KIRAS Security Research

2013

Secure EGov

Already today, the significance of e-government as an interface between public institutions and citizens in a broader sense is an important one. The goal of this study is to foreground and make revisable the security of e-government applications, projects and institutions by defining a respective standard as well as a potential certification process

Already today, e-government is an important interface between the administrative areas of the Federal Government, the provinces, the communities and – generally put – the citizens (companies, individuals etc.). This importance will increase in the upcoming years due to cost- and efficiency reasons. The e-government applications of the individual administrative units manage and process large, sensitive (person-related) databases, but basic requirements for a secure development process are missing – secure coding guidelines and automated or manual source code analyses are done at best on occasion or are limited to single organisations, and are therefore specific and not comprehensive.
Medium-term, the following steps are necessary:
·         Checking and completing the public authorities' IT systems, which are being built or are already operating, regarding protection and informational sustainability.
·         Creating a cyber security framework for all critical e-government applications and processes.
·         Regular certification of all security-relevant applications.

Centrical to these deliberations is to foreground and make revisable the security of egovernment applications, projects and institutions by developing a respective standard.
It is therefore indicated to develop a security certification for e-government environments. This will be on the one hand in line with internationally acknowledged standards and norms, on the other hand specific national requirements, characteristics and challenges of egovernment will be considered.
For a certification, institutions will be considered which are familiar with Austrian specifications and have experience in the area of certification (ideally also with administrative authorities) as well as in the area of information security, which must have a fundamental influence on e-government certifications.

Project leader:
Michael Stephanitsch
MStephanitsch@sba-research.org

Other Cooperation partner:
Universität Wien, Rechtswissenschaftliche Fakultät, Institut für Europarecht, Internationales Recht und Rechtsvergleichung
Zentrum für sichere Informationstechnologien – Austria (A-SIT)
REPUCO Unternehmensberatung GmbH
Bundesministerium für Finanzen
Bundeskanzleramt
Bundesministerium für Inneres

Contact:
SBA Research gGmbH
Favoritenstraße 16, 1040 Wien
Tel: +43 (1) 505 36 88
Fax: +43(1) 505 88 88
E-Mail:
office@sba-research.org
http://www.sba-research.org/
http://www.sba-research.org/research/

print