SlideShare uma empresa Scribd logo
1 de 20
Baixar para ler offline
CYBER AND IT SECURITY
Architecture Framework Advisory Committee
Meeting
SESSION 1
JULY 7, 2014
2
Agenda
TIME TOPICS PRESENTERS
9:00 – 9:10
Opening Remarks Benoît Long, Chair
9:10 – 9:30
Cyber and IT Security
Transformation
Raj Thuppal
9:30 – 10:15 Discussion Period
Moderator: Chair
Participants: All
10:15 – 10:30 Health Break
10:30 – 11:50
Device Security
Presentation &
Discussion Period
Raj Thuppal
Moderator: Chair
Participants: All
11:50 – 12:00 Closing Remarks Benoît Long, Chair
Objective for Today
• Setting the Context on Shared Services Canada Cyber and IT Security
Program
• Proposed Device Security Plan for an enterprise procurement scope
• Seek Feedback and Input
• Questions/Discussion
3
4
Today
Complex
Government of
Canada (GC) IT
Infrastructure
IT Security
as an
“add-on”
Reactive, Slow
& Siloed Response
to Cyber Threats
Transforming
the Government
of Canada
Future
Rationalized,
Standardized
and Consolidated
IT Security
Integrated into
the Design
Coordinated
Proactive
Rapid Response
& Recovery
Cyber and other IT security threats are constantly evolving
and on-going effort is required to keep up
Context
5
Dept …
• IT Security controls based on ITSG-33 (Technical, Operational and Management)
incorporated as part of end to end IT service management of target state GC IT Services
• IT security controls established based on domain security control profile, context and GC
threat assessment and IT risk management
• Standardized, consolidated and transformed Cyber and IT Security Services
IT Security Target StateIT Security Current State
Dept …
Dept …
Dept … GCNet
Data in
Use
Data at
Rest
Data at
Rest
Data in
Transit
Unified ICAM
Standardized
SOC
Multiple Identities
Multiple ICAMs
Consolidated
Back office
Apps
Mission
Specific
Apps
Mission
Specific
Apps
Data at
Rest
Mission
Specific
Apps
Mission
Specific
AppsBack office
Apps
Back office
Apps
Multiple
Access
Controls
Multiple
SOCs
Data in
Transit
Data in
Use
Cyber and IT Security Transformation
Multiple IdentitiesMultiple Network
Security Controls
Unified Network
Security
Multiple IdentitiesMultiple Device
Security
Unified Device
Security
Multiple Identities
Fragmented SIEMs Unified SIEM
6
Cyber and IT Security Framework
INFRASTRUCTURE
& DATA
• Aligned to Canada’s Cyber
Security Strategy (CCSS)
• Security built-in as part of
end-to-end service design
• Partnership with Treasury
Board Secretariat (TBS),
Communications Security
Establishment (CSE) Canada
and Public Safety
SSC is mandated to protect the
infrastructure and associated data-in-
transit, storage, and use.
OPERATE EVOLVE TRANSFORM
7
Conceptual End State (updated July 2013)
Service
Management
• ITIL ITSM Framework
• Standardized Service
Levels/Availability Levels
• Inclusive of Scientific and
special purpose computing
• Standardized Application
and Infrastructure Lifecycle
Management
• Smart Evergreening
• Full redundancy – within
data centres, between
pairs, across sites
Enterprise
Security
• All departments share one
Operational Zone
• Domains and Zones where
required
• Classified information
below Top Secret
• Balance security and
consolidation
• Consolidated, controlled,
secure perimeters
• Certified and Accredited
infrastructure
Virtualized Platforms
Off-line / Backup
Archive
Near-line
Tier 3
Tier 2
On-line Tier 1
SAN NAS
Virtualized Storage
IP PBX App. Email
WAN
Node
Data Centre Core Network
Domains & Zones
V.Conf.
Bridge
Web
File/
Print
Database
Th.Client
VDI
Internet
PoP
Business Intent
• Business to Government
• Government to Government
• Citizens to Government
Sys. z
App / DB Containers
z/OS
Any
Special Purpose / Grid / HPC
Operating System
Consolidation
Principles
1. As few data centres as
possible
2. Locations determined
objectively for the long
term
3. Several levels of resiliency
and availability
(establish in pairs)
4. Scalable and flexible
infrastructure
5. Infrastructure transformed;
not ‘’fork-lifted’’ from old
to new
6. Separate application
development environment
7. Standard platforms which
meet common
requirements
(no re-architecting of
applications)
8. Build in security from the
beginning
x86
Web / App / DB Containers
Windows
x86
Web / App / DB Containers
Linux
Enterprise
Security
GC Private Domain
Application Migration
• Standard platforms and
product versions
• Migration guidance
• Committed timeline for
product evolution
Workload Mobility
Service
Level
… Service
Level
Application
Service Levels
Standard
Enhanced
Mission Critical
Regional
Carriers
International
CarriersGCNet
(3,580 buildings)
Public
Cloud
Services
Internet
B2G
C2G
G2G
Regional WAN
Accelerators
Virtual
Private
Cloud
Several, highly-
secure Internet
access points
Stand-alone centre for GC super-
computing (HPC) – e.g. Weather
Development
Dev1 Dev2
Production
Prod3
B
U
U
Prod4
C
U
U
Production
Prod1
S
A
B
Prod2
S
B
U
Service
Management
Virtualized Services
Classified Data
Confidential
Secret
C
S
Protected Data
A Protected A
B Protected B
C Protected C HPC
Sci1
8
Top Secret
Secret
Confidential
Protected C
Protected B
Protected A
Unclassified
Policy on Government
Security (PGS)
Classified
Designated
National
Interest &
Security
Corporate
or Personal
Interest
Non-Sensitive Information
(Requires Integrity & Availability)
Caveats
Official
CEO (Canadian Eyes Only)
Unofficial
For Official Use Only (FOUO)
GC Data Classification
Extremely Grave Injury – e.g., widespread loss of life,
loss of continuity of government, etc.
Serious injury – e.g., political tension (int’l or fed-prov.),
damage to critical infrastructure, civil disorder, etc.
Injury – e.g., damage to relations (e.g. public, industry,
diplomatic, etc.), limited loss of public confidence, etc.
Extremely Grave Injury – e.g., serious physical injury/
loss of life, financial loss affecting viability, etc.
Serious injury – e.g., substantial duress to individuals,
loss of competitive advantage, etc.
Injury – e.g., inconvenience, damage to Departmental
relationships, degradation of public confidence
9
PREVENTION
• Trusted infrastructure
products and services
through supply chain
integrity
• Cyber and IT Security
Policies and Standards
• Security awareness and
training
• Infrastructure Protection
Services
• Data Protection Services
• Identity, Credentials and
Access Management
Services
• Secret Infrastructure
Service
• Business Continuity and
Emergency Management
DETECTION
• Coordination of GC-wide
monitoring, detection,
identification,
prioritization, and
reporting of IT Security
incidents
• Automated, real-time
threat monitoring,
security information and
event management and
analysis
• Log analysis and
investigations
• Security Assessment
• Vulnerability
assessments
RESPONSE
• GC-wide coordination
and remediation of IT
security incidents
• Threat assessment and
situational reporting
• Coordination and
distribution of GC
product alerts, warnings,
