110 likes | 133 Views
WTS and PCI Nelson Lah Chief Technology Officer Workplace Technology Services May 27, 2009. WTS - Who We Are and What We Do PCI Initiative for Government – Our Role What We’re Doing Where We’re Going. Who We Are. Workplace Technology Services (WTS) Provides…
E N D
WTS and PCI Nelson Lah Chief Technology Officer Workplace Technology Services May 27, 2009
WTS - Who We Are and What We Do • PCI Initiative for Government – Our Role • What We’re Doing • Where We’re Going
Who We Are Workplace Technology Services (WTS) Provides… • Shared Services Technology Infrastructure for all 19 Ministries and 168 Broader Public Sector Organizations • Technology Infrastructure includes: • Computer Workstations • Computer Servers • Government Network • Shared, Government-Wide Applications such as Payroll • Enterprise Online Products and Services
What We Do Every Day, WTS Provides: • Services to 4,000 locations, 50,000 customers and 600,000 students • 37,000 workstations, 6,700 BlackBerry devices • 40,000 email accounts, 6 million email messages/month (and growing) • 50,000 telephone connections • 1,600 computer servers, storing 15 terabytes of email • 31,000 paycheques processed every two weeks FACTS: * $1,000 Vote * ~ 500 full time employees * Mixed-sourcing model * $250M in annual recoveries
The PCI Initiative for Government – Our Role • As the IT infrastructure provider for government, we need to ensure support for compliance with new standards • Working to enhance existing network in light of new standard • Current focus is a core government solution • Initial offering of PCI security monitoring with Liquor Distribution Branch • Initial offering of security monitoring BC Express Pay and Royal BC Museum
What We’re Doing • Still in early stages of development • Developing expertise and capacity to ensure success • Ongoing work falls into 3 categories Security Monitoring Vulnerability Management Infrastructure Remediation
What We’re Doing • Focused on network segmentation of payment applications and Point of Sale (POS) devices • Benefits: • Reduces size and complexity of annual PCI audit • Provides additional security from internal attacks on the payment stream Security Monitoring Vulnerability Management Infrastructure Remediation
What We’re Doing • Focused on recording changes within electronic payment infrastructure • Automated record keeping allows enhanced reporting • Information feeds intoSecurity Monitoring Security Monitoring Vulnerability Management Infrastructure Remediation
What We’re Doing • Focused on: • monitoring changes and activity within the electronic payment infrastructure • reporting anomalies • Acquired one of theleading Security Information and EventManagement (SIEM) applications Security Monitoring Vulnerability Management Infrastructure Remediation
Where We’re Going • Plan to develop as a shared service offering and very dependent on funding • New PCI standard requires that everything be in place and audited by October 2010 • Beyond PCI, will consider use of application for • Enterprise security • Compliance automation • Log Management • Configuration auditing and provisioning
Thank You Nelson Lah Chief Technology Officer Workplace Technology Services Nelson.Lah@gov.bc.ca Shirley Mitrou A/Executive Director, Client Services Integrated Service Solutions Shirley.Mitrou@gov.bc.ca 11