Development of a Comprehensive Information Security System for UAE e-Government

Al Mayahi, Ibrahim Humaid (2016) Development of a Comprehensive Information Security System for UAE e-Government. PhD thesis, Prifysgol Bangor University.

Signed Declaration Al Mayahi.pdf

Download (550kB) | Preview
[img] Text
Al Mayahi PhD 2016.pdf
Restricted to Repository staff only until March 2022.

Download (6MB)


The UAE has a vision of delivering unified e-Government services across numerous departments of seven emirates. The primary goal is to bring all aspects of the government information services online for every citizens and business by completely replacing the existing paper-based bureaucracy. This creates significant risks and information security challenges which the UAE e-Government is seeking to address. This thesis makes a comprehensive review of the UAE e-Government’s information security posture. An analysis of the current strengths and weaknesses of the e-Government was carried out, SWOT analysis was employed and based on the results, a TOWS matrix was constructed facilitating the development of new e-Government strategies to mitigate external threats. To implement an Information Security Management System (ISMS) across the e-Government departments, a framework was developed based on a multi-layered approach that is used to structure the information security program. It considers three factors; technology, operations and people (employees), to increase the effectiveness of information security system. To implement the framework, several international standards were evaluated and subsequently the ISO 27001 standard was used as a benchmark for achieving a secure e-Government. A Gap Analysis was carried out to evaluate the current state of the security culture within the e-Government against the standard and a Risk Assessment was carried out to demonstrate the existing risks faced by e-Government services. A comprehensive series of penetration tests were commissioned on e-Government network infrastructure. Having made interventions to improve the security of physical information technologies and organisational operations, a comprehensive questionnaire was developed to obtain quantitative evaluation of the security culture within the organisation. Subsequently, a training programme was devised and developed for the employees to demonstrably improve the security culture as measured by this approach. Finally, the findings, in conjunction with a consultation with security heads within the UAE e-Government, are used to construct a single comprehensive information security policy that can be rolled out to all e-Government departments within the seven emirates.

Item Type: Thesis (PhD)
Subjects: Degree Thesis
Departments: College of Physical and Applied Sciences > School of Computer Science
Degree Thesis
Date Deposited: 26 Apr 2017 10:24
Last Modified: 28 Apr 2017 08:24
URI: http://e.bangor.ac.uk/id/eprint/9851
Administer Item Administer Item

eBangor is powered by EPrints 3 which is developed by the School of Electronics and Computer Science at the University of Southampton. More information and software credits.