advisories
• Forensics
• Software integrity
through security
configuration or
replacement
• Infrastructure integrity
through configuration or
replacement
RECOVERY
• Highly specialized IT
security incident recovery
services
• Mitigation advice and
guidance
• Vulnerability Remediation
• Post Incident Analysis
Cyber and IT Security Functions
10
Transformation Principles
• Trusted equipment and services through supply chain integrity
• Security by design to ensure that all aspects of security are addressed
as part of design, balancing service, security and savings
• Gradual transition from a network-based security model to data-centric
security model
• Privileged access to data will be maintained and multi-tenancy will be
built into systems where data owned by one partner cannot be seen
by another partner or by unauthorised individuals
• Security breaches in one part of the infrastructure are quickly detected
and contained without spreading to other parts of the infrastructure
• Maintain and improve the security posture as part of moving to
enterprise services (i.e., don’t reduce security).
11
1. Does the Cyber and IT Security Framework, transformation
principles and associated functions sufficiently address the Cyber
and IT Security challenges associated with moving from
department specific networks to a cloud infrastructure?
Question
Device Security
12
AFAC Consultation Roadmap
STRATEGY KEY ACTIVITIES
2014–15
AFAC INPUT
 Recommendations
for Strategic
Questions
 Guiding Principles/
Best Practices
 Experience/Case
Studies
 Risks/Success
Factors
Common
Requirements/
Service Strategy
Service Bundles
and Delivery
Model
Licensing models
and Solutions
End-state Service
Strategy
Enterprise
Software
Procurement
Functional
Direction
• Meetings
• Demos
• Written
Submissions
Formal
Industry
Engage-
ment
July 7
TBD
13
Device Security Defined
What is Device Security?
• Device security refers to the protection of Government of Canada (GC)
devices that are used to store and process data through the use of
various information technology (IT) safeguard services.
What GC Devices are we looking to Protect?
• Backend devices (Data Server Infrastructure)
• Frontend devices (Traditional personal computers, laptops, Thin-
Clients/Virtual Deployments)
• Mobile Devices (Smartphones, Tablets)
• ~569,000 devices (~100,000 data centre devices, ~469,000 workplace
technology devices)
Why do we need Device Security?
• Safeguard GC devices and data from various forms of malware and
intrusion
• Maintain the confidentiality, integrity and availability of infrastructure
information assets
14
Strategic Context
15
• Enhance security services required to mitigate from evolving
threats
• Support for security service integration with new cloud and
mobile technologies
• Support Treasury Board’s IT Policy Implementation Notice
(ITPIN) implementation regarding the secure use of portable
data storage devices within the Government of Canada
• Lack device security software enterprise procurement vehicle
• Existing device security software licenses renewal to maintain
operations (e.g. Keeping the Lights On)
• Multiple device security disparate solutions and policy
application
• Standardization to drive efficiencies and cost savings across
the GC
Increase Security
Improve Service
Generate Savings
Proposed Device Security Services
Security Service Description
Antivirus Is protective software designed to defend your computer against
malicious software (viruses)
Antispyware Software that controls advertisements (called adware) or software that
tracks personal or sensitive information
Host Intrusion Detection
/ Prevention Systems
Software package which monitors a single host for suspicious activity by
analyzing events occurring
Data Loss Prevention Network/endpoint services that control what data end users can transfer
in/out of the network
Application Firewall Firewall which controls input, output and/or access from, to, or by an
application or service
Application Whitelisting Software programs that operate up to the Application Layer of the OSI
Model; and protect the integrity of the system by filtering the requests for
application-based information.
Encryption A technology which protects information by converting it into unreadable
code that cannot be deciphered easily by unauthorized people.
16
Questions:
1. Have all essential functions covered? Should other functions be considered?
2. Should these functions be bundled separately or combined ?
Device Security Strategy
Current-State Distributed
• Multiple disparate management systems
and products/technologies across depts.
• Network-Centric Security
End-State Centralized
• Reduced management infrastructure
leveraging SSC Community Cloud
• Data-Centric Security
17
Questions:
1. Should the same service set be used for both the legacy environment and the new
SSC enterprise cloud service?
2. Given vendor specific signatures, should multi-vendor procurement be
considered?
3. Should the scope of the procurement cover both data center devices and
workplace technology devices?
18
Other questions?
19
INFRASTRUCTURE
& DATA
Technical, physical, personnel,
management and other
security controls to proactively
protect the confidentiality,
integrity and availability of
information and IT assets
Continuous monitoring of
systems to rapidly detect IT
incidents after or as they occur
Corrective controls to respond to
IT incidents and to exchange
incident-related information with
designated lead departments in a
timely fashion
PDRR & PPSI Models
Security Frameworks
Governance, Risk
Management, Compliance
(GRC)
Corrective controls to restore
essential capabilities within agreed
time constraints and availability
requirements in a manner that
preserves the integrity of evidence
Aligned with NIST Framework
Competencies, roles &
responsibilities, culture,
org. chart, and capacity
Supply Chain Integrity, Security
Assessment & Authorization, Security-
by-Design, IT Service Management
Privilege Management Infrastructure
(PMI), GC Secret Infrastructure
(GCSI), Network and Device Security,
Security Operations Centre (SOC)
Policies and instruments,
information repository,
Approved Security Products
List (ASPL)
GC ESA Focus Areas
20
Awareness & Training
PhysicalSecurity
Security in
Contracting
PersonnelSecurity
Business
Continuity
Strengthen
Defensive
Capabilities
Strengthen
Defensive
Capabilitie
s
C
onsolidation
Standardization
Transform
ation
M
odernization
End User Device
Security
Compute and
Storage Services
Security
Network and
Communications
Security
Security
Operations
Policy and
Compliance
Monitoring
Application
Security
Data Security
Identity,
Credential and
Access
Management
Strengthen
Defensive
Capabilities
ESA Focus Areas
helps to:
 Manage the
complex problem
space
 Promotes a
defense-in-depth
layered security
approach
 Considers both
technical and non-
technical aspects

