Generic Security Risk Profile of e-Governance Applications—a Case Study

Abstract

Over last few years, e-Governance in India has made rapid progress and adopted global best practices to enhance in terms of the citizen-centricity, reach, connectivity, efficiency, transparency, accountability and availability. The service maturity level has seen exponential rise from being interactional, transactional and transformational to connected cum integrated services with guaranteed service level. As e-Governance systems are becoming increasingly critical, complex and connected, the difficulty of achieving application security has increased exponentially. International trends and domestic experiences show that the e-Government services are constant target of organized crime by hackers and prominent government sites are being probed daily. Further, in today’s race to build cutting-edge e-Governance business solutions, Web applications are being developed and deployed with lesser attention to critical and widespread security threats. This has made e-Governance application more vulnerable and government can no longer afford to tolerate security issues with high risk values which could hinder delivery of services and impact the confidentiality, integrity and availability of information. To mitigate with appropriate countermeasures and security controls, it is required to identify and estimate risks associated with top potential e-Governance applications security issues that can be exploited. In this context, an attempt is made in this paper to identify and estimate the top potential application security issues to create generic security risk profile specific to e-Governance applications. The security risk profile determined in this paper can subsequently be used as baseline to establish the security strength of the e-Governance application.