WTS and PCI Nelson Lah Chief Technology Officer Workplace Technology Services May 27, 2009

1. WTS and PCI Nelson Lah Chief Technology Officer Workplace Technology Services May 27, 2009

2. WTS - Who We Are and What We Do • PCI Initiative for Government – Our Role • What We’re Doing • Where We’re Going

3. Who We Are Workplace Technology Services (WTS) Provides… • Shared Services Technology Infrastructure for all 19 Ministries and 168 Broader Public Sector Organizations • Technology Infrastructure includes: • Computer Workstations • Computer Servers • Government Network • Shared, Government-Wide Applications such as Payroll • Enterprise Online Products and Services

4. What We Do Every Day, WTS Provides: • Services to 4,000 locations, 50,000 customers and 600,000 students • 37,000 workstations, 6,700 BlackBerry devices • 40,000 email accounts, 6 million email messages/month (and growing) • 50,000 telephone connections • 1,600 computer servers, storing 15 terabytes of email • 31,000 paycheques processed every two weeks FACTS: * $1,000 Vote * ~ 500 full time employees * Mixed-sourcing model * $250M in annual recoveries

5. The PCI Initiative for Government – Our Role • As the IT infrastructure provider for government, we need to ensure support for compliance with new standards • Working to enhance existing network in light of new standard • Current focus is a core government solution • Initial offering of PCI security monitoring with Liquor Distribution Branch • Initial offering of security monitoring BC Express Pay and Royal BC Museum

6. What We’re Doing • Still in early stages of development • Developing expertise and capacity to ensure success • Ongoing work falls into 3 categories Security Monitoring Vulnerability Management Infrastructure Remediation

7. What We’re Doing • Focused on network segmentation of payment applications and Point of Sale (POS) devices • Benefits: • Reduces size and complexity of annual PCI audit • Provides additional security from internal attacks on the payment stream Security Monitoring Vulnerability Management Infrastructure Remediation

8. What We’re Doing • Focused on recording changes within electronic payment infrastructure • Automated record keeping allows enhanced reporting • Information feeds intoSecurity Monitoring Security Monitoring Vulnerability Management Infrastructure Remediation

9. What We’re Doing • Focused on: • monitoring changes and activity within the electronic payment infrastructure • reporting anomalies • Acquired one of theleading Security Information and EventManagement (SIEM) applications Security Monitoring Vulnerability Management Infrastructure Remediation

10. Where We’re Going • Plan to develop as a shared service offering and very dependent on funding • New PCI standard requires that everything be in place and audited by October 2010 • Beyond PCI, will consider use of application for • Enterprise security • Compliance automation • Log Management • Configuration auditing and provisioning

11. Thank You Nelson Lah Chief Technology Officer Workplace Technology Services Nelson.Lah@gov.bc.ca Shirley Mitrou A/Executive Director, Client Services Integrated Service Solutions Shirley.Mitrou@gov.bc.ca 11