Report of the Identity Theft Prevention and Identity Management Standards Panel Webinar on the Release of the IDSP Report January 31, 2008.

Slides:



Advertisements
Similar presentations
Thematic Discussion on Human Rights & Resolution 1373 Counter-Terrorism Committee Executive Directorate (CTED) United Nations New York, 7 October 2010.
Advertisements

Submitted as an Information Sharing Subject (ISS) for the High Interest Subject of ID Management and Identification Systems Open Agenda 6.4 DOCUMENT #:GSC14-PLEN-068.
Yukiko Ko Binding Corporate Rules – Global Implications Conference on Cross Border Data Flows and Privacy October 16, 2007.
Dr Lami Kaya ISO Information Security Management System (ISMS) Certification Overview Dr Lami Kaya
Vendor Management September 7 th 2007 James Mahan, Vice President Yankee Alliance.
Internal Audit Awareness
Identity Theft “Red Flags” Rules Under the FACT Act Reid Fudge CISSP, CISA Pulte Mortgage, LLC November 2008.
1 Executive Office of Public Safety. 2 National Incident Management System.
Better Privacy Through Identity Management: Report of the Identity Theft Prevention and Identity Management Standards Panel (IDSP) Presented By: Jim McCabe.
1 Supplement to the Guideline on Prevention of Money Laundering Hong Kong Monetary Authority 8 June 2004.
Security Controls – What Works
ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.
Affiliated Information Security Collaborative An Affiliated Enterprise Approach to Information Security Deans and Vice Presidents Meeting April 17, 2014.
The case of Saint Lucia IFC/World Bank Conference on Trade Logistics Washington DC - June 7, 2010 By Senator the Hon. Charlotte Tessa Mangal Minister for.
Network security policy: best practices
National Governor’s Association September 29-30, 2003 Salt Lake City, Utah.
The Financial Impact of Cyber Security 50 Questions Every CFO Should Ask A publication of the American National Standards Institute and the Internet Security.
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.
Laboratory Biorisk Management Standard CWA 15793:2008
BITS Proprietary and Confidential © BITS Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.
Applied Technology Services, Inc. Your Partner in Technology Applied Technology Services, Inc. Your Partner in Technology.
1 International Forum on Trade Facilitation May 2003 Trade Facilitation, Security Concerns and the Postal Industry Thomas E. Leavey Director General, UPU.
The Private Sector and Building Effective Demand for Corporate Governance Caribbean Corporate Governance Forum September g.
Presented by: Jay Maxwell CIO, AAMVA The Driver’s License: Finally, National Standards Presented by: Jay Maxwell CIO, AAMVA.
© 2009 National Automated Clearing House Association. All rights reserved. Industry Perspectives on Emerging Risks and Public/Private Engagement: Network.
State Alliance for e-Health Conference Meeting January 26, 2007.
Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.
IDENTITY THEFT. RHONDA L. ANDERSON, RHIA, PRESIDENT ANDERSON HEALTH INFORMATION SYSTEMS, INC.
Supervision of Information Security and Technology Risk Barbara Yelcich, Federal Reserve Bank of New York Presentation to the World Bank September 10,
Assessing The Development Needs of the Statistical System NSDS Workshop, Trinidad and Tobago, July 27-29, 2009 Presented by Barbados.
New Identity Theft Rules Rodney J. Petersen, J.D. Government Relations Officer Security Task Force Coordinator EDUCAUSE.
April 2008 Global Developments in Corporate Reporting Charles Tilley Chartered Institute of Management Accountants Chief Executive Global Developments.
Disaster Recover Planning & Federal Information Systems Management Act Requirements December 2007 Central Maryland ISACA Chapter.
Environmental Management System Definitions
1 Leveraging the WTO/TBT Agreement New Delhi, India September 11, 2008 Elise Owen Representative for China and India Affairs American National Standards.
FDA Public Meeting on Electronic Records and Signatures June 11, 2004 Presentation of the Industry Coalition on 21CFR Part 11 Alan Goldhammer, PhD Chair.
Seeking a National Standard for Security: Developing a Systematic Crosswalk of the Final HIPAA Security Rule, the NIST SP , NIST SP Security.
1 GSC: Standardization Advancing Global Communications ISACC Opening Plenary Presentation GSC-11 SOURCE:ISACC TITLE:ISACC Opening Plenary Presentation.
Risk and Crisis Management Building OECD Principles on Country Crisis Management.
ONC’s Proposed Strategy on Governance for the Nationwide Health Information Network Following Public Comments on RFI HIT Standards Committee Meeting September.
United States Standards Strategy Updating a Standards Strategy for Manufacturers in the Global Marketplace March 30, 2005 National Assn. of Manufacturers.
1 Submitted as an Information Sharing Subject (ISS) for the High Interest Subject of “Security and Lawful Interception” Open Agenda 6.3 DOCUMENT #:GSC14-PLEN-070.
1 Update from the ANSI Homeland Security Standards Panel (HSSP) Presented by Karen Hughes Director, Homeland Security Standards American National Standards.
International Security Management Standards. BS ISO/IEC 17799:2005 BS ISO/IEC 27001:2005 First edition – ISO/IEC 17799:2000 Second edition ISO/IEC 17799:2005.
Technology Services – National Institute of Standards and Technology Implementing the National Technology Transfer and Advancement Act in the Federal Government.
Organizing a Privacy Program: Administrative Infrastructure and Reporting Relationships Presented by: Samuel P. Jenkins, Director Defense Privacy Office.
This presentation remains the property of XDS (PTY) Ltd and may not be altered, copied or distributed without written permission Regulatory and Legal Challenges.
Presented by Eliot Christian, USGS Accessibility, usability, and preservation of government information (Section 207 of the E-Government Act) April 28,
Dino Tsibouris & Mehmet Munur Privacy and Information Security Laws and Updates.
NATIONAL INCIDENT MANAGEMENT SYSTEM Department of Homeland Security Executive Office of Public Safety.
CYBERSECURITY: RISK AND LIABILITY March 2, 2016 Joshua A. Mooney Co-chair-Cyber Law and Data Protection White and Williams LLP (215)
December 1, 2004 Slide 1 Presented by Dan Bart, TIA and ANSI-HSSP Co-Chair December 1, 2004 Presentation on ANSI and the Homeland Security Standards Panel.
New approach in EU Accession Negotiations: Rule of Law Brussels, May 2013 Sandra Pernar Government of the Republic of Croatia Office for Cooperation.
V Global Forum on Fighting Corruption and Safeguarding Integrity – South Africa Trade and Customs Partnership to fight against corruption and safeguard.
The Health Insurance Portability and Accountability Act of 1996 “HIPAA” Public Law
Information and Network security: Lithuania Tomas Lamanauskas Deputy Director Communications Regulatory Authority (RRT) Republic of Lithuania; ENISA Liaison.
M O N T E N E G R O Negotiating Team for the Accession of Montenegro to the European Union Working Group for Chapter 10 – Information society and media.
May 17, 2005 Slide 1 Presented by: Dan Bart, TIA and ANSI-HSSP Co-Chair May 17, 2005 Homeland Security Standards and the Role of the ANSI Homeland Security.
Financial Services Sector Coordinating Council (FSSCC) 2011 KEY FSSCC INITIATIVES 2011 Key FSSCC Initiatives Project Name: Project Description: All-Hazards.
Korea Responsible Care Council RESPONSIBLE CARE ® in KOREA March 2001 By KOREA RESPONSIBLE CARE COUNCIL.
Incorporating Privacy Into Systems Development Methodology Phil Moleski Director Corporate Information Technology Branch Saskatchewan Health
Paperless & Cashless Poland Program overview
VERMONT INFORMATION TECHNOLOGY LEADERS
General Counsel and Chief Privacy Officer
IS4550 Security Policies and Implementation
E-Commerce for Developing Countries (EC-DC)
The Financial Impact of Cyber Risk 50 Questions Every CFO Should Ask
John Carlson Senior Director, BITS
Neopay Practical Guides #2 PSD2 (Should I be worried?)
Coordination of the National Statistical System of the Republic of Macedonia Kruševo, 2018.
Presentation transcript:

Report of the Identity Theft Prevention and Identity Management Standards Panel Webinar on the Release of the IDSP Report January 31, 2008

. Webinar Agenda 1.Speaker Introductions – IDSP Chair 2.Overview of IDSP Process and Deliverables – IDSP Chair 3.Findings and Recommendations – IDSP Working Group Co-Chairs 4.Industry Analyst Perspectives 5.Question & Answer Period

. Today’s Speakers IDSP Chairman (Master of Ceremonies) Joseph V. Gurreri, III President, CorporatePlanningGroup.NET Former VP, General Manager, Global Solutions Development TransUnion

. Today’s Speakers (contd.) Co-Chairs Working Group 1 - Issuance James E. Lee President, C2M2 Associates, LLC Former SVP and Chief Public & Consumer Affairs Officer ChoicePoint James X. Dempsey Policy Director Center for Democracy and Technology

. Today’s Speakers (contd.) Co-Chairs Working Group 2 - Exchange Julie Fergerson VP of Emerging Technologies Debix, The Identity Protection Network Working Group 3 - Maintenance George K. “Chip” Tsantes EVP and Chief Technology Officer Intersections Inc.

. Today’s Speakers (contd.) Industry Analysts James Van Dyke President and Founder Javelin Strategy & Research Larry Ponemon Founder and Chairman Ponemon Institute

IDSP Webinar | January 31, 2008Slide 7 Cross-sector coordinating body focused on preventing ID Theft Identify existing standards, guidelines and best practices Analyze gaps, need for new standards, leading to improvements Make catalogue available to businesses, government, consumers Jointly administered by the American National Standards Institute (ANSI) and the Better Business Bureau (BBB) ANSI – coordinator of the U.S. standardization system BBB – advancing trust in the marketplace Launched September 13, 2006 – a 16 month effort 165 representatives from 78 organizations What is the IDSP?

IDSP Webinar | January 31, 2008Slide 8 Charter In ScopeOut of Scope Inventory of existing standardsModification of existing standards Index standardsRank ordering standards Gap Analysis of current standardsDeveloping new standards

IDSP Webinar | January 31, 2008Slide 9 Founding Partners A diverse group of organizations

IDSP Webinar | January 31, 2008Slide 10 Steering Committee Composition  AARP  Accredited Standards Committee X9  Affinion Group  Alliance for Telecommunications Industry Solutions  American Financial Services Assn.  AOL LLC  ARMA International  Center for Democracy and Technology  Debix  Fellowes, Inc.  General Services Administration  KPMG  National Institute of Standards and Technology  North American Security Products Organization  Pay By Touch  Telecommunications Industry Assn.  Underwriters Laboratories Inc. At Large Members Chairman – Joseph V. Gurreri, III Founding Partners

IDSP Webinar | January 31, 2008Slide 11 Working Groups Definitions WG 1 Issuance Standards relating to issuance of identity documents by government and commercial entities WG 2 Exchange Standards relating to acceptance and exchange of identity information WG 3 Maintenance Standards relating to ongoing maintenance and management of identity information

IDSP Webinar | January 31, 2008Slide 12 First Deliverable Standards Inventory – Volume II, Final Report Working Groups Catalogued into a SINGLE Resource... Existing Standards, Guidelines and Best Practices – PRIVATE AND PUBLIC SECTOR Laws / Regulations Proposed Legislation White Papers Conformity Assessment Programs Glossaries of Identity Terms Research Studies / Reports Market Survey and ANSI Database Search filled out Inventory

IDSP Webinar | January 31, 2008Slide 13 Sample Entry Standards Inventory – Volume II, Final Report Developer/ Source DesignationTitleDescription/ScopeRelevance to IDSP Working Group ISO/IEC 27002:2005 Information technology - Security techniques - Code of practice for information security management ISO/IEC 27002:2005 establishes guidelines and general principles for initiating, implementing, maintaining, and improving information security management in an organization. The objectives outlined provide general guidance on the commonly accepted goals of information security management. ISO/IEC 27002:2005 contains best practices of control objectives and controls in the following areas of information security management: security policy; organization of information security; asset management; human resources security; physical and environmental security; communications and operations management; access control; information systems acquisition, development and maintenance; information security incident management; business continuity management; compliance. 3

IDSP Webinar | January 31, 2008Slide 14 Second Deliverable Findings and Recommendations – Volume I, Final Report WGs Described / Prioritized Identity Fraud-Related Problems Considered Range of Possible Solutions to Identify Gaps New Account Processing Identified as a Risk Scenario Two Process Flows Created to Facilitate Gap Analysis Birth of a Citizen and Acquisition of ID Credentials Typical New Account Establishment Procedure WGs Performed Gap Analysis Against these Flows / Identified Problem Areas Considered Items Referenced in Standards Inventory Plenary Meeting / Full Panel Discussion Drafting / Review of Report and Recommendations

IDSP Webinar | January 31, 2008Slide 15 Issuance of Identity Credentials Enhance Security of Issuance Process Recommendation #1 Issue standards for birth certificates and Social Security cards National Ctr. for Health Statistics and Social Security Admin. should do so under Intelligence Reform and Terrorism Prevention Act of 2004 Improve communication / cooperation between government agencies and private sector National Assn. for Public Health Statistics & Information Systems should expand to government agencies use of Electronic Verification of Vital Events system

IDSP Webinar | January 31, 2008Slide 16 Issuance of Identity Credentials Enhance Security of Issuance Process (contd.) Recommendation #1 Government / industry should dialogue about cross- application of existing security standards for identity issuance processes, and new standards development as appropriate Government / commercial ID issuers should give further attention to secure delivery of credentials to end user

IDSP Webinar | January 31, 2008Slide 17 Issuance of Identity Credentials Augment Private Sector Commercial Issuance Processes Recommendation #2 Government / industry need to dialogue about greater interoperability between public / private sector ID theft prevention mechanisms Private sector could benefit from appropriate and secure access to government vital records systems

IDSP Webinar | January 31, 2008Slide 18 Issuance of Identity Credentials Improve the Integrity of Identity Credentials Recommendation #3 Document Security Alliance and North American Security Products Organization (NASPO) should proceed with project to measure effectiveness of document security technologies Department of Homeland Security should work with issue stakeholders to develop adversarial testing standards NASPO, SIA and SEMI in North America – and CEN in Europe – should proceed with standards for secure serialization anti-counterfeiting technology

IDSP Webinar | January 31, 2008Slide 19 Exchange of Identity Data Strengthen Best Practices for Authentication Recommendation #4 Financial Institutions and credit grantors should take into account level of risk, cost and convenience when determining an appropriate authentication procedure Should not use easily-obtainable personal information such as Social Security numbers as sole authenticators Financial regulatory agencies and FFIEC are encouraged to review the sufficiency of authentication practices for online banking

IDSP Webinar | January 31, 2008Slide 20 Exchange of Identity Data Strengthen Best Practices for Authentication (contd.) Recommendation #4 Industry and standards developers are encouraged to continue to develop trusted networks for multi-factor mutual authentication Public and private sectors should implement systems to allow physical ID documents to be validated in real time FTC and financial regulatory agencies should provide guidance on best practices for credit grantors responding to fraud alerts

IDSP Webinar | January 31, 2008Slide 21 Exchange of Identity Data Strengthen Best Practices for Authentication (contd.) Recommendation #4 Social Security Admin. should work with private sector on a mechanism that enables companies to verify if a Social Security number belongs to a minor Stakeholders should consider best practices / consumer education to help protect the elderly and terminally ill from fiduciary abuse Social Security Admin. should work with states and private sector to improve notification when someone is classified as deceased FTC should consider enhanced ID theft protection for active duty military

IDSP Webinar | January 31, 2008Slide 22 Exchange of Identity Data Increase Understanding / Usability of Security Freezes Recommendation #5 Lenders, government agencies, consumer advocacy groups, credit reporting agencies and others should continue to support consumer education on benefits and limitations of security freezes

IDSP Webinar | January 31, 2008Slide 23 Maintenance of Identity Information Enhance Data Security Management Best Practices Recommendation #6 ISO/IEC, PCI Security Standards Council, NASPO and other standards developers should review / augment existing data security management standards (or develop new ones) to: Define the frequency of periodic employee security training and content of an employee awareness program Clarify requirements for data access credentialing and background checks Provide guidance on continuous review of access credentials and privileges

IDSP Webinar | January 31, 2008Slide 24 Maintenance of Identity Information Enhance Data Security Management Best Practices (contd.) Recommendation #6 Develop targeted guidance for industry sectors that are not regulated or that do not have standards Provide guidance to ensure downstream vendors are secure Implement an ongoing program of security re-evaluation Develop a security breach risk assessment for insurance purposes

IDSP Webinar | January 31, 2008Slide 25 Maintenance of Identity Information Augment Best Practices for Sensitive Data Collection, Retention and Access Recommendation #7 Industry, Small Business Admin., Chambers of Commerce and similar organizations need to develop and distribute practical guidance for small businesses on data collection, retention and access Industry and key government stakeholders (FTC, OMB, SSA) need to develop uniform guidance on the collection, use and retention of Social Security numbers

IDSP Webinar | January 31, 2008Slide 26 Maintenance of Identity Information Create Uniform Guidance on Data Breach Notification and Remediation Recommendation #8 Issue stakeholders need to dialogue on the desirability / feasibility of developing a private sector standard for data breach notification, recognizing there are tradeoffs Industry should assemble a cross-sector forum to develop uniform guidance on consumer remediation in the event of a data compromise Issue stakeholders should educate / reinforce ID theft prevention strategies to consumers

Industry Analyst Perspectives. James Van Dyke President and Founder Javelin Strategy & Research Larry Ponemon Founder and Chairman Ponemon Institute

Question & Answer Period.

For more information, or to download the Report, please visit Thank You!

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.