Use this URL to cite or link to this record in EThOS: http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.715220
Title: Development of a comprehensive information security system for UAE e-Government
Author: Al Mayahi, Ibrahim Humaid
Awarding Body: Prifysgol Bangor University
Current Institution: Bangor University
Date of Award: 2016
Availability of Full Text:
Access from EThOS:
Full text unavailable from EThOS. Thesis embargoed until 01 Mar 2022
Access from Institution:
Abstract:
The UAE has a vision of delivering unified e-Government services across numerous departments of seven emirates. The primary goal is to bring all aspects of the government information services online for every citizens and business by completely replacing the existing paper-based bureaucracy. This creates significant risks and information security challenges which the UAE e-Government is seeking to address. This thesis makes a comprehensive review of the UAE e-Government’s information security posture. An analysis of the current strengths and weaknesses of the e-Government was carried out, SWOT analysis was employed and based on the results, a TOWS matrix was constructed facilitating the development of new e-Government strategies to mitigate external threats. To implement an Information Security Management System (ISMS) across the e-Government departments, a framework was developed based on a multi-layered approach that is used to structure the information security program. It considers three factors; technology, operations and people (employees), to increase the effectiveness of information security system. To implement the framework, several international standards were evaluated and subsequently the ISO 27001 standard was used as a benchmark for achieving a secure e-Government. A Gap Analysis was carried out to evaluate the current state of the security culture within the e-Government against the standard and a Risk Assessment was carried out to demonstrate the existing risks faced by e-Government services. A comprehensive series of penetration tests were commissioned on e-Government network infrastructure. Having made interventions to improve the security of physical information technologies and organisational operations, a comprehensive questionnaire was developed to obtain quantitative evaluation of the security culture within the organisation. Subsequently, a training programme was devised and developed for the employees to demonstrably improve the security culture as measured by this approach. Finally, the findings, in conjunction with a consultation with security heads within the UAE e-Government, are used to construct a single comprehensive information security policy that can be rolled out to all e-Government departments within the seven emirates.
Supervisor: Not available Sponsor: Not available
Qualification Name: Thesis (Ph.D.) Qualification Level: Doctoral
EThOS ID: uk.bl.ethos.715220  DOI: Not available
Share: