Standards information[edit]
The GSM systems and services are described in a set of standards governed by ETSI, where a full list is maintained.[25]
Gsm open-source software[edit]
Several open-source software projects exist that provide certain GSM features:
gsmd daemon by Openmoko[26]
OpenBTS develops a Base transceiver station
The GSM Software Project aims to build a GSM analyzer for less than $1,000[27]
OsmocomBB developers intend to replace the proprietary baseband GSM stack with a free software implementation[28]
YateBTS develops a Base transceiver station [29]
Issues with patents and open source[edit]
Patents remain a problem for any open-source GSM implementation, because it is not possible for GNU or any other free software distributor to guarantee immunity from all lawsuits by the patent holders against the users. Furthermore, new features are being added to the standard all the time which means they have patent protection for a number of years.[citation needed]
The original GSM implementations from 1991 may now be entirely free of patent encumbrances, however patent freedom is not certain due to the United States' "first to invent" system that was in place until 2012. The "first to invent" system, coupled with "patent term adjustment" can extend the life of a U.S. patent far beyond 20 years from its priority date. It is unclear at this time whether OpenBTS will be able to implement features of that initial specification without limit. As patents subsequently expire, however, those features can be added into the open-source version. As of 2011, there have been no lawsuits against users of OpenBTS over GSM use
List of recommended references
June J. Parsons and Dan Oja, New Perspectives on Computer Concepts 16th Edition - Comprehensive, Thomson Course Technology, a division of Thomson Learning, Inc Cambridge, MA, COPYRIGHT © 2014.
Lorenzo Cantoni (University of Lugano, Switzerland) James A. Danowski (University of Illinois at Chicago, IL, USA) Communication and Technology, 576 pages.
Craig Van Slyke Information Communication Technologies: Concepts, Methodologies, Tools, and Applications (6 Volumes). ISBN13: 9781599049496, 2008, Pages: 4288
Brynjolfsson, E. and A. Saunders (2010). Wired for Innovation: How Information Technology Is Reshaping the Economy. Cambridge, MA: MIT Press
Kretschmer, T. (2012), "Information and Communication Technologies and Productivity Growth: A Survey of the Literature", OECD Digital Economy Papers, No. 195, OECD Publishing.
Laboratory work №13
13.1 Obtaining the electronic services on the portal of e-government of kazakhstan
The number of services delivered to Kazakhstan citizens through e-Government has reached 100 million. More than 19 million services were delivered within six months this year.
Since 2010, Kazakhstan citizens have been able to obtain various public services in electronic format. This, as is known, saves both Kazakhstanis’ time and money. For instance, while previously, to obtain an abstract of residential address, you had to wait for 3 to 5 days, now this procedure will take you no more than 15 minutes.
Online public services can be obtained on the e-Government portal, in egov.kz mobile app, and in Connection Points, as well as through the special terminals - public access points located in CSCs. The number of services delivered through these channels has reached 100 million.
This is a good indicator, and it means that people trust in e-Government. eGov’s popularity grows increasingly year after year: while in 2012 we delivered more than 10 million services, and in 2014 – more than 35 million, then for the six months this year, over 19 million services were rendered”, Chairman of the Board of National Information Technologies JSC RuslanYensebayev commented.
The most popular service on the portal is the obtainment of abstract of residential address. Since the launch of this service to today, it was obtained over 48 million times. The second popular service is the issuance of abstract of title to real estate: for the same period, 17 million such abstracts were issued. Also, citizens frequently obtain statements of pension deductions (over 10 million).
Note that currently, 215 services are accessible on the eGov.kz portal, which services are intended for most various categories of citizens and businesses.
Today, April 12, 2016, is 10 years since the launch of e-Government Portal of Kazakhstan. At the briefing in Central Communication Team under President of Kazakhstan, the Vice Minister of Investments and Development SakenSarsenov and Deputy Chairman of the Board for e-Services of National Information Technologies JSC BaglanBekbauov told about the eGov start up and about the plans for developing it.
S.Sarsenov mentioned in his speech that for the past 10 years, the e-Government legal framework, architecture and infrastructure had been created in Kazakhstan. All the required components were created, including databases and both national and interdepartmental gateways.
e-Services’ affordability became possible also thanks to digital signatures’ being provided to citizens on a free-of-charge basis. To date, over 10 million digital signatures have been issued, of which about 4.5 million have been recorded on citizens’ ID cards”, Vice Minister of MID added.
