1 / 18

PSN Governance and Security

PSN Governance and Security. Mike Thomas – 28 th January 2011. About Global Crossing. Trusted and Experienced Communications Integrator to the UK Government Offering proven, flexible and secure services First Integrated Global IP Network >7Tbps per day 64% of the world’s internet traffic

forest
Download Presentation

PSN Governance and Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. PSN Governance and Security Mike Thomas – 28th January 2011

  2. About Global Crossing • Trusted and Experienced Communications Integrator to the UK Government • Offering proven, flexible and secure services • First Integrated Global IP Network • >7Tbps per day • 64% of the world’s internet traffic • Third largest Network in UK • Security focused • Pan Gov - IL3 Network • Pan Gov – IL3 Hosted Voice • Provider of MTS

  3. Providing Services to Demanding Clients

  4. PSN Governance

  5. What is Governance for? Define Expectations • Ensure equality for all Review Performance • Maintain Standards Grant Power • Dispute Resolution

  6. PSN In-Service Governance XGEA CIO Council ARB ICT OCB CTOC PSN Operating Board Participating SIROs PSN SIRO PSN Authority Contracting Authorities Risk & Accreditation Compliance Consultation Compliance Consultation Dispute Management Regulation PSNGB Communication Consultation Framework Authorities GCN Governing Board Customer Board

  7. How is the PSNA made up?

  8. PSN Security

  9. PSN Entities

  10. Codes

  11. Interconnected Codes and Contracts • GCN commitments in a Deed of Undertaking (DoU) • Direct Network Service Provider (DNSP) commitments in Code of Interconnection (CoICo) • Other PSN Service Providers commitments in a Code of Practice (CoP) • Customer commitments are in a signed Code of Connection (CoCo) • Adherence is baked into supply chain through contracts

  12. Security Video Voice One Connection..... Multiple Security levels............. Multiple Users....... Endless Applications................... Data Video Voice Data Encryption Base Level of PSN/GCN Gateways

  13. For a customer, PSN Compliance means..... Commercial compliance Demonstrate VFM; comply with public sector procurement regulations Not exclusive to a single vendor, and keep the market open to other vendors Are sharable with other parts of the public sector Procure services, not networks: funded by revenue, not capital expenditure Recognise the authority of the PSN Governance bodies Maximise the degree to which ICT is commoditised Specify that suppliers comply with the requirements of a CoP/CoICo Technical Interoperability Compliance Compