A Security-Evaluation Framework for Mobile Cross-Border e-Government Solutions

Thomas Zefferer, Bernd Prünster, Christian Paul Kollmann, Andreea Ancuta Corici, Lukas Alber, Roland Czerny, Blaz Podgorelec

Research output: Chapter in Book/Report/Conference proceedingConference paperpeer-review

Abstract

Security evaluation is crucial for any security-critical system. In this context, a system can mean technical systems, organizations, or any other entity with certain security requirements. The major challenge in doing risk analysis is the trade-off between completeness and complexity. When done on a more abstract level, certain risks are potentially overlooked. When done on a very detailed level, risk analyses quickly become complex and exceed available resources. To tackle this challenge, various norms and standards propose different security evaluation methodologies. These methodologies vary depending on their target scope. Also, these standards typically remain on a rather abstract level to ensure broad applicability to different systems. In practice, this often complicates the application of these standards to concrete technical systems. In this paper, we tackle this issue by proposing a customized security-evaluation framework tailored to the special characteristics of cross-border e-government services. The proposed framework does not re-invent the wheel but combines aspects and approaches of established norms and standards to cherry-pick from each standard those aspects most beneficial for the given context. We evaluated the proposed framework by applying it to a set of software building blocks, which have been developed in the Horizon-2020 project mGov4EU and leverage mobile cross-border e-government services in Europe. The conducted evaluation shows that the proposed framework facilitates the practical application of security evaluations in the targeted domain and supports evaluators in handling the trade-off between completeness and complexity.
Original languageEnglish
Title of host publicationDGO '23: Proceedings of the 24th Annual International Conference on Digital Government Research
EditorsDavid Duenas Cid
PublisherAssociation of Computing Machinery
Pages536–543
Number of pages8
ISBN (Electronic)979-8-4007-0837-4
DOIs
Publication statusPublished - 2023
Event24th Annual International Conference on Digital Government Research: dg.o 2023 - Gdansk, Poland
Duration: 11 Jul 202314 Jul 2023

Publication series

NameACM International Conference Proceeding Series

Conference

Conference24th Annual International Conference on Digital Government Research
Abbreviated titledg.o 2023
Country/TerritoryPoland
CityGdansk
Period11/07/2314/07/23

Keywords

  • Security evaluation
  • Risk analysis
  • Risk evaluation
  • Security
  • E-government
  • e-Government

ASJC Scopus subject areas

  • Software
  • Human-Computer Interaction
  • Computer Vision and Pattern Recognition
  • Computer Networks and Communications

Fingerprint

Dive into the research topics of 'A Security-Evaluation Framework for Mobile Cross-Border e-Government Solutions'. Together they form a unique fingerprint.

Cite this