The eGov portal users amount already to over 5 million persons, or more than half of the economically-active population of Kazakhstan, capable of accessing 240 e-services. For the entire period, around 130 million services were provided via the eGov infrastructure.
According to Deputy Chairman of the Board of NIT JSC BaglanBekbauov, the most popular services obtained via eGov are: abstracts of residential address (about 64 million), abstracts of the registered title to real estate (about 20 million) and abstracts of pension deductions (more than 12.5 million times).
One of the portal’s in-demand services is the online registration of business. Via eGov, over 73 thousand companies since 2013.
Through the e-Gov Payment Gateway, about 3 million transactions have been made for the sum of over KZT 18 billion, of which the payments for KZT 10 billion were made only within 2015.
A new essential stage in developing the e-services delivery infrastructure, given the intense penetration of mobile communication and mobile technology among citizens, is the creation of Mobile Government. Currently, 80 different services can be obtained via eGov mobile app for iOS, Android and Windows Phone platforms.
Further improving of transparency, accountability, and efficiency of government agencies’ activities is expected in the course of developing Open Government of Kazakhstan consisting of five components: Open Data, Open Laws & Regulations, Open Budgets, Open Dialogue, and Government Agencies Activity Assessment. On the Open Data portal, 338 sets of publicly available data of government agencies have been placed in machine-readable format, with 12 mobile apps having been developed based on them. Also, to date, 1490 open data sets have been approved that will be published on the portal by September this year. And on the Open Budgets portal, the first information will be accessible in May already: citizens will be able to access the reports on implementation of budget programs for 2015.
Controlquestions:
How you think, the most important inventions of the last 50 years are?
As if mobile phones made communication simpler?
What household appliances do you I think that people need most of all?
What shortcomings modern technologies?
How you think, we too to rely on modern technologies?
What technological developments can will happen in the future in the field of transport, education or health?
List of recommended references
June J. Parsons and Dan Oja, New Perspectives on Computer Concepts 16th Edition - Comprehensive, Thomson Course Technology, a division of Thomson Learning, Inc Cambridge, MA, COPYRIGHT © 2014.
Lorenzo Cantoni (University of Lugano, Switzerland) James A. Danowski (University of Illinois at Chicago, IL, USA) Communication and Technology, 576 pages.
Craig Van Slyke Information Communication Technologies: Concepts, Methodologies, Tools, and Applications (6 Volumes). ISBN13: 9781599049496, 2008, Pages: 4288
Brynjolfsson, E. and A. Saunders (2010). Wired for Innovation: How Information Technology Is Reshaping the Economy. Cambridge, MA: MIT Press
Kretschmer, T. (2012), "Information and Communication Technologies and Productivity Growth: A Survey of the Literature", OECD Digital Economy Papers, No. 195, OECD Publishing.
Laboratory work №14
FUNDAMENTALS OF THEORY OF SECURITY AND PROTECTION OF INFORMATION
Information security
The history of computer security and how it evolved into information security
The key terms and concepts of information security
Information security: a “well-informed sense of assurance that the information risks and controls are in balance.” —Jim Anderson, Inovant (2002)
The History of Information Security.
Began immediately after the first mainframes were developed
Groups developing code-breaking computations during World War II created the first modern computers
Physical controls to limit access to sensitive military locations to authorized personnel
Rudimentary in defending against physical theft, espionage, and sabotage
The 1960s
Advanced Research Procurement Agency (ARPA) began to examine feasibility of redundant networked communications
Larry Roberts developed ARPANET from its inception
The 1970s and 80s
ARPANET grew in popularity as did its potential for misuse
Fundamental problems with ARPANET security were identified
No safety procedures for dial-up connections to ARPANET
Non-existent user identification and authorization to system
Late 1970s: microprocessor expanded computing capabilities and security threats
Scope of computer security grew from physical security to include:
Safety of data
Limiting unauthorized access to data
Involvement of personnel from multiple levels of an organization
The 1990s
Networks of computers became more common; so too did the need to interconnect networks
Internet became first manifestation of a global network of networks
In early Internet deployments, security was treated as a low priority
The Present
The Internet brings millions of computer networks into communication with each other—many of them unsecured
Ability to secure a computer’s data influenced by the security of every computer to which it is connected
What is Security?
