0 Contact Us

A Case Study: Risk Rating Methodology for E-Governance Application Security Risks

B. S. Kumar*, V. Sridhar**, K. R. Sudhindra***
* Scientist `F', Electronics Test and Development Centre (ETDC), Bangalore, India.
** Department of Electronics and Communication Engineering, Nitte Meenakshi Institute of Technology, Bangalore, India.
*** Department of Electronics and Communication Engineering, B M S College of Engineering, Bangalore, Karnadaka, India.
Periodicity:January - March'2019
DOI : https://doi.org/10.26634/jse.13.3.15546

Abstract

Over the last few years, e governance in India has made rapid progress and adopted global best practices in terms of citizen-centricity, reach, connectivity, efficiency, transparency, accountability and availability. Multiple modes and ease of access, seamless connectivity and availability, user friendliness and efficiency of e-governance services have opened up avenues making e-governance services most prone to serious security risks. International trends and domestic experiences show that the e-governance services are constant targets of organized crime by hackers and prominent government sites are being probed daily. The security threat landscape for e-governance applications constantly changes and new type of vulnerabilities keeps manifesting. In today's race to build cutting-edge e-governance business solutions, web applications are being developed and deployed with lesser attention to critical and widespread security threats. The government can no longer afford to tolerate security issues with high risk values, which could hinder delivery of services and impact the confidentiality, integrity and availability of information. To mitigate with appropriate countermeasures and security controls, it is required to evaluate and estimate risks associated with e-governance applications security issues that can be exploited. In this context, this paper outlines the risk rating methodology from e-governance perspective to estimate risk associated with security issues at application layer that are critical and widespread.

Keywords

 Application Risk Rating Methodology, Overall Risks Score, Injection Attack, Threat Agent, Technical Impact.

How to Cite this Article?

 Kumar, B. S., Sridhar, Sudhindra, K. R. (2019). A Case Study: Risk Rating Methodology for E-Governance Application Security Risks, i-manager's Journal on Software Engineering, 13(3), 39-44. https://doi.org/10.26634/jse.13.3.15546

References
[1]. CVSS. (n.d). Common Vulnerability Scoring System v3.0: Specification Document. Retrieved from https://www.first.org/cvss/specification-document/
[2]. HKCERT. (2018). CWE/SANS The ten most critical web application security risks (OWASP Top 10) – 2017, Hong Kong Computer Emergency Response Team Coordination Centre. Retrieved from https://www.hkcert.org/my_url/ en/guideline/18061501
[3]. HKSAR. (2008). Web application security by the Government of the HongKong Special Administrative.
[4]. Martin, B., Brown, M., Paller, A., & Kirby, D. (2011). Top 25 most dangerous software errors, The MITRE Corporation. Retrieved from https://cwe.mitre.org/top25/
[5]. Meier, J. D., Mackman, A., Dunner, M., Vasireddy, S., Escamilla, R., & Murukan, A. (2003). Improving web application security: threats and countermeasures. Washington, DC: Microsoft Corporation.
[6]. Pandya, C. D., & Patel, J. N. (2017). Study and analysis of E-Governance Information Security (InfoSec) in Indian Context. IOSR Journal of Computer Engineering (IOSRJCE), 19(1), 4-7.
[7]. Ramadlan, F. M. (n.d) Introduction and implementation OWASP Risk Rating Management. Retrieved from https://www.owasp.org/images/9/9c/ Riskratingmanagement-170615172835.pdf
[8]. Teodoro, N., & Serrao, C. (2011, June). Web application security: Improving critical web-based applications quality through in-depth security analysis. In International Conference on Information Society (i-Society 27-29,June2011), (pp. 457-462), IEEE.
[9]. WASC. (2010). WASC Threat Classification, version 2.00. Retrieved from http://projects.webappsec.org/f/ WASC-TC-v2_0.pdf
[10]. Zhou, Z., & Hu, C. (2008). Study on the e-government security risk management. International Journal of Computer Science and Network Security, 8(5), 208-213.
If you have access to this article please login to view the article or kindly login to purchase the article

Purchase Instant Access

Single Article

North Americas,UK,
Middle East,Europe 		India Rest of world
USD EUR INR USD-ROW
Pdf 35 35 200 20
Online 35 35 200 15
Pdf & Online 35 35 400 25
ADD TO CART

Options for accessing this content:
  • If you would like institutional access to this content, please recommend the title to your librarian.
    Library Recommendation Form
  • If you already have i-manager's user account: Login above and proceed to purchase the article.
  • New Users: Please register, then proceed to purchase the article.
Submit New Paper Track Paper Status Buy Journal Track Your Subscription Journal Archive
Authors Institutions/Librarians Agents Conferences
About Us Careers Contact FAQ Terms and Conditions Privacy Policy Refund & cancellation Policy