1 / 21

Security Alberta

Security Alberta. Tim McCreight, CISO – Government of Alberta Moderator: Moderator: Illena Armstrong, editor-in-chief, SC Magazine. WARNING. This Speaker may contain coarse language, personal opinions and occasional scenes of nudity and is rated for adult audiences.

atalo
Download Presentation

Security Alberta

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security Alberta Tim McCreight, CISO – Government of Alberta Moderator: Moderator: Illena Armstrong, editor-in-chief, SC Magazine

  2. WARNING This Speaker may contain coarse language, personal opinions and occasional scenes of nudity and is rated for adult audiences. Viewer discretion is advised.

  3. Outline Quick Intro The past… …meets the Auditors Issues & Threats Progress made Looking ahead Q&A

  4. Quick Intro Almost 30 years in Information Systems, Physical and IT security Certifications in both Physical and IT Security… Audit experience, too! Interesting combination…

  5. The Past

  6. The Past – con’t Each division responsible for security Each area spent based on their perception of risk… Some areas mature, others – not Not conducive to sharing…

  7. Meets the Auditors

  8. Meets the Auditors OAG Report in 2008 identified major issues: Identified flaws in the federated model for IT Security Individual departments not following one central approach No overall area responsible for security

  9. Issues and Threats

  10. Issues and Threats – con’t Coordinating across multiple divisions Budget Resources Moving to web-centric services: Citizen’s portal Identity & Access Management Reliance on Social Media Increased scrutiny from public, etc. Malware and blended threats Mix of new/old technologies Coordinating with multiple service providers…

  11. Progress Made

  12. Progress Made – con’t Created Directives: Based on ISO Endorsed by Sr. Management Identified “rules of the road” for IS Security Created central monitoring and surveillance program Developed forensic examination capabilities Sought industry-leading Managed Security Services Began reaching out to other security/risk groups Focused on enforcement Began cleanup of ID’s, privileges and access control Linked with Corporate Architecture

  13. Progress Made – con’t Focused on education: Online eLearning course Online brochure Got a seat at the table for: Social Media policy Overarching Security Policy

  14. Looking Ahead

  15. Looking Ahead – con’t Goal: protect the data/core: Never win the endpoint security game User behavior still an issue… How to achieve this state: Virtualization Enhanced Security Operations Centre (SOC) BYOC Intelligent traffic scanning

  16. Embracing Virtualization Move toward this cautiously.. Focus on removing the endpoint issues: Locked down session Roles based control Forced path to apps Use technology to meet business requirements

  17. Enhanced SOC Integrate SOC into all IT components: MSS Network Boundary Internal Wireless Virtual environment Desktops Servers Physical systems

  18. BYOC What if we didn’t care what you used to: Access email Connect to applications Generally, work! Bring Your Own Computer! Secure, virtual containers App store… RBAC/fine-grained control No data left behind…

  19. Intelligent Traffic Scanning A virtual world has challenges: Tough to prove segregation Need to build Defense in Depth: Escalating trust levels Finite access control More mgmt scanning/logging Scanning active/dormant VM’s Monitor, authenticate and authorize…

  20. Questions?

  21. Thank You! Tim McCreight, CISSP CPP CISA Chief Information Security Officer Government of Alberta tim.mccreight@gov.ab.ca

More Related