Cybersecurity Practices for e-Government: An Assessment in Bhutan
This paper, submitted to the 10th International Conference on e-Business (iNCEB2015) in November 2016, presents an assessment of cybersecurity practices, cyber threats and other factors affecting effective implementation of cybersecurity program in government organisations in Bhutan.
The main goal of e-government implementation is to improve the effectiveness, efficiency and quality of public service delivery using Information and Communication Technologies (ICT). However, its success is dependent on the provision of information security goals such as confidentiality, integrity, availability and trust. Therefore, cybersecurity is vital for the successful adoption of e-government systems.
The paper did an assessment of cybersecurity practices, cyber threats and other factors affecting effective implementation of cybersecurity program in government organisations in Bhutan. Selected cybersecurity practices included in the study were cyber policy, risk management, training and awareness, and access controls for protection of network including mobile computing devices.
Out of 280 potential respondents, 157 respondents completed the survey. The results show that, in many organisations, there is very limited use of or a lack of formal cybersecurity policy, risk management, awareness, or incident management practices.The results also indicate that many organisations have either suffered from, or been affected by, cybersecurity threats such as malware, hacking and phishing scams.
The study recommends both managerial and technological practices to improve cybersecurity posture of government organisations and to improve people’s level of trust and confidence in e-government services.