1 / 18

Security and Government On-Line

Chief Information Officer Branch. Gestion du dirigeant principal de l’information. Government of Canada PKI Secretariat. Security and Government On-Line. Getting the Model Right. First Annual Privacy and Security Workshop November 10, 2000.

ona
Télécharger la présentation

Security and Government On-Line

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. ChiefInformationOfficer Branch Gestion dudirigeantprincipal del’information Government of Canada PKI Secretariat Security and Government On-Line Getting the Model Right First Annual Privacy and Security WorkshopNovember 10, 2000 “We will have a world class public key infrastructure in place” Prime Minister Jean Chrétien

  2. Origin of Government On-Line Initiative “The Government will become a model user of information technology and the Internet. By 2004, our goal is to be known around the world as the government most connected to its citizens, with Canadians able to access all government information and services on line, at the time and place of their choosing.” (1999 Throne Speech)

  3. 2004 and beyond December 2000 December 2004 • ON-LINE PRESENCE • information on programs and services • access to key forms on-line • a revamped Government of Canada portal • ELECTRONIC SERVICE DELIVERY • key government services on-line • secure transactions • electronic filing • electronic payments • PARTNERSHIPS • inter-jurisdictional sites and services based on client needs TierOne Tier Two Tier Three Government On-Line Targets

  4. GOC PKI Secretariat Role To encourage the implementation of policies, technologies and governance processes in support of secure electronic service delivery and Government On Line. To contribute to Canada’s position as a trusted partner in the new global economy by helping to promote an e-commerce-friendly environment.

  5. Secure Electronic Service Delivery • As electronic transactions increase in complexity and sensitivity, so too do the requirements for privacy and security • Secure Electronic Service Delivery (SESD) is a critical component of the Government On-Line Initiative

  6. SESD Strategy Strategy Development Service Requirements (Business Processes) Policy and Legal Filters Canadians' Expectations Security Options

  7. Typical Federal Services and Associated Security Requirements • Information publishing • anonymous browsing • digitally signed content • Application for program or service, updates and account review • confidentiality • authentication • authorization • non-repudiation • secure end-to-end automated processes

  8. Services / Security Matrix SECURITY ENABLERS TYPICAL ON-LINE SERVICES Public Key Infrastructure Access and Changes to Information Transaction Complexity Corporate Form Filing Tax Filing / Benefit Applications PINs, Passwords, Shared Secrets Paid Publications SSL Unrestricted access Access to Public Information Transaction Sensitivity

  9. Security Options • Browsing options • https • Authentication options • SSL/PINs on a program-by-program basis • PKI across programs • Inclusive approach possible • Options not mutually exclusive

  10. Canadians’ Expectations of Electronic Service Delivery • They want to use the Internet to access government services • Government must deliver services in a secure and trusted environment • Government must ensure the security and privacy of personal information by using the best available solutions

  11. Security Concerns • Private information becoming public • Malicious or inadvertent changes to information • Information ending up in the wrong hands • Information theft and fraud

  12. Policy Framework • Privacy Act • Code of Fair Information Practices • authorized program • direct collection and informed consent • “consistent” use • right of correction • Treasury Board Policy on Privacy and Data Protection • Privacy Impact Assessment

  13. PKI and Secure Electronic Service Delivery Issues Privacy • Collection and sharing of information between government services • registration, directory • Naming of certificates • “distinguished names” • how to prevent data linking and inference • Single or multiple certificates • No key back up

  14. More PKI and SESD Issues Portability • Accessibility • Across jurisdictions? Privilege Management • Addressing the need for distributed privilege management • Distinguishing between identity and authority Communications • Public perception and trust

  15. Guiding Principle of SESD Development To fully respect privacy principles while collecting and using personal information for registration, service requests and help-desk purposes

  16. Getting the Model Right By . . . • Meeting Canadians’ expectations of Secure Electronic Service Delivery • Supporting departmental services requirements • Building electronic service delivery partnerships with the public and private sectors • Influencing technology development • Communicating effectively

  17. Government of Canada PKI Security and Confidentiality in the Digital World

  18. For more information • TBS/CIOB/PKI Web site: www.cio-dpi.gc.ca/pki/pki_index_e.html • GOC PKI Secretariat e-mail: pki-icp@tbs-sct.gc.ca • Brenda Watkins (613) 946-5054 watkins.brenda@tbs-sct.gc.ca

More Related