Mais conteúdo relacionado

Mais procurados

Data security in a big data environment sweden
Data security in a big data environment   swedenData security in a big data environment   sweden
Data security in a big data environment swedenIBM Sverige
 
Himss 2011 securing health information in the cloud -- feisal nanji
Himss 2011    securing health information in the cloud -- feisal nanjiHimss 2011    securing health information in the cloud -- feisal nanji
Himss 2011 securing health information in the cloud -- feisal nanjiFeisal Nanji
 
ISACA smart security for smart devices
ISACA smart security for smart devicesISACA smart security for smart devices
ISACA smart security for smart devicesMarc Vael
 
Mobile Payments: Protecting Apps and Data from Emerging Risks
Mobile Payments: Protecting Apps and Data from Emerging RisksMobile Payments: Protecting Apps and Data from Emerging Risks
Mobile Payments: Protecting Apps and Data from Emerging RisksIBM Security
 
Don’t Just Trust Cloud Providers - How To Audit Cloud Providers
Don’t Just Trust Cloud Providers - How To Audit Cloud ProvidersDon’t Just Trust Cloud Providers - How To Audit Cloud Providers
Don’t Just Trust Cloud Providers - How To Audit Cloud ProvidersMichael Davis
 
Data Leakage Presentation
Data Leakage PresentationData Leakage Presentation
Data Leakage PresentationMike Spaulding
 
IGSS Corporate Briefing
IGSS Corporate BriefingIGSS Corporate Briefing
IGSS Corporate Briefingmrsjennbrown
 
Selling to The IT Department
Selling to The IT DepartmentSelling to The IT Department
Selling to The IT Department3VR Inc.
 
IT Asset Management by Miradore
IT Asset Management by MiradoreIT Asset Management by Miradore
IT Asset Management by MiradoreMiradore
 
smart-net-total-care-data-sheet
smart-net-total-care-data-sheetsmart-net-total-care-data-sheet
smart-net-total-care-data-sheetGabrielle Curtis
 
Trend micro data protection
Trend micro data protectionTrend micro data protection
Trend micro data protectionAndrew Wong
 
Valuendo cyberwar and security (okt 2011) handout
Valuendo cyberwar and security (okt 2011) handoutValuendo cyberwar and security (okt 2011) handout
Valuendo cyberwar and security (okt 2011) handoutMarc Vael
 
ITC Capabilities Brief 2012
ITC Capabilities Brief 2012ITC Capabilities Brief 2012
ITC Capabilities Brief 2012prdunn
 
Classification-HowToBoostInformationProtection
Classification-HowToBoostInformationProtectionClassification-HowToBoostInformationProtection
Classification-HowToBoostInformationProtectionGianmarco Ferri
 
Consumerization of IT: Mobile Infrastructure, Support and Security
Consumerization of IT: Mobile Infrastructure, Support and SecurityConsumerization of IT: Mobile Infrastructure, Support and Security
Consumerization of IT: Mobile Infrastructure, Support and SecurityMarie-Michelle Strah, PhD
 
GDPR Part 2: Quest Relevance
GDPR Part 2: Quest RelevanceGDPR Part 2: Quest Relevance
GDPR Part 2: Quest RelevanceAdrian Dumitrescu
 
ISO 27001 2013 Introduction Study Case IGN Mantra, 2nd Day, 3rd Session.
ISO 27001 2013 Introduction Study Case IGN Mantra, 2nd Day, 3rd Session.ISO 27001 2013 Introduction Study Case IGN Mantra, 2nd Day, 3rd Session.
ISO 27001 2013 Introduction Study Case IGN Mantra, 2nd Day, 3rd Session.IGN MANTRA
 

Mais procurados (20)

Martin_Leroux_2014
Martin_Leroux_2014Martin_Leroux_2014
Martin_Leroux_2014
 
Data security in a big data environment sweden
Data security in a big data environment   swedenData security in a big data environment   sweden
Data security in a big data environment sweden
 
Himss 2011 securing health information in the cloud -- feisal nanji
Himss 2011    securing health information in the cloud -- feisal nanjiHimss 2011    securing health information in the cloud -- feisal nanji
Himss 2011 securing health information in the cloud -- feisal nanji
 
ISACA smart security for smart devices
ISACA smart security for smart devicesISACA smart security for smart devices
ISACA smart security for smart devices
 
Mobile Payments: Protecting Apps and Data from Emerging Risks
Mobile Payments: Protecting Apps and Data from Emerging RisksMobile Payments: Protecting Apps and Data from Emerging Risks
Mobile Payments: Protecting Apps and Data from Emerging Risks
 
Don’t Just Trust Cloud Providers - How To Audit Cloud Providers
Don’t Just Trust Cloud Providers - How To Audit Cloud ProvidersDon’t Just Trust Cloud Providers - How To Audit Cloud Providers
Don’t Just Trust Cloud Providers - How To Audit Cloud Providers
 
Data Leakage Presentation
Data Leakage PresentationData Leakage Presentation
Data Leakage Presentation
 
IGSS Corporate Briefing
IGSS Corporate BriefingIGSS Corporate Briefing
IGSS Corporate Briefing
 
Selling to The IT Department
Selling to The IT DepartmentSelling to The IT Department
Selling to The IT Department
 
Irfan Ur Rehman
Irfan Ur RehmanIrfan Ur Rehman
Irfan Ur Rehman
 
IT Asset Management by Miradore
IT Asset Management by MiradoreIT Asset Management by Miradore
IT Asset Management by Miradore
 
smart-net-total-care-data-sheet
smart-net-total-care-data-sheetsmart-net-total-care-data-sheet
smart-net-total-care-data-sheet
 
