1 / 6

Securing and Protecting Citizens' Data

Securing and Protecting Citizens' Data. Bob Bence CIO St. Louis County June 18, 2009. Citizen Data. Information Needing Protection Governance Policies IT Architecture. Information Needing Protection. Personal identification (SSN) Medical records Credit card Law enforcement

darci
Télécharger la présentation

Securing and Protecting Citizens' Data

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Securing and Protecting Citizens' Data Bob Bence CIO St. Louis County June 18, 2009

  2. Citizen Data • Information Needing Protection • Governance • Policies • IT Architecture

  3. Information Needing Protection • Personal identification (SSN) • Medical records • Credit card • Law enforcement • Criminal history records • Finger prints • Certain addresses on real estate web site • Stalking victims

  4. Governance • Have a culture of awareness & security • Compliance (HIPAA, PCI, CJIS, etc) • IT Security Team • Peer Reviews, Gartner • Security report to IT Steering Committee three times/yr • Internal & External security audits

  5. Policies • Identify & label Confidential & Private information • Limit access to systems with sensitive information • No credit card numbers stored on our systems • Website privacy statement on web site • Redact personal information • Review web content before posting • Security section in bids & RFPs

  6. St. Louis County E-commerce Architecture DMZ Zone 1 Zone 2 Zone 3 Applicat-ion Servers Database Server Web Servers Internet W S EC FW2 FW1 FW3 FW = Firewall S = Switch W = Web Application Firewall • VLANS for network segmentation

More Related