Presentation is loading. Please wait.

Presentation is loading. Please wait.

Introduction Peter De Witte Information Security Officer for the IT Department Advisor for –Software Development –Infrastructure.

Published byDaniella Angelina Wilkinson Modified over 9 years ago

Similar presentations

Presentation on theme: "Introduction Peter De Witte Information Security Officer for the IT Department Advisor for –Software Development –Infrastructure."— Presentation transcript:

1

2 Introduction Peter De Witte Information Security Officer for the IT Department Advisor for –Software Development –Infrastructure

3 Introduction SVB SVB Sociale Verzekeringsbank 15 different national insurance schemes. Child Benefits, AOW Pensions, Anw Survivor Benefits 100 years + 5 Million Clients € 35 Billion on a yearly basis.

4 how can SVB assure adequate levels of security and gain customers trust, while maximizing quality and effectiveness of citizen service? 25 may 2012

5 Security, Trust, Quality & Effectiveness Awareness Provide a secure IT Proper use of available channels Adequate response to incidents

6 Customer Awareness

7 Employee Awareness Code of Conduct Security Guidelines Classification of information Incident response Organisation of Information Security

8 Employee Awareness Email policy

9 Provide a secure IT NEN-ISO/IEC 27002:2007 nl (BS27002) CMMi ITIL OWASP Security testing Standard for webapplications provided by Logius in cooperation with NCSC

10

11 Trusted Channels

12 3 Security levels for DIGID: 1.Basis: login code (username + password) 2.Middle: login code + text message on a mobile phone 3.High: electronic identifier (not yet implemented)

13 Open A Select server Soon: SAML Server Shared secret Soon: 2 way ssl authentications

14 PKI Government Certificates

15 Public channels

16

17 Response to incidents: Case Diginotar Diginotar: certificates were no longer trusted DIGID was affected directly, SVB indirectly If customers wanted to login, they received a warning of an unsafe certificate

18 Case Diginotar: response SVB (short term) Form an internal crisisteam Inventory of SVB certificates Link up with other sister organisations and Ministry of the Interior and Kingdom Relations Communication to the customer, if necessary

19 Case Diginotar: response SVB (long term) Back-up CA Investigation of the Dutch Safety Board Cooperate with Logius and sister organisations to develop and implement new standards framework for users of DIGID Start of expert center intiated by public service providers

20 Responses from external parties SUWI: “the SVB has a technical and organizational infrastructure of such a standard, that such an incident can be adequately addressed. Apparently the citizens understood where the problems where and have enough confidence in the SVB web service to continue its use.” Dutch Safety Board (still unofficial): Indication towards a positive reaction National Ombudsman: Positive reaction towards how SVB deals with customers and customer data

21 Future Keep our own security up to date Proactive towards new developments, like cloud. Cooperation with external parties

22 Questions?

23

Download ppt "Introduction Peter De Witte Information Security Officer for the IT Department Advisor for –Software Development –Infrastructure."

Similar presentations

IMAC National Academy for Information Management.

IMAC National Academy for Information Management.
Taxpayers registration and e-services provided by the Estonian Tax and Customs Board Karin Aleksandrov Chief Expert Service Management Department.

Taxpayers registration and e-services provided by the Estonian Tax and Customs Board Karin Aleksandrov Chief Expert Service Management Department.
Communication Transferring information from one person to another. Communication is used to instruct, clarify interpret, notify, warn, receive feedback,

Communication Transferring information from one person to another. Communication is used to instruct, clarify interpret, notify, warn, receive feedback,
Dr Stavroula Leka, I-WHO

Dr Stavroula Leka, I-WHO
Develop an Information Strategy Plan

Develop an Information Strategy Plan
Authentication solutions for Outlook and Office 365 Multi-factor authentication for Office 365 Outlook client futures.

Authentication solutions for Outlook and Office 365 Multi-factor authentication for Office 365 Outlook client futures.
Confidentiality and Privacy Controls

Confidentiality and Privacy Controls
Copyright 2005 CMMI and ITIL Alison Adams & Kieran Doyle.

Copyright 2005 CMMI and ITIL Alison Adams & Kieran Doyle.
1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:

1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:
Chief Information Officer Branch Gestion du dirigeant principal de l’information “We will have a world class public key infrastructure in place” Prime.

Chief Information Officer Branch Gestion du dirigeant principal de l’information “We will have a world class public key infrastructure in place” Prime.
Page 1 Issues in and perspectives on electronic authentication of health professionals Pascal POITEVIN Marketing and Communication manager GIP-CPS e-Health.

Page 1 Issues in and perspectives on electronic authentication of health professionals Pascal POITEVIN Marketing and Communication manager GIP-CPS e-Health.
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
Security Controls – What Works

Security Controls – What Works
6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.

6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
PKI 2: Protezione del traffico Web tramite SSL Fabrizio Grossi.

PKI 2: Protezione del traffico Web tramite SSL Fabrizio Grossi.
03 December 2003 Public Key Infrastructure and Authentication Mark Norman DCOCE Oxford University Computing Services.

03 December 2003 Public Key Infrastructure and Authentication Mark Norman DCOCE Oxford University Computing Services.
INTERNET and CODE OF CONDUCT

INTERNET and CODE OF CONDUCT
Session 3 – Information Security Policies

Session 3 – Information Security Policies
Maintaining & Reviewing a Web Application’s Security By: Karen Baldacchino Date: 15 September 2012.

Maintaining & Reviewing a Web Application’s Security By: Karen Baldacchino Date: 15 September 2012.

Similar presentations

Ads by Google