CLR Resume'
CLR Resume'CLR Resume'
CLR Resume'
 
Trend micro data protection
Trend micro data protectionTrend micro data protection
Trend micro data protection
 
Valuendo cyberwar and security (okt 2011) handout
Valuendo cyberwar and security (okt 2011) handoutValuendo cyberwar and security (okt 2011) handout
Valuendo cyberwar and security (okt 2011) handout
 
ITC Capabilities Brief 2012
ITC Capabilities Brief 2012ITC Capabilities Brief 2012
ITC Capabilities Brief 2012
 
Classification-HowToBoostInformationProtection
Classification-HowToBoostInformationProtectionClassification-HowToBoostInformationProtection
Classification-HowToBoostInformationProtection
 
Consumerization of IT: Mobile Infrastructure, Support and Security
Consumerization of IT: Mobile Infrastructure, Support and SecurityConsumerization of IT: Mobile Infrastructure, Support and Security
Consumerization of IT: Mobile Infrastructure, Support and Security
 
GDPR Part 2: Quest Relevance
GDPR Part 2: Quest RelevanceGDPR Part 2: Quest Relevance
GDPR Part 2: Quest Relevance
 
ISO 27001 2013 Introduction Study Case IGN Mantra, 2nd Day, 3rd Session.
ISO 27001 2013 Introduction Study Case IGN Mantra, 2nd Day, 3rd Session.ISO 27001 2013 Introduction Study Case IGN Mantra, 2nd Day, 3rd Session.
ISO 27001 2013 Introduction Study Case IGN Mantra, 2nd Day, 3rd Session.
 

Semelhante a Afac device-security-july-7-2014v7-2

AFAC session 2 - September 8, 2014
AFAC session 2 - September 8, 2014AFAC session 2 - September 8, 2014
AFAC session 2 - September 8, 2014KBIZEAU
 
Dave Davis: Infrastructure Projects – What Makes then Different and Difficult?
Dave Davis: Infrastructure Projects – What Makes then Different and Difficult?Dave Davis: Infrastructure Projects – What Makes then Different and Difficult?
Dave Davis: Infrastructure Projects – What Makes then Different and Difficult?Edunomica
 
Itir oct0714-afac report-en
Itir oct0714-afac report-enItir oct0714-afac report-en
Itir oct0714-afac report-enKBIZEAU
 
Dave Davis: Infrastructure Projects – What Makes then Different and Difficult...
Dave Davis: Infrastructure Projects – What Makes then Different and Difficult...Dave Davis: Infrastructure Projects – What Makes then Different and Difficult...
Dave Davis: Infrastructure Projects – What Makes then Different and Difficult...Lviv Startup Club
 
Cloud Security: A New Perspective
Cloud Security: A New PerspectiveCloud Security: A New Perspective
Cloud Security: A New PerspectiveWen-Pai Lu
 
Cyber security general perspective a
Cyber security general perspective aCyber security general perspective a
Cyber security general perspective amarukanda
 
Embedded Security and the IoT – Challenges, Trends and Solutions
Embedded Security and the IoT – Challenges, Trends and SolutionsEmbedded Security and the IoT – Challenges, Trends and Solutions
Embedded Security and the IoT – Challenges, Trends and SolutionsReal-Time Innovations (RTI)
 
Itir oct0714-network security-en
Itir oct0714-network security-enItir oct0714-network security-en
Itir oct0714-network security-enKBIZEAU
 
Securing and Modernizing Technology in the Commonwealth: Better Together
Securing and Modernizing Technology in the Commonwealth: Better TogetherSecuring and Modernizing Technology in the Commonwealth: Better Together
Securing and Modernizing Technology in the Commonwealth: Better TogetherEOTSS
 
Cyber security: A roadmap to secure solutions
Cyber security: A roadmap to secure solutionsCyber security: A roadmap to secure solutions
Cyber security: A roadmap to secure solutionsSchneider Electric
 
gkkCloudtechnologyassociate(cta)day 2
gkkCloudtechnologyassociate(cta)day 2gkkCloudtechnologyassociate(cta)day 2
gkkCloudtechnologyassociate(cta)day 2Anne Starr
 
Utilities: TDM to IP
Utilities:  TDM to IPUtilities:  TDM to IP
Utilities: TDM to IPAvtec Inc.
 
2011 IIA Pittsburgh Grant Thornton LLP Presentation (Nov 2011)
2011 IIA Pittsburgh Grant Thornton LLP Presentation (Nov 2011)2011 IIA Pittsburgh Grant Thornton LLP Presentation (Nov 2011)
2011 IIA Pittsburgh Grant Thornton LLP Presentation (Nov 2011)Danny Miller
 
July 9 ssc_gc_net_wan_service_industry_day_slides
July 9 ssc_gc_net_wan_service_industry_day_slidesJuly 9 ssc_gc_net_wan_service_industry_day_slides
July 9 ssc_gc_net_wan_service_industry_day_slidesKBIZEAU
 
IOT TOTAL POWER POINT PRESENTATION UNITS
IOT TOTAL POWER POINT PRESENTATION UNITSIOT TOTAL POWER POINT PRESENTATION UNITS
IOT TOTAL POWER POINT PRESENTATION UNITSDineshV95
 
Company profile
Company profileCompany profile
Company profileCDS
 

Semelhante a Afac device-security-july-7-2014v7-2 (20)

AFAC session 2 - September 8, 2014
AFAC session 2 - September 8, 2014AFAC session 2 - September 8, 2014
AFAC session 2 - September 8, 2014
 
Robert Carey, Principal Deputy CIO, DOD Insight session
Robert Carey, Principal Deputy CIO, DOD Insight sessionRobert Carey, Principal Deputy CIO, DOD Insight session
Robert Carey, Principal Deputy CIO, DOD Insight session
 
Dave Davis: Infrastructure Projects – What Makes then Different and Difficult?
Dave Davis: Infrastructure Projects – What Makes then Different and Difficult?Dave Davis: Infrastructure Projects – What Makes then Different and Difficult?
Dave Davis: Infrastructure Projects – What Makes then Different and Difficult?
 