The quality or state of being secure—to be free from danger”
A successful organization should have multiple layers of security in place:
Physical security
Personal security
Operations security
Communications security
Network security
Information security
Critical Characteristics of Information
The value of information comes from the characteristics it possesses:
Availability
Accuracy
Authenticity
Confidentiality
Integrity
Utility
Possession
NSTISSC Security Model
Components of an Information System
Information System (IS) is entire set of software, hardware, data, people, procedures, and networks necessary to use information as a resource in the organization
Securing Components
Computer can be subject of an attack and/or the object of an attack
When the subject of an attack, computer is used as an active tool to conduct attack
When the object of an attack, computer is the entity being attacked
Balancing Information Security and Access
Impossible to obtain perfect security—it is a process, not an absolute
Security should be considered balance between protection and availability
To achieve balance, level of security must allow reasonable access, yet protect against threats
Approaches to Information Security Implementation: Bottom-Up Approach
Grassroots effort: systems administrators attempt to improve security of their systems
Key advantage: technical expertise of individual administrators
Seldom works, as it lacks a number of critical features:
Participant support
Organizational staying power
Approaches to Information Security Implementation: Top-Down Approach
Initiated by upper management
Issue policy, procedures and processes
Dictate goals and expected outcomes of project
Determine accountability for each required action
The most successful also involve formal development strategy referred to as systems development life cycle
The Systems Development Life Cycle
Systems development life cycle (SDLC) is methodology and design for implementation of information security within an organization
Methodology is formal approach to problem-solving based on structured sequence of procedures
Using a methodology
ensures a rigorous process
avoids missing steps
Goal is creating a comprehensive security posture/program
Traditional SDLC consists of six general phases
Investigation
What problem is the system being developed to solve?
Objectives, constraints and scope of project are specified
Preliminary cost-benefit analysis is developed
At the end, feasibility analysis is performed to assesses economic, technical, and behavioral feasibilities of the process
Analysis
Consists of assessments of the organization, status of current systems, and capability to support proposed systems
Analysts determine what new system is expected to do and how it will interact with existing systems
Ends with documentation of findings and update of feasibility analysis
Logical Design
Main factor is business need; applications capable of providing needed services are selected
Data support and structures capable of providing the needed inputs are identified
Technologies to implement physical solution are determined
Feasibility analysis performed at the end
Physical Design
Technologies to support the alternatives identified and evaluated in the logical design are selected
Components evaluated on make-or-buy decision
Feasibility analysis performed; entire solution presented to end-user representatives for approval
Implementation
Security solutions are acquired, tested, implemented, and tested again
Personnel issues evaluated; specific training and education programs conducted
Entire tested package is presented to management for final approval
Maintenance and Change
Perhaps the most important phase, given the ever-changing threat environment
Often, reparation and restoration of information is a constant duel with an unseen adversary
Information security profile of an organization requires constant adaptation as new threats emerge and old threats evolve
Security Professionals and the Organization
Wide range of professionals required to support a diverse information security program
Senior management is key component; also, additional administrative support and technical expertise required to implement details of IS program
Senior Management
Chief Information Officer (CIO)
Senior technology officer
Primarily responsible for advising senior executives on strategic planning
Chief Information Security Officer (CISO)
Primarily responsible for assessment, management, and implementation of IS in the organization
Usually reports directly to the CIO
Key Terms
Access
Asset
Attack
Control, Safeguard or Countermeasure
Exploit
Exposure
Hacking
Object
Risk
Security Blueprint
Security Model
Security Posture or Security Profile
Subject
Threats
Threat Agent
Vulnerability
Control questions:
WhatisComputerSecurity?
Why is Computer SecurityImportant?
Why do I need to learn aboutComputer Security?
Isn’t this just an IT Problem?
How many attacks to computers on campusdo you think take place everyday?
What are the consequences forsecurity violations?
List of recommended references
June J. Parsons and Dan Oja, New Perspectives on Computer Concepts 16th Edition - Comprehensive, Thomson Course Technology, a division of Thomson Learning, Inc Cambridge, MA, COPYRIGHT © 2014.
Lorenzo Cantoni (University of Lugano, Switzerland) James A. Danowski (University of Illinois at Chicago, IL, USA) Communication and Technology, 576 pages.
Craig Van Slyke Information Communication Technologies: Concepts, Methodologies, Tools, and Applications (6 Volumes). ISBN13: 9781599049496, 2008, Pages: 4288
Brynjolfsson, E. and A. Saunders (2010). Wired for Innovation: How Information Technology Is Reshaping the Economy. Cambridge, MA: MIT Press
Kretschmer, T. (2012), "Information and Communication Technologies and Productivity Growth: A Survey of the Literature", OECD Digital Economy Papers, No. 195, OECD Publishing.