WTS and PCI Nelson Lah Chief Technology Officer Workplace Technology Services May 27, 2009
WTS - Who We Are and What We Do PCI Initiative for Government – Our Role What We’re Doing Where We’re Going
Workplace Technology Services (WTS) Provides… Shared Services Technology Infrastructure for all 19 Ministries and 168 Broader Public Sector Organizations Technology Infrastructure includes: Computer Workstations Computer Servers Government Network Shared, Government-Wide Applications such as Payroll Enterprise Online Products and Services Who We Are
Every Day, WTS Provides: Services to 4,000 locations, 50,000 customers and 600,000 students 37,000 workstations, 6,700 BlackBerry devices 40,000 accounts, 6 million messages/month (and growing) 50,000 telephone connections 1,600 computer servers, storing 15 terabytes of 31,000 paycheques processed every two weeks FACTS: * $1,000 Vote * ~ 500 full time employees * Mixed-sourcing model * $250M in annual recoveries What We Do
As the IT infrastructure provider for government, we need to ensure support for compliance with new standards Working to enhance existing network in light of new standard Current focus is a core government solution Initial offering of PCI security monitoring with Liquor Distribution Branch Initial offering of security monitoring BC Express Pay and Royal BC Museum The PCI Initiative for Government – Our Role
Infrastructure Remediation Vulnerability Management Security Monitoring Still in early stages of development Developing expertise and capacity to ensure success Ongoing work falls into 3 categories What We’re Doing
Focused on network segmentation of payment applications and Point of Sale (POS) devices Benefits: Reduces size and complexity of annual PCI audit Provides additional security from internal attacks on the payment stream What We’re Doing Infrastructure Remediation Vulnerability Management Security Monitoring
Focused on recording changes within electronic payment infrastructure Automated record keeping allows enhanced reporting Information feeds into Security Monitoring What We’re Doing Infrastructure Remediation Vulnerability Management Security Monitoring
Focused on: monitoring changes and activity within the electronic payment infrastructure reporting anomalies Acquired one of the leading Security Information and Event Management (SIEM) applications What We’re Doing Infrastructure Remediation Vulnerability Management Security Monitoring
Where We’re Going Plan to develop as a shared service offering and very dependent on funding New PCI standard requires that everything be in place and audited by October 2010 Beyond PCI, will consider use of application for Enterprise security Compliance automation Log Management Configuration auditing and provisioning
11 Thank You Nelson Lah Chief Technology Officer Workplace Technology Services Shirley Mitrou A/Executive Director, Client Services Integrated Service Solutions