PSN Compliance in Local Authorities ADDRESSING THE CHALLENGES.

Slides:

Advertisements

Similar presentations

Inter WISP WLAN roaming

Advertisements

Digital Certificate Installation & User Guide For Class-2 Certificates.

Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)

12 August 2004 Strategic Alignment By Maria Rojas.

Martin Bacon – Managing Director.

Digital Certificate Installation & User Guide For Class-2 Certificates.

Collaborative Working to Deliver IT Transformation and Business Change Andrew Dale – Head of IT Ian Pritchard – IT Manager.

Mark Smith PSN Government Digital Service. PSN update GDSMark Smith.

Dr Megan O’Neill University of Dundee and SIPR. ‘What works’ Much literature on problems with partnership working in public sector in UK Projects tended.

DRAGOLJUB NESIC 08/12/2013 DOES IDENTITY MANAGENT REALLY HAVE TO BE DIFFICULT?

U N C L A S S I F I E D LA-UR LANL Exchange / Blackberry Deployment June 2, 2009 Anil Karmel Solutions Architect Network and Infrastructure Engineering.

Understand Virtualized Clients Windows Operating System Fundamentals LESSON 2.4.

HIPAA Security Standards What’s happening in your office?

National Address Management Framework Presentation to the SSI 17 September, 2008.

Virtual Collaboration with SharePoint Instructor: Michael Curry.

Seven Effective Habits of a Successful ITSO Ken Hanna University of Minnesota.

CSI 400/500 Operating Systems Spring 2009 Lecture #20 – Security Measures Wednesday, April 29 th.

Ian Akeroyd Virgin Media Business 10th October 2014

The University of California Strengthening Business Practices: The Language of Our Control Environment Dan Sampson Assistant Vice President Financial Services.

CCT 355: E-Business Technologies Class 10: Past and Future: A consideration of legacy systems, and Final Project/Exam Considerations.

Website Hardening HUIT IT Security | Sep

Mobility Without Vulnerability: Secure and Enable Your Mobile Users, Apps, and Devices David Clapp – Intuitive.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Lecture 18 Page 1 CS 111 Online Design Principles for Secure Systems Economy Complete mediation Open design Separation of privileges Least privilege Least.

FIVE STEPS TO REDUCE THE RISK OF CYBERCRIME TO YOUR BUSINESS.

Creating an Effective Policy Central Missouri Chapter Jesse Wilkins April 16, 2009.

Philip Young One Hosting Capita One Software Update Seminars 2014.

What is Validation Understanding Validation (Different from Verification)

Lecture 15 Page 1 Advanced Network Security Perimeter Defense in Networks: Firewalls Configuration and Management Advanced Network Security Peter Reiher.

Software Engineering Experimentation Rules for Reviewing Papers Jeff Offutt See my editorials 17(3) and 17(4) in STVR

The Polaris Centre LGA Presentation 2 October 2014.

Security protocols  Authentication protocols (this lecture)  Electronic voting protocols  Fair exchange protocols  Digital cash protocols.

1 ‘ARE WE THERE YET?’ Managing the traffic implications of growth A Local Transport Authority Perspective Ian Drummond Leicestershire County Council.

08/02/20051 Administrative Staff Planning Retreat Barton Creek August 2, 2005.

Hosted by 2004 Purchasing Intentions Survey Mark Schlack Editorial Director, Storage Media Group TechTarget.

Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.

One Platform, One Solution: eToken TMS 5.1 Customer Presentation November 2009.

Information, Advice and Advocacy Strategy Tim Anfilogoff Head of Community Wellbeing.

EPrivacy & Consenting Cookies Rakuten LinkShare Symposium 2012 Liz Robertson Jones Day 17 April 2012.

Welcome Windows Server 2008 安全功能 -NAP. Network Access Protection in Windows Server 2008.

Experiences of debt problems and pre-arrears intervention Sharon Collard and Andrea Finney, PFRC.

Commissioning social care Angela Canning & Cathy MacGregor, 15 March 2012.

Cloud Market Readiness Report Finance, Media, and Legal Sectors March 2014 Trend Consulting 2013.

Using WITSML to deliver value in BP Presentation to public meeting 16 th May 2007 Dr Julian Pickering, Domain Lead Drilling & Completions BP Research.

© University of Reading Information Technology Services 23 December 2015 Information Security Policy Mike Roch - Director of IT.

Enabling the Digital Campus

Identity Management and Enterprise Single Sign-On (ESSO)

IT Summit November 4th, 2009 Presented by: IT Internal Audit Team Leroy Amos Sue Ann Lipinski Suzanne Lopez Janice Shelton.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

MASSACHUSETTS UNDERGROUND STORAGE TANK (UST) DATA MANAGEMENT SYSTEM COMPLETING THE COMPLIANCE CERTIFICATION MassDEP, Bureau of Air and Waste.

Minimising IT costs, maximising operational efficiency IO and NIMM: Now is the time Glyn Knaresborough Director of Strategic Consulting.

VPN. CONFIDENTIAL Agenda Introduction Types of VPN What are VPN Tokens Types of VPN Tokens RSA How tokens Work How does a user login to VPN using VPN.

Asif Jinnah Field Desktop Services Enabling a Flexible Workforce, an insider’s view.

1 Information Governance (For Dental Practices) Norman Pottinger Information Governance Manager NHS Suffolk.

Created by Alexis Ford Research done by Rebecca Tanner Ford 1.

Cloud, big data, and mobility Your phone today probably meets the minimum requirements to run Windows Server 2003 Transformational change up.

Organizing and leading the IT function Two set of tensions guide policies for developing, deploying and managing IT systems. 1.Innovation and control a.How.

CLOSE THE SECURITY GAP WITH IT SOLUTIONS FROM COMPUTACENTER AND CISCO AUGUST 2014.

1© Copyright 2012 EMC Corporation. All rights reserved. Next Generation Authentication Bring Your Own security impact Tim Dumas – Technology Consultant.

ARMA Boston Spring Seminar 2011 Jesse Wilkins, CRM.

Secure Connected Infrastructure

Phase 4: Manage Deployment

Cloud adoption NECOOST Advisory | June 2017.

Control system network security issues and recommendations

Validation Bury College.

Proposal: A General Infrastructure for Efficient Application-Level Protocols Steven Czerwinski Goal: To investigate ways to make.

Citrix MetaFrame XP for Document Management

esteem systems ltd Virtualisation driving change in a tough economy

Getting Ready For GDPR Simon Marks Director

Division of Engineering Computing Services

Presentation transcript:

PSN Compliance in Local Authorities ADDRESSING THE CHALLENGES

What is going on?  PSN CoCo submissions have just become more painful!  Affects all UK PSN users  Councils…….are especially affected,  Accredited individually  fundamental differences in our “digital landscape”  The Scottish Angle – Education and Registration – Mobile and Flexible.  Last 6 months  4 Councils pre-Zero Tolerance  4 now passed post-Zero Tolerance  Others going through the “Red Letters”

What’s the Key points?  “PSN-originated data” must be housed on a trusted network.  Zero Tolerance!  Timescales – Short-term pain, Long-term pain.  Limit/eliminate shared PSN/Non-PSN infrastructure  Unmanaged devices are “assumed compromised” – BYOD RIP  Previously (assumed) ”acceptable” remote access approaches now in question – thin client/zero data, sandboxing, even distros.  There will be unplanned cost and resource implications!

Getting there? The process…..  Sequential – not helpful  Signatories  ITHC requirements  Must get the two above right – before you pass to “validation”  Get to know your Cabinet Office PM!  Get some CLAS time?  Advice – know the process, avoid the ping-backs, speak to the CO, keep up with the Guidance, consider CLAS time

What might need done in the short- term?  ITHC Major/Critical and Significant mediums!  Get Patching!  Tighten Segmentation of networks – esp. if completely flat  ……potentially more inboxes?  Remote Access – different passwords from internal network logins?  Unmanaged device access – closed off/restricted  Disclosure checks? GSX staff initially? Not clear!  Affected groups :- GSX users, Remote Access, BYOD  Advice: Know your PSN “footprint”, be pro-active, manage the comms with your customers

…but don’t breathe a sigh of relief for too long!  Long-Term Architecture  No clear “design patterns” – clarification imminent?  “Clearing House” approach?  Will need to look hard at whether “remote access (or PSN) is worth the pain…”  Partner and third party access = “unmanaged”?  Separation of infrastructure – web, servers, etc for PSN data  Windows XP ……. a case of bad timing  More disclosures?  NEED FOR COLLABORATION in 2014?

Questions needing answers?  Is the PSN approach tenable for Councils?  Will this ultimately limit the usefulness and adoption of PSN?  Do we know where the future pressures will be?  What are the costs? Who bears them? And is it worth it?  Should Councils collaborate on “long term” compliance work?  Will this mean IT is back in the role of “Information Preventor”?  Lobby and/or comply?  Strategic response – Segment and separate to allow unmanaged? 100% managed? Which strategy should you adopt?