1 / 19

Submitted as an Information Sharing Subject (ISS) for

Submitted as an Information Sharing Subject (ISS) for the High Interest Subject of “ID Management and Identification Systems” Open Agenda 6.4. ANSI’s Identity Theft Prevention and Identity Management Standards Panel (IDSP). Information Sharing Subject From ANSI. Submitted for Joe Bhatia

svea
Télécharger la présentation

Submitted as an Information Sharing Subject (ISS) for

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Submitted as an Information Sharing Subject (ISS) for the High Interest Subject of “ID Management and Identification Systems” Open Agenda 6.4

  2. ANSI’s Identity Theft Prevention and Identity Management Standards Panel (IDSP) Information Sharing Subject From ANSI Submitted for Joe Bhatia ANSI representative to GSC-14

  3. What is IDSP? • Cross-sector coordinating body whose objective is to facilitate the development, promulgation and use of standards and guidelines to combat ID theft and fraud • Identify existing standards, guidelines and best practices • Analyze gaps, need for new standards, leading to improvements • Make recommendations widely available to businesses, government, consumers

  4. IDSP Deliverables • Plenary meetings for information sharing on work underway / networking for active members and those new to the Panel’s work • Workshops that evolve from the plenary meetings and Steering Committee discussions that further explore particular aspects of the issues • Reports presenting findings and recommendations from the Workshops which in turn may drive future standards development activity • IDSP itself does not develop standards

  5. Steering Committee Composition • Chairman • James Lee, C2M2 Associates • Secretary • Jim McCabe, ANSI • Sustaining Partners

  6. Steering Committee Composition • ID Watchdog • Kroll’s Fraud Solutions • North American Security Products Organization • TASCET Identity Network • TrustedID, Inc • Underwriters Laboratories, Inc. • Contributing Members • Affinion Group • ARMA International • Coalition for a Secure Driver’s License • Debix • General Services Administration • ID Experts

  7. Steering Committee Composition • At-Large Members • Department of Homeland Security • Institute for Consumer Financial Education • Liberty Alliance • National Institute of Standards and Technology

  8. Funding / Membership • IDSP is funded through private and public sector sponsorships and participation fees • Sponsorship provides appropriate recognition and a seat on the Panel Steering Committee for those who want a more visible and active role in shaping the Panel’s direction. • Membership is open to all affected parties • Representatives of the business community and relevant trade associations, vendors of identity theft protection services, information security specialists, industry analysts, government issuers and regulators, standards developing organizations, consumers and public interest groups, and academia participate, providing a range of perspectives

  9. ANSI-BBB IDSP – Phase 1 • A 16 month effort – September 13, 2006 to January 31, 2008 • Co-administered by the American National Standards Institute (ANSI) and the Better Business Bureau (BBB) • Founding Partners: AT&T; ChoicePoint; Citi; Dell Inc.; Intersections, Inc.; Microsoft; Staples, Inc.; TransUnion; and Visa Inc. • 165 representatives from 78 organizations • 3 Working Groups explored life cycle of identity issues • Issuance of identity documents by government and commercial entities • Acceptance and exchange of identity information • Ongoing maintenance and management of identity information

  10. ANSI-BBB IDSP Report (Jan 31, 2008) • Summary • Excerpt from Volume I: Findings and Recommendations • Volume I: Findings and Recommendations • Findings and recommendations for areas needing new or updated standards, guidelines, best practices or compliance systems • Volume II: Standards Inventory • Catalog of existing standards, guidelines, best practices and compliance systems • Available for free download at www.ansi.org/idsp along with replay of Webinar with industry analysts

  11. Volume I: Findings and Recommendations • Enhance security of identity issuance processes to facilitate greater interoperability between gov’t and commercial sectors • Improve integrity of identity credentials • Strengthen best practices for authentication • Augment data security management best practices, e.g., on the use and storage of Social Security numbers • Create uniform guidance for organizations on data breach notification and remediation • Increase consumer understanding of ID theft preventative strategies, including benefits and limitations of security freezes

  12. Volume II: Standards Inventory • Catalogues . . . • Existing Standards, Guidelines and Best Practices • PRIVATE AND PUBLIC SECTOR • Laws / Regulations • Proposed Legislation • White Papers • Conformity Assessment Programs • Glossaries of Identity Terms • Research Studies / Reports

  13. ANSI IDSP - Phase 2 Charter (April 2008) • Monitor / facilitate implementation of Panel’s recommendations • Continue to investigate new areas • Provide a forum for information-sharing and cross-sector dialogue • Produce a progress report in one year

  14. Workshop 1 – Identity Verification Standards (Launched July 2008) • Fraudsters exploit circularity of agencies relying on but not authenticating primary USA “identity” documents issued by other agencies (birth certificates, Social Security numbers / cards, state-issued driver’s licenses / ID cards) • Issuers of such documents need a process by which they can achieve a level of assurance whether to accept or reject a person’s claim of identity • Guidelines on identity verification should be developed with a view toward eventual development of an American National Standard • Project team developing guidelines led by NASPO (North American Security Products Organization); members include NIST, DHS, GSA, NAPHSIS, AAMVA, Colorado Dept. of Revenue, Coalition for a Secure Driver’s License et al. • Workshop report and guidelines anticipated in the near term

  15. Workshop 2 – Measuring / Reporting on Identity Theft (Launched Feb 2009) • Controversies about research methodologies make it difficult to measure how well the marketplace is doing in combating identity theft and fraud, posing a challenge to industry, law enforcement and consumers • Workshop question: Is a common standard for measuring / reporting on ID theft desirable and feasible? • Same question with respect to methods for measuring data breach trends, ID theft protection services and information security solutions • 3 WGs set up to study definitions, research, methodologies • Workshop report anticipated soon

  16. Third IDSP Plenary Meeting (April 2009) • A point-in-time look at the state of ID theft prevention and ID management—progress made / work still needed. Topics: • Best practices for measuring identity theft • Implementation of FTC red flag rules • Customer authentication and use of Social Security numbers • The need for identity verification guidelines • Identity assurance life-cycle management • Biometric implementation use cases • Medical identity theft • What’s on the horizon for ID theft prevention and ID management.  • Post-meeting survey circulated on future work program

  17. Related International Activities – Privacy • ISO/TMB task force (TF) exploring standards on privacy, with focus on protection of personally identifiable information and fair information handling • IDSP chair leads virtual U.S. TAG which advises ANSI’s expert to the TF (Mark MacCarthy, Georgetown University formerly w/Visa Inc.) / reports to ANSI ISO Council (AIC) • TF surveyed ISO TCs et al on current / potential privacy work • Report targeted for September TMB meeting

  18. Related International Activities – Counterfeiting / Fraud • ISO TMB has established ISO/TC 247 Fraud countermeasures and controls and allocated Secretariat to ANSI • ANSI advanced proposal for this new TC based on public comment, IDSP / AIC input • Brought by ANSI member North American Security Products Organization (NASPO) • Standardization in the field of the detection, prevention and control of identity, financial, product and other forms of social and economic fraud

  19. To participate /For more informationwww.ansi.org/idspJim McCabe212-642-8921jmccabe@ansi.org

More Related