Security Assessment Model for A Cloud based e-Governance System based on Fuzzy Comprehensive Evaluation Method Muzaffar Azim FTK Centre for Information Technology, Jamia Millia Islamia, New Delhi, 110025, India mazim@jmi.ac.in Abstract— The Cloud computing is changing the way organizations are functioning nowadays. A Cloud based system changes the services seamlessly without expending many resources in setting up new systems. Although there are many advantages of Cloud computing, issues related with Security and Privacy are some of the major challenges, which needs to be addressed for the successful deployment of a Cloud based System. Security has become a key limitation in the development of a Cloud based e- Governance System. Therefore, the security of the system should be assessed regularly to ensure reliability and confidentiality of the System. The Paper has first established a two-level hierarchy structure index system for the security risk assessment for a cloud based e-governance system called e-Government Security Matrix (EGSM) consisting of four Security Domains and twenty risk factors called Security Control Areas. Further the paper has proposed an e-Governance Security Assessment Model (EGSAM) to assess the security level of the whole system as well as security levels of each Security Domain. The model also determines the relative importance weight & ranking at each security Domain as well as the risk value weights & ranking of the twenty risk factors. The model is based on Analytical Hierarchy Process and on Fuzzy Comprehensive Evaluation Method which combines Fuzzy Mathematics with Expert’s expertise to determine security level of the System Keywords — Cloud Computing, e-Governance security, Fuzzy Comprehensive Evaluation, Analytical Hierarchy Process, Security Assessment Model. I. INTRODUCTION The exponential growth of Internet has not only changed our life, but it has also changed the functioning and service delivery models of the Governments. The rise of e-governance has been one of the most striking developments of the web. “E-governance is the application of Information and communication technologies (ICT) to exchange information between the government and the citizens, government and businesses and between government organizations” [1]. The Cloud computing is a relatively new cutting edge Technology in the computing world. According to the National Institute of Standards and Technology (NIST), "Cloud computing is a model for enabling ubiquitous, convenient, on- demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction." [2]. “Cloud computing is a new way of accepting and providing services over internet. Cloud based E-governance system provides many benefits to Government like reduced cost, distributed storage of data, gets more resources at lower cost, manages security, scalability, accountability and modifiability. Cloud computing can be treated as a future of computing” [3]. It also ensures efficient use of resources such as processing, memory, storage apart from ensuring high availability, quality and security. Although there are many advantages of Cloud Computing, issues related with Security & Privacy are some of the major challenges and obstacles, which need to be addressed for the successful deployment and operation of e-government [4]. Security and Privacy is the most important factor for the successful implementation of an e-Governance System. The issue of Security and Privacy is further enhanced in a cloud based e-governance System as the confidential data is being stored outside the physical boundary of the Organization. Therefore, it is absolutely essential to assess the security levels of the Systems so that effective measures are taken to transfer, avoid or reduce risk for controlling the systems risk effectively. During literature survey it has been found that very limited work has been done to find an efficient and effective way to assess the security risks of a cloud based e-governance system. The Paper has first established a two-level hierarchy structure index system for the security risk assessment for a cloud based e-governance system called e-Government Security Matrix (EGSM) consisting of four Security Domains and twenty risk factors called Security Control Areas. Further the paper has proposed an e-Governance Security Assessment Model (EGSAM) to assess the security level of the whole system as well as security levels of each security Domain. The model also determines the relative importance weight and ranking at each security Domain as well as the risk value weight and ranking of the twenty risk factors. The model is based on Analytical Hierarchy Process (AHP) and on Fuzzy Comprehensive Evaluation (FCE) Method which combines Fuzzy Mathematics with Expert’s expertise to determine security level of the System. “AHP is an evaluation method for solving complex and fuzzy problems that cannot be quantitatively analyzed International Journal of Computer Science and Information Security (IJCSIS), Vol. 15, No. 4, April 2017 66 https://sites.google.com/site/ijcsis/ ISSN 1947-5500