services, full access to information with the most possible security that can be offered are expected from citizens.
It is well known that there are four main areas of threat in any given system: input, output, programs, communication and peripherals. However, there are several factors that might influence the vulnerability in a system.
Technical and technology factors
There are various ways that technology offers as security tools, such as requiring a username and password for allowing a user to access his/her PC for the entire system or important files, downloading antivirus programs to safeguard computers, being cautious when emails are being received from unknown sources. Security levels increase if there are important and classified files and information being involved as they are located in the computers connected to a company, so firewalls may be used. Methods such as encryption and decryption tools are designed to traverse the internet and used, for example in a facility that has a system of sending and receiving electronic messages, these are all tools to safeguard a system from vulnerability.
It is not encouraged to use too many security protection methods however, like too many firewalls for a PC that is not connected to a network, or too many identification methods for one website, like password, voice recognition, finger prints, etc. On the contrary, it is not encouraged to use very little protection either, such as one level of protection as a password for the entire system.
Usually, the level of security protection methods used depends on the required protection. If the protection exceeds the limit, it might lower the system’s performance, decrease the speed of file execution, the system may be inefficient in executing its regular assignments, in contrast, if the level of security protection is below average, potential internal and external breaching of the system may increase.
People started using technology differently with the continuous development in highly complex computer and service systems. When a value is entered in a wrong field or a file is mistakenly deleted, all these are contributed to system vulnerability caused by human mistakes. Although simple, human mistakes are commonplace and may leave networks open and exposed to vulnerability. Human mistakes may cause even more system breaches and vulnerability than technical vulnerabilities, which indicates that human error is a large cause of vulnerability.
For example, system administrators are responsible for organization operation and security for devices as well as detecting possible breaches. However, when there are too many responsibilities, mistakes would tend to happen, such as the lack of reliable personal security policy, connecting unstructured systems to the internet, only trusting tools, failure to monitor logs and running unnecessary applications or programs.
Executives are the people responsible for handling the company’s resources and budget. Executives who are responsible for managing the organization may make mistakes that will lead to a security breach. Some of these mistakes can be as simple as believing that security is a one-time investment, employment of inexperienced experts, the failure to understand the consequences of possible security breaches and spending too little on information security methods.
End users have the tendency to make a lot of mistakes since they deal with sensitive system data daily, examples of these mistakes may be downloading data from untrusted websites, not being careful with issues of physical security. A user who is working for a company may breach its security policy, note down accounting data or forward important data to their own personal computer.
Members of the society must have enough knowledge concerning system and applications security requirements because even in our modern world, there are people who have adequate knowledge and skills about computer systems while others don’t know anything about them. It was discovered that the social component became an essential factor after the 11th September 2001 attacks, thus now ICTs are considered reliable and mandatory tools for public security.
Countries may use electronic espionage to monitor each other’s systems and send viruses to crash them or hack employees personalized profiles or systems’ passwords. Countries may hack and attempt to know each other’s systems’ secrets even in commerce competitions.
Economical solutions are being sought after even more often now, but the economic system can be vulnerable if not secured enough, for example, such economical solutions are using Data Encryption Standard (DES), a ‘private key’ system widely just because it’s cheaper and quicker than RSA encipherment, a public-key system designed by Rivest, Shamir and Adleman even though it is better.
Espionage, interferences and mistransmissions are the main causes for the telecommunication systems security to be weak. For example, developing countries have many networking issues due to the poor quality of the telecommunication systems there. A study that was conducted in a hospital information system showed that new threats arise from data integration in a central file by using network equipment.
The implementation suffered from vulnerabilities are caused by either Cross Site Scripting (XSS) or by Structured Query Language (SQL) injection.
This is one of the common vulnerabilities of web applications, it is an attack on clients on certain websites, which can lead to total security damage, an attack which includes the attacker, the client and the web server. A successful attack happens when a user visits a Uniform Resource Locator (URL) that contains an XSS attack. An email is spoofed from a reputable sender first, then the user clicks on the link that is attached with the email and finally a “malicious” web page appears on the client’s web browser.
SQL is a computer language used for manipulating and accessing databases. There are different SQL versions that support the same main keywords in the similar manner, SQL works with many database programs such as Oracle, MS Access, MS SQL and Sybase server. An SQL injection occurs if there are invalid SQL queries being input. SQL is more dangerous than XSS because it can affect the integrity of the database. So, if it was possible to input a HyperText Markup Language (HTML) code or script on an active webpage, then it can be said that the web application is vulnerable to XSS. When a SQL query structure is ran by an active webpage that can be changed, it can be considered that the application is vulnerable to SQL.
In conclusion, website security is very crucial for e-business websites. This article has explored through the major security issues and vulnerabilities in e-government implementations.