Itir oct0714-afac report-en
Itir oct0714-afac report-enItir oct0714-afac report-en
Itir oct0714-afac report-en
 
Dave Davis: Infrastructure Projects – What Makes then Different and Difficult...
Dave Davis: Infrastructure Projects – What Makes then Different and Difficult...Dave Davis: Infrastructure Projects – What Makes then Different and Difficult...
Dave Davis: Infrastructure Projects – What Makes then Different and Difficult...
 
Cloud Security: A New Perspective
Cloud Security: A New PerspectiveCloud Security: A New Perspective
Cloud Security: A New Perspective
 
Cyber security general perspective a
Cyber security general perspective aCyber security general perspective a
Cyber security general perspective a
 
Embedded Security and the IoT – Challenges, Trends and Solutions
Embedded Security and the IoT – Challenges, Trends and SolutionsEmbedded Security and the IoT – Challenges, Trends and Solutions
Embedded Security and the IoT – Challenges, Trends and Solutions
 
Itir oct0714-network security-en
Itir oct0714-network security-enItir oct0714-network security-en
Itir oct0714-network security-en
 
Soa
SoaSoa
Soa
 
Securing and Modernizing Technology in the Commonwealth: Better Together
Securing and Modernizing Technology in the Commonwealth: Better TogetherSecuring and Modernizing Technology in the Commonwealth: Better Together
Securing and Modernizing Technology in the Commonwealth: Better Together
 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
 
Cyber security: A roadmap to secure solutions
Cyber security: A roadmap to secure solutionsCyber security: A roadmap to secure solutions
Cyber security: A roadmap to secure solutions
 
gkkCloudtechnologyassociate(cta)day 2
gkkCloudtechnologyassociate(cta)day 2gkkCloudtechnologyassociate(cta)day 2
gkkCloudtechnologyassociate(cta)day 2
 
Utilities: TDM to IP
Utilities:  TDM to IPUtilities:  TDM to IP
Utilities: TDM to IP
 
2011 IIA Pittsburgh Grant Thornton LLP Presentation (Nov 2011)
2011 IIA Pittsburgh Grant Thornton LLP Presentation (Nov 2011)2011 IIA Pittsburgh Grant Thornton LLP Presentation (Nov 2011)
2011 IIA Pittsburgh Grant Thornton LLP Presentation (Nov 2011)
 
July 9 ssc_gc_net_wan_service_industry_day_slides
July 9 ssc_gc_net_wan_service_industry_day_slidesJuly 9 ssc_gc_net_wan_service_industry_day_slides
July 9 ssc_gc_net_wan_service_industry_day_slides
 
IOT TOTAL POWER POINT PRESENTATION UNITS
IOT TOTAL POWER POINT PRESENTATION UNITSIOT TOTAL POWER POINT PRESENTATION UNITS
IOT TOTAL POWER POINT PRESENTATION UNITS
 
Company profile
Company profileCompany profile
Company profile
 

Mais de KBIZEAU

Annual Check Up: One Year Follow-Up Regarding Shared Services Canada, IT Mode...
Annual Check Up: One Year Follow-Up Regarding Shared Services Canada, IT Mode...Annual Check Up: One Year Follow-Up Regarding Shared Services Canada, IT Mode...
Annual Check Up: One Year Follow-Up Regarding Shared Services Canada, IT Mode...KBIZEAU
 
Review of the Collaborative Procurement Process
Review of the Collaborative Procurement ProcessReview of the Collaborative Procurement Process
Review of the Collaborative Procurement ProcessKBIZEAU
 
Delivering Public Sector Innovation
Delivering Public Sector InnovationDelivering Public Sector Innovation
Delivering Public Sector InnovationKBIZEAU
 
Leveraging Procurement for Socio-Economic Benefits - Presentation by Acting C...
Leveraging Procurement for Socio-Economic Benefits - Presentation by Acting C...Leveraging Procurement for Socio-Economic Benefits - Presentation by Acting C...
Leveraging Procurement for Socio-Economic Benefits - Presentation by Acting C...KBIZEAU
 
Government of Canada Integrated IT Planning Presetation
Government of Canada Integrated IT Planning PresetationGovernment of Canada Integrated IT Planning Presetation
Government of Canada Integrated IT Planning PresetationKBIZEAU
 
Hill timesarticle sharedservicescanada
Hill timesarticle sharedservicescanadaHill timesarticle sharedservicescanada
Hill timesarticle sharedservicescanadaKBIZEAU
 
Ssac summary-report-2014-en
Ssac summary-report-2014-enSsac summary-report-2014-en
Ssac summary-report-2014-enKBIZEAU
 
Transformation overview-final-oct-7-2014
Transformation overview-final-oct-7-2014Transformation overview-final-oct-7-2014
Transformation overview-final-oct-7-2014KBIZEAU
 
Ssac summary-report-2014-en
Ssac summary-report-2014-enSsac summary-report-2014-en
Ssac summary-report-2014-enKBIZEAU
 
2014 sept-9-shared-services-canada
2014 sept-9-shared-services-canada2014 sept-9-shared-services-canada
2014 sept-9-shared-services-canadaKBIZEAU
 
Ssc 2014 2015 integrated business plan
Ssc 2014 2015 integrated business planSsc 2014 2015 integrated business plan
Ssc 2014 2015 integrated business planKBIZEAU
 
2014 june-11-transformation-plan-update-en
2014 june-11-transformation-plan-update-en2014 june-11-transformation-plan-update-en
2014 june-11-transformation-plan-update-enKBIZEAU
 
2014 june-11-update-on-ssc-priorities-and-activities-en
2014 june-11-update-on-ssc-priorities-and-activities-en2014 june-11-update-on-ssc-priorities-and-activities-en
2014 june-11-update-on-ssc-priorities-and-activities-enKBIZEAU
 
Shared Services Canada - Architect Framework Advisory Committee WTD Session 5...
Shared Services Canada - Architect Framework Advisory Committee WTD Session 5...Shared Services Canada - Architect Framework Advisory Committee WTD Session 5...
Shared Services Canada - Architect Framework Advisory Committee WTD Session 5...KBIZEAU
 
Network Solutions Supply Chain Industry Day_May28_2014_Consolidated
Network Solutions Supply Chain Industry Day_May28_2014_ConsolidatedNetwork Solutions Supply Chain Industry Day_May28_2014_Consolidated
Network Solutions Supply Chain Industry Day_May28_2014_ConsolidatedKBIZEAU
 
Shared Services Canada - Reports on Plans and Priorities 2014-2015
Shared Services Canada - Reports on Plans and Priorities 2014-2015Shared Services Canada - Reports on Plans and Priorities 2014-2015
Shared Services Canada - Reports on Plans and Priorities 2014-2015KBIZEAU
 
Pablo sobrino smart-dps presentation to itac - march 4-2014 - english
Pablo sobrino   smart-dps presentation to itac - march 4-2014 - englishPablo sobrino   smart-dps presentation to itac - march 4-2014 - english
Pablo sobrino smart-dps presentation to itac - march 4-2014 - englishKBIZEAU
 
SSC PSAB Policy w/Multiyear Performance Objectives
SSC PSAB Policy w/Multiyear Performance ObjectivesSSC PSAB Policy w/Multiyear Performance Objectives
SSC PSAB Policy w/Multiyear Performance ObjectivesKBIZEAU
 
Workplace Technology Devices (WTD) Initiative
Workplace Technology Devices (WTD) InitiativeWorkplace Technology Devices (WTD) Initiative
Workplace Technology Devices (WTD) InitiativeKBIZEAU
 
Future Role of the CIO
Future Role of the CIO Future Role of the CIO
Future Role of the CIO KBIZEAU
 

Mais de KBIZEAU (20)

Annual Check Up: One Year Follow-Up Regarding Shared Services Canada, IT Mode...
Annual Check Up: One Year Follow-Up Regarding Shared Services Canada, IT Mode...Annual Check Up: One Year Follow-Up Regarding Shared Services Canada, IT Mode...
Annual Check Up: One Year Follow-Up Regarding Shared Services Canada, IT Mode...
 
Review of the Collaborative Procurement Process
Review of the Collaborative Procurement ProcessReview of the Collaborative Procurement Process
Review of the Collaborative Procurement Process
 
Delivering Public Sector Innovation
Delivering Public Sector InnovationDelivering Public Sector Innovation
Delivering Public Sector Innovation
 
Leveraging Procurement for Socio-Economic Benefits - Presentation by Acting C...
Leveraging Procurement for Socio-Economic Benefits - Presentation by Acting C...Leveraging Procurement for Socio-Economic Benefits - Presentation by Acting C...
Leveraging Procurement for Socio-Economic Benefits - Presentation by Acting C...
 
Government of Canada Integrated IT Planning Presetation
Government of Canada Integrated IT Planning PresetationGovernment of Canada Integrated IT Planning Presetation
Government of Canada Integrated IT Planning Presetation
 
Hill timesarticle sharedservicescanada
Hill timesarticle sharedservicescanadaHill timesarticle sharedservicescanada
Hill timesarticle sharedservicescanada
 
Ssac summary-report-2014-en
Ssac summary-report-2014-enSsac summary-report-2014-en
Ssac summary-report-2014-en
 
Transformation overview-final-oct-7-2014
Transformation overview-final-oct-7-2014Transformation overview-final-oct-7-2014
Transformation overview-final-oct-7-2014
 
Ssac summary-report-2014-en
Ssac summary-report-2014-enSsac summary-report-2014-en
Ssac summary-report-2014-en
 
2014 sept-9-shared-services-canada
2014 sept-9-shared-services-canada2014 sept-9-shared-services-canada
2014 sept-9-shared-services-canada
 
Ssc 2014 2015 integrated business plan
Ssc 2014 2015 integrated business planSsc 2014 2015 integrated business plan
Ssc 2014 2015 integrated business plan
 
2014 june-11-transformation-plan-update-en
2014 june-11-transformation-plan-update-en2014 june-11-transformation-plan-update-en
2014 june-11-transformation-plan-update-en
 
2014 june-11-update-on-ssc-priorities-and-activities-en
2014 june-11-update-on-ssc-priorities-and-activities-en2014 june-11-update-on-ssc-priorities-and-activities-en
2014 june-11-update-on-ssc-priorities-and-activities-en
 
Shared Services Canada - Architect Framework Advisory Committee WTD Session 5...
Shared Services Canada - Architect Framework Advisory Committee WTD Session 5...Shared Services Canada - Architect Framework Advisory Committee WTD Session 5...
Shared Services Canada - Architect Framework Advisory Committee WTD Session 5...
 
Network Solutions Supply Chain Industry Day_May28_2014_Consolidated
Network Solutions Supply Chain Industry Day_May28_2014_ConsolidatedNetwork Solutions Supply Chain Industry Day_May28_2014_Consolidated
Network Solutions Supply Chain Industry Day_May28_2014_Consolidated
 
Shared Services Canada - Reports on Plans and Priorities 2014-2015
Shared Services Canada - Reports on Plans and Priorities 2014-2015Shared Services Canada - Reports on Plans and Priorities 2014-2015
Shared Services Canada - Reports on Plans and Priorities 2014-2015
 
Pablo sobrino smart-dps presentation to itac - march 4-2014 - english
Pablo sobrino   smart-dps presentation to itac - march 4-2014 - englishPablo sobrino   smart-dps presentation to itac - march 4-2014 - english
Pablo sobrino smart-dps presentation to itac - march 4-2014 - english
 
SSC PSAB Policy w/Multiyear Performance Objectives
SSC PSAB Policy w/Multiyear Performance ObjectivesSSC PSAB Policy w/Multiyear Performance Objectives
SSC PSAB Policy w/Multiyear Performance Objectives
 
Workplace Technology Devices (WTD) Initiative
Workplace Technology Devices (WTD) InitiativeWorkplace Technology Devices (WTD) Initiative
Workplace Technology Devices (WTD) Initiative
 
Future Role of the CIO
Future Role of the CIO Future Role of the CIO
Future Role of the CIO
 

Último

NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopBachir Benyammi
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfDianaGray10
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8DianaGray10
 
VoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXVoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXTarek Kalaji
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarPrecisely
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostMatt Ray
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfinfogdgmi
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.YounusS2
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Commit University
 
How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?IES VE
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdfPedro Manuel
 
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDELiveplex
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemAsko Soukka
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAshyamraj55
 
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfIaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfDaniel Santiago Silva Capera
 
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfJamie (Taka) Wang
 
Building AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxBuilding AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxUdaiappa Ramachandran
 
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPathCommunity
 

Último (20)

NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 Workshop
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8
 
VoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXVoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBX
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity Webinar
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
 
201610817 - edge part1
201610817 - edge part1201610817 - edge part1
201610817 - edge part1
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdf
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)
 
How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdf
 
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystem
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
 
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfIaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
 
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
 
20150722 - AGV
20150722 - AGV20150722 - AGV
20150722 - AGV
 
Building AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxBuilding AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptx
 
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation Developers
 

Afac device-security-july-7-2014v7-2

  • 1. CYBER AND IT SECURITY Architecture Framework Advisory Committee Meeting SESSION 1 JULY 7, 2014
  • 2. 2 Agenda TIME TOPICS PRESENTERS 9:00 – 9:10 Opening Remarks Benoît Long, Chair 9:10 – 9:30 Cyber and IT Security Transformation Raj Thuppal 9:30 – 10:15 Discussion Period Moderator: Chair Participants: All 10:15 – 10:30 Health Break 10:30 – 11:50 Device Security Presentation & Discussion Period Raj Thuppal Moderator: Chair Participants: All 11:50 – 12:00 Closing Remarks Benoît Long, Chair
  • 3. Objective for Today • Setting the Context on Shared Services Canada Cyber and IT Security Program • Proposed Device Security Plan for an enterprise procurement scope • Seek Feedback and Input • Questions/Discussion 3
  • 4. 4 Today Complex Government of Canada (GC) IT Infrastructure IT Security as an “add-on” Reactive, Slow & Siloed Response to Cyber Threats Transforming the Government of Canada Future Rationalized, Standardized and Consolidated IT Security Integrated into the Design Coordinated Proactive Rapid Response & Recovery Cyber and other IT security threats are constantly evolving and on-going effort is required to keep up Context
  • 5. 5 Dept … • IT Security controls based on ITSG-33 (Technical, Operational and Management) incorporated as part of end to end IT service management of target state GC IT Services • IT security controls established based on domain security control profile, context and GC threat assessment and IT risk management • Standardized, consolidated and transformed Cyber and IT Security Services IT Security Target StateIT Security Current State Dept … Dept … Dept … GCNet Data in Use Data at Rest Data at Rest Data in Transit Unified ICAM Standardized SOC Multiple Identities Multiple ICAMs Consolidated Back office Apps Mission Specific Apps Mission Specific Apps Data at Rest Mission Specific Apps Mission Specific AppsBack office Apps Back office Apps Multiple Access Controls Multiple SOCs Data in Transit Data in Use Cyber and IT Security Transformation Multiple IdentitiesMultiple Network Security Controls Unified Network Security Multiple IdentitiesMultiple Device Security Unified Device Security Multiple Identities Fragmented SIEMs Unified SIEM
  • 6. 6 Cyber and IT Security Framework INFRASTRUCTURE & DATA • Aligned to Canada’s Cyber Security Strategy (CCSS) • Security built-in as part of end-to-end service design • Partnership with Treasury Board Secretariat (TBS), Communications Security Establishment (CSE) Canada and Public Safety SSC is mandated to protect the infrastructure and associated data-in- transit, storage, and use. OPERATE EVOLVE TRANSFORM
  • 7. 7 Conceptual End State (updated July 2013) Service Management • ITIL ITSM Framework • Standardized Service Levels/Availability Levels • Inclusive of Scientific and special purpose computing • Standardized Application and Infrastructure Lifecycle Management • Smart Evergreening • Full redundancy – within data centres, between pairs, across sites Enterprise Security • All departments share one Operational Zone • Domains and Zones where required • Classified information below Top Secret • Balance security and consolidation • Consolidated, controlled, secure perimeters • Certified and Accredited infrastructure Virtualized Platforms Off-line / Backup Archive Near-line Tier 3 Tier 2 On-line Tier 1 SAN NAS Virtualized Storage IP PBX App. Email WAN Node Data Centre Core Network Domains & Zones V.Conf. Bridge Web File/ Print Database Th.Client VDI Internet PoP Business Intent • Business to Government • Government to Government • Citizens to Government Sys. z App / DB Containers z/OS Any Special Purpose / Grid / HPC Operating System Consolidation Principles 1. As few data centres as possible 2. Locations determined objectively for the long term 3. Several levels of resiliency and availability (establish in pairs) 4. Scalable and flexible infrastructure 5. Infrastructure transformed; not ‘’fork-lifted’’ from old to new 6. Separate application development environment 7. Standard platforms which meet common requirements (no re-architecting of applications) 8. Build in security from the beginning x86 Web / App / DB Containers Windows x86 Web / App / DB Containers Linux Enterprise Security GC Private Domain Application Migration • Standard platforms and product versions • Migration guidance • Committed timeline for product evolution Workload Mobility Service Level … Service Level Application Service Levels Standard Enhanced Mission Critical Regional Carriers International CarriersGCNet (3,580 buildings) Public Cloud Services Internet B2G C2G G2G Regional WAN Accelerators Virtual Private Cloud Several, highly- secure Internet access points Stand-alone centre for GC super- computing (HPC) – e.g. Weather Development Dev1 Dev2 Production Prod3 B U U Prod4 C U U Production Prod1 S A B Prod2 S B U Service Management Virtualized Services Classified Data Confidential Secret C S Protected Data A Protected A B Protected B C Protected C HPC Sci1
  • 8. 8 Top Secret Secret Confidential Protected C Protected B Protected A Unclassified Policy on Government Security (PGS) Classified Designated National Interest & Security Corporate or Personal Interest Non-Sensitive Information (Requires Integrity & Availability) Caveats Official CEO (Canadian Eyes Only) Unofficial For Official Use Only (FOUO) GC Data Classification Extremely Grave Injury – e.g., widespread loss of life, loss of continuity of government, etc. Serious injury – e.g., political tension (int’l or fed-prov.), damage to critical infrastructure, civil disorder, etc. Injury – e.g., damage to relations (e.g. public, industry, diplomatic, etc.), limited loss of public confidence, etc. Extremely Grave Injury – e.g., serious physical injury/ loss of life, financial loss affecting viability, etc. Serious injury – e.g., substantial duress to individuals, loss of competitive advantage, etc. Injury – e.g., inconvenience, damage to Departmental relationships, degradation of public confidence
  • 9. 9 PREVENTION • Trusted infrastructure products and services through supply chain integrity • Cyber and IT Security Policies and Standards • Security awareness and training • Infrastructure Protection Services • Data Protection Services • Identity, Credentials and Access Management Services • Secret Infrastructure Service • Business Continuity and Emergency Management DETECTION • Coordination of GC-wide monitoring, detection, identification, prioritization, and reporting of IT Security incidents • Automated, real-time threat monitoring, security information and event management and analysis • Log analysis and investigations • Security Assessment • Vulnerability assessments RESPONSE • GC-wide coordination and remediation of IT security incidents • Threat assessment and situational reporting • Coordination and distribution of GC product alerts, warnings, advisories • Forensics • Software integrity through security configuration or replacement • Infrastructure integrity through configuration or replacement RECOVERY • Highly specialized IT security incident recovery services • Mitigation advice and guidance • Vulnerability Remediation • Post Incident Analysis Cyber and IT Security Functions
  • 10. 10 Transformation Principles • Trusted equipment and services through supply chain integrity • Security by design to ensure that all aspects of security are addressed as part of design, balancing service, security and savings • Gradual transition from a network-based security model to data-centric security model • Privileged access to data will be maintained and multi-tenancy will be built into systems where data owned by one partner cannot be seen by another partner or by unauthorised individuals • Security breaches in one part of the infrastructure are quickly detected and contained without spreading to other parts of the infrastructure • Maintain and improve the security posture as part of moving to enterprise services (i.e., don’t reduce security).
  • 11. 11 1. Does the Cyber and IT Security Framework, transformation principles and associated functions sufficiently address the Cyber and IT Security challenges associated with moving from department specific networks to a cloud infrastructure? Question
  • 13. AFAC Consultation Roadmap STRATEGY KEY ACTIVITIES 2014–15 AFAC INPUT  Recommendations for Strategic Questions  Guiding Principles/ Best Practices  Experience/Case Studies  Risks/Success Factors Common Requirements/ Service Strategy Service Bundles and Delivery Model Licensing models and Solutions End-state Service Strategy Enterprise Software Procurement Functional Direction • Meetings • Demos • Written Submissions Formal Industry Engage- ment July 7 TBD 13
  • 14. Device Security Defined What is Device Security? • Device security refers to the protection of Government of Canada (GC) devices that are used to store and process data through the use of various information technology (IT) safeguard services. What GC Devices are we looking to Protect? • Backend devices (Data Server Infrastructure) • Frontend devices (Traditional personal computers, laptops, Thin- Clients/Virtual Deployments) • Mobile Devices (Smartphones, Tablets) • ~569,000 devices (~100,000 data centre devices, ~469,000 workplace technology devices) Why do we need Device Security? • Safeguard GC devices and data from various forms of malware and intrusion • Maintain the confidentiality, integrity and availability of infrastructure information assets 14
  • 15. Strategic Context 15 • Enhance security services required to mitigate from evolving threats • Support for security service integration with new cloud and mobile technologies • Support Treasury Board’s IT Policy Implementation Notice (ITPIN) implementation regarding the secure use of portable data storage devices within the Government of Canada • Lack device security software enterprise procurement vehicle • Existing device security software licenses renewal to maintain operations (e.g. Keeping the Lights On) • Multiple device security disparate solutions and policy application • Standardization to drive efficiencies and cost savings across the GC Increase Security Improve Service Generate Savings
  • 16. Proposed Device Security Services Security Service Description Antivirus Is protective software designed to defend your computer against malicious software (viruses) Antispyware Software that controls advertisements (called adware) or software that tracks personal or sensitive information Host Intrusion Detection / Prevention Systems Software package which monitors a single host for suspicious activity by analyzing events occurring Data Loss Prevention Network/endpoint services that control what data end users can transfer in/out of the network Application Firewall Firewall which controls input, output and/or access from, to, or by an application or service Application Whitelisting Software programs that operate up to the Application Layer of the OSI Model; and protect the integrity of the system by filtering the requests for application-based information. Encryption A technology which protects information by converting it into unreadable code that cannot be deciphered easily by unauthorized people. 16 Questions: 1. Have all essential functions covered? Should other functions be considered? 2. Should these functions be bundled separately or combined ?
  • 17. Device Security Strategy Current-State Distributed • Multiple disparate management systems and products/technologies across depts. • Network-Centric Security End-State Centralized • Reduced management infrastructure leveraging SSC Community Cloud • Data-Centric Security 17 Questions: 1. Should the same service set be used for both the legacy environment and the new SSC enterprise cloud service? 2. Given vendor specific signatures, should multi-vendor procurement be considered? 3. Should the scope of the procurement cover both data center devices and workplace technology devices?
  • 19. 19 INFRASTRUCTURE & DATA Technical, physical, personnel, management and other security controls to proactively protect the confidentiality, integrity and availability of information and IT assets Continuous monitoring of systems to rapidly detect IT incidents after or as they occur Corrective controls to respond to IT incidents and to exchange incident-related information with designated lead departments in a timely fashion PDRR & PPSI Models Security Frameworks Governance, Risk Management, Compliance (GRC) Corrective controls to restore essential capabilities within agreed time constraints and availability requirements in a manner that preserves the integrity of evidence Aligned with NIST Framework Competencies, roles & responsibilities, culture, org. chart, and capacity Supply Chain Integrity, Security Assessment & Authorization, Security- by-Design, IT Service Management Privilege Management Infrastructure (PMI), GC Secret Infrastructure (GCSI), Network and Device Security, Security Operations Centre (SOC) Policies and instruments, information repository, Approved Security Products List (ASPL)
  • 20. GC ESA Focus Areas 20 Awareness & Training PhysicalSecurity Security in Contracting PersonnelSecurity Business Continuity Strengthen Defensive Capabilities Strengthen Defensive Capabilitie s C onsolidation Standardization Transform ation M odernization End User Device Security Compute and Storage Services Security Network and Communications Security Security Operations Policy and Compliance Monitoring Application Security Data Security Identity, Credential and Access Management Strengthen Defensive Capabilities ESA Focus Areas helps to:  Manage the complex problem space  Promotes a defense-in-depth layered security approach  Considers both technical and non- technical aspects