1 / 23

Introduction

Introduction. Peter De Witte Information Security Officer for the IT Department Advisor for Software Development Infrastructure. Introduction SVB. SVB Sociale Verzekeringsbank 15 different national insurance schemes. Child Benefits, AOW Pensions, Anw Survivor Benefits

bishop
Télécharger la présentation

Introduction

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Introduction • Peter De Witte • Information Security Officerfor the IT Department • Advisor for • Software Development • Infrastructure

  2. Introduction SVB • SVB SocialeVerzekeringsbank • 15 different national insurance schemes. • Child Benefits, AOW Pensions, Anw Survivor Benefits • 100 years + • 5 Million Clients • € 35 Billion on a yearly basis.

  3. how can SVB assure adequate levels of securityand gaincustomers trust, while maximizingqualityandeffectivenessof citizen service? 25 may 2012

  4. Security, Trust, Quality & Effectiveness • Awareness • Provide a secure IT • Proper use of availablechannels • Adequate response to incidents

  5. Customer Awareness

  6. Employee Awareness • Code ofConduct • Security Guidelines • Classification ofinformation • Incident response • Organisation ofInformation Security

  7. Employee Awareness • Email policy

  8. Provide a secure IT • NEN-ISO/IEC 27002:2007 nl (BS27002) • CMMi • ITIL • OWASP • Security testing • Standard forwebapplicationsprovidedbyLogius in cooperation with NCSC

  9. Trusted Channels

  10. 3 Security levels for DIGID: Basis: login code (username + password) Middle: login code + textmessage on a mobile phone High:electronicidentifier (notyetimplemented)

  11. Shared secret Soon: 2 way sslauthentications Open A Select server Soon: SAML Server

  12. PKI GovernmentCertificates

  13. Public channels

  14. Response to incidents: Case Diginotar • Diginotar: certificateswere no longertrusted • DIGID was affecteddirectly, SVB indirectly • Ifcustomerswantedto login, theyreceived a warningof anunsafecertificate

  15. Case Diginotar: response SVB (short term) • Form aninternal crisisteam • Inventory of SVB certificates • Link up withother sister organisationsandMinistry of the Interior and Kingdom Relations • Communication to the customer, ifnecessary

  16. Case Diginotar: response SVB (long term) • Back-up CA • Investigation of the Dutch Safety Board • CooperatewithLogiusand sister organisationstodevelopandimplement new standards frameworkfor users of DIGID • Start of expert center intiatedby public service providers

  17. Responses fromexternalparties SUWI: “the SVB has a technical and organizational infrastructure of such a standard, that such an incident can be adequately addressed.Apparently the citizens understood where the problems where and have enough confidence in the SVB web service to continue itsuse.” Dutch Safety Board (stillunofficial): Indicationtowards a positivereaction National Ombudsman: Positivereactiontowardshow SVB deals withcustomersand customer data

  18. Future • Keep ourown security up to date • Proactivetowards new developments, likecloud. • Cooperation withexternalparties

  19. Questions?

More Related