Personal Smart Cards

Author(s):  
Gustavo Taniguchi ◽  
Fábio Duarte

An effective information management is one of the most valuable assets of any organization, including public administration. Database integration from various municipal Information Systems is an essential tool for urban and strategic planning. The city of Curitiba, Brazil, has implemented several Information Systems to enhance its public services, from education to health care—most of these systems use several non-integrated personal smart cards to provide access to services. In this chapter we analyze some public Information Systems in use in Curitiba, and their inputs and outputs. We also advocate that the personal smart card already used in the metropolitan transportation system only as a fare collection card, is, among all others, the best option, from a technological and administrative standpoint, to integrate all municipal Information Systems, improving the effectiveness of public services and assisting for a comprehensive planning process.

Evaluation is a key element in preparation of the business case for an IT project. Business plans include discussion of costs and benefits, performance measures, progress milestones, assessment of risk, cost estimates for alternatives, and general justification for the advocated alternative. Approaches to evaluation range from the qualitative and general to the quantitative and specific. As identified in the chapter, evaluation activities may include comparisons of the agency with “best practices,” development of performance measures and benchmarks, and cost-performance analysis.


Author(s):  
P. Partow-Navid

Today, information security is one of the highest priorities on the IT agenda. In 2003, Luftman and McLean (2004) conducted a survey of Society for Information Management members to identify the top 20 information technology (IT) issues for executives. Security and privacy issues were ranked third, after IT/ business alignment and IT strategic planning. Concept of information security applies to all the data stored in information systems or being communicated in information networks and encompasses measures applied on all layers of open system interconnect (OSI) model of international standards such as application, networking, and physical. Sophisticated technologies and methods have been developed to: • Control access to computer networks • Secure information systems with advanced cryptography and security models • Establish standards for operating systems with focus on confidentiality • Communication integrity and availability for securing different types of networks • Manage trustworthy networks and support business continuity planning, disaster recovery, and auditing The most widely recognized standards are: • In the United States: Trusted Computer System Evaluation Criteria (TCSEC). • In Canada: Canadian Trusted Computer Product Evaluation Criteria (CTCPEC). • In Europe: Information Technology Security Evaluation Criteria (ITSEC). All of theses standards have recently been aggregated into Common Criteria standards. And yet, the information systems continue to be penetrated internally and externally at a high rate by malicious code, attacks leading to loss of processing capability (like distributed denial-of-service attack), impersonation and session hijacking (like man-in-the-middle attack), sniffing, illegal data mining, spying, and others. The problem points to three areas: technology, law, and IT administration. Even prior to the drama of 9/11, several computer laws were enacted in the USA and yet more may come in the future. Still the fundamental threats to information security, whether they originated outside the network or by the company’s insiders, are based on fundamental vulnerabilities inherent to the most common communication protocols, operating systems, hardware, application systems, and operational procedures. Among all technologies, the Internet, which originally was created for communication where trust was not a characteristic, presents the greatest source of vulnerabilities for public information systems infrastructures. Here, a threat is a probable activity, which, if realized, can cause damage to a system or create a loss of confidentiality, integrity, or availability of data. Consequently, vulnerability is a weakness in a system that can be exploited by a threat. Although, some of these attacks may ultimately lead to an organization’s financial disaster, an all-out defense against these threats may not be economically feasible. The defense actions must be focused and measured to correspond to risk assessment analysis provided by the business and IT management. That puts IT management at the helm of the information security strategy in public organizations.


2008 ◽  
pp. 2745-2754
Author(s):  
Parviz Partow-Navid ◽  
Ludwig Slusky

Today, information security is one of the highest priorities on the IT agenda. In 2003, Luftman and McLean (2004) conducted a survey of Society for Information Management members to identify the top 20 information technology (IT) issues for executives. Security and privacy issues were ranked third, after IT/ business alignment and IT strategic planning. Concept of information security applies to all the data stored in information systems or being communicated in information networks and encompasses measures applied on all layers of open system interconnect (OSI) model of international standards such as application, networking, and physical. Sophisticated technologies and methods have been developed to: • Control access to computer networks • Secure information systems with advanced cryptography and security models • Establish standards for operating systems with focus on confidentiality • Communication integrity and availability for securing different types of networks • Manage trustworthy networks and support business continuity planning, disaster recovery, and auditing The most widely recognized standards are: • In the United States: Trusted Computer System Evaluation Criteria (TCSEC). • In Canada: Canadian Trusted Computer Product Evaluation Criteria (CTCPEC). • In Europe: Information Technology Security Evaluation Criteria (ITSEC). All of theses standards have recently been aggregated into Common Criteria standards. And yet, the information systems continue to be penetrated internally and externally at a high rate by malicious code, attacks leading to loss of processing capability (like distributed denial-of-service attack), impersonation and session hijacking (like man-in-the-middle attack), sniffing, illegal data mining, spying, and others. The problem points to three areas: technology, law, and IT administration. Even prior to the drama of 9/11, several computer laws were enacted in the USA and yet more may come in the future. Still the fundamental threats to information security, whether they originated outside the network or by the company’s insiders, are based on fundamental vulnerabilities inherent to the most common communication protocols, operating systems, hardware, application systems, and operational procedures. Among all technologies, the Internet, which originally was created for communication where trust was not a characteristic, presents the greatest source of vulnerabilities for public information systems infrastructures. Here, a threat is a probable activity, which, if realized, can cause damage to a system or create a loss of confidentiality, integrity, or availability of data. Consequently, vulnerability is a weakness in a system that can be exploited by a threat. Although, some of these attacks may ultimately lead to an organization’s financial disaster, an all-out defense against these threats may not be economically feasible. The defense actions must be focused and measured to correspond to risk assessment analysis provided by the business and IT management. That puts IT management at the helm of the information security strategy in public organizations.


2020 ◽  
Vol 21 (1) ◽  
pp. 142-166
Author(s):  
Mirkhon Nurullaev ◽  
RAKHMATILLO DJURAEVICH ALOEV

The article provides a brief description of the cryptography service provider software developed by the authors of this article, which is designed to create encryption keys, create private and public keys of electronic digital signature, create and confirm authenticity of digital signatures, hashing, encrypting, and simulating data using the algorithms described in the State Standards of Uzbekistan. It can be used in telecommunications networks, public information systems, and government corporate information systems by embedding into applications that store, process, and transmit information that does not contain information related to state secrets, as well as in the exchange of information, and ensuring the legal significance of electronic documents. The cryptography service provider includes the following functional components: a dynamically loadable library that implements a biophysical random number sensor; a dynamic library that implements cryptographic algorithms in accordance with the State Standards of Uzbekistan; a module supporting work with external devices; an installation module that provides the installation of a cryptography service provider in the appropriate environment of operation (environment). ABSTRAK: Artikel ini memberikan penerangan ringkas tentang perisian penyedia perkhidmatan kriptografi yang dibangunkan oleh pengarang artikel ini, yang direka untuk membuat kunci penyulitan, kunci persendirian dan awam tandatangan digital elektronik, membuat dan mengesahkan kesahihan tandatangan digital, hashing, penyulitan dan simulasi data menggunakan algoritma yang dinyatakan dalam Standard Negeri Uzbekistan. Ia boleh digunakan dalam rangkaian telekomunikasi, sistem maklumat awam, sistem maklumat korporat kerajaan dengan memasukkan aplikasi aplikasi yang menyimpan, memproses dan menghantar maklumat yang tidak mengandungi maklumat yang berkaitan dengan rahsia negara, serta pertukaran maklumat dan memastikan undang-undang kepentingan dokumen elektronik. Penyedia perkhidmatan kriptografi termasuk komponen berfungsi sebagai berikut: perpustakaan dinamik yang boleh dimuatkan yang melaksanakan sensor nombor rawak biofisika; perpustakaan dinamik yang melaksanakan algoritma kriptografi mengikut Standard Negeri Uzbekistan; modul menyokong kerja dengan peranti luaran; modul pemasangan yang menyediakan pemasangan penyedia perkhidmatan kriptografi dalam persekitaran operasi yang sesuai (persekitaran).


Sign in / Sign up

Export Citation Format

Share Document