COBRA framework to evaluate e-government services: A citizen-centric perspective

E-government services involve many stakeholders who have different objectives that can have an impact on success. Among these stakeholders, citizens are the primary stakeholders of government activities. Accordingly, their satisfaction plays an important role in e-government success. Although several models have been proposed to assess the success of e-government services through measuring users' satisfaction levels, they fail to provide a comprehensive evaluation model. This study provides an insight and critical analysis of the extant literature to identify the most critical factors and their manifested variables for user satisfaction in the provision of e-government services. The various manifested variables are then grouped into a new quantitative analysis framework consisting of four main constructs: cost; benefit; risk and opportunity (COBRA) by analogy to the well-known SWOT qualitative analysis framework. The COBRA measurement scale is developed, tested, refined and validated on a sample group of e-government service users in Turkey. A structured equation model is used to establish relationships among the identified constructs, associated variables and users' satisfaction. The results confirm that COBRA framework is a useful approach for evaluating the success of e-government services from citizens' perspective and it can be generalised to other perspectives and measurement contexts. Crown Copyright © 2014.PIAP-GA-2008-230658) from the European Union Framework Program and another grant (NPRP 09-1023-5-158) from the Qatar National Research Fund (amember of Qatar Foundation

An Assurance Framework for Independent Co-assurance of Safety and Security

Integrated safety and security assurance for complex systems is difficult for many technical and socio-technical reasons such as mismatched processes, inadequate information, differing use of language and philosophies, etc.. Many co-assurance techniques rely on disregarding some of these challenges in order to present a unified methodology. Even with this simplification, no methodology has been widely adopted primarily because this approach is unrealistic when met with the complexity of real-world system development. This paper presents an alternate approach by providing a Safety-Security Assurance Framework (SSAF) based on a core set of assurance principles. This is done so that safety and security can be co-assured independently, as opposed to unified co-assurance which has been shown to have significant drawbacks. This also allows for separate processes and expertise from practitioners in each domain. With this structure, the focus is shifted from simplified unification to integration through exchanging the correct information at the right time using synchronisation activities

Medical Cyber-Physical Systems Development: A Forensics-Driven Approach

The synthesis of technology and the medical industry has partly contributed to the increasing interest in Medical Cyber-Physical Systems (MCPS). While these systems provide benefits to patients and professionals, they also introduce new attack vectors for malicious actors (e.g. financially-and/or criminally-motivated actors). A successful breach involving a MCPS can impact patient data and system availability. The complexity and operating requirements of a MCPS complicates digital investigations. Coupling this information with the potentially vast amounts of information that a MCPS produces and/or has access to is generating discussions on, not only, how to compromise these systems but, more importantly, how to investigate these systems. The paper proposes the integration of forensics principles and concepts into the design and development of a MCPS to strengthen an organization's investigative posture. The framework sets the foundation for future research in the refinement of specific solutions for MCPS investigations.Comment: This is the pre-print version of a paper presented at the 2nd International Workshop on Security, Privacy, and Trustworthiness in Medical Cyber-Physical Systems (MedSPT 2017

Understanding and Specifying Information Security Needs to Support the Delivery of High Quality Security Services

In this paper we present an approach for specifying and prioritizing information security requirements in organizations. It is important to prioritize security requirements since hundred per cent security is\ud not achievable and the limited resources available should be directed to satisfy the most important ones. We propose to explicitly link security requirements with the organization’s business vision, i.e. to provide business\ud rationale for security requirements. The rationale is then used as a basis for comparing the importance of different security requirements.\ud Furthermore we discuss how to integrate the aforementioned solution concepts into a service level management process for security services, which is an important step in IT Governance. We validate our approach by way of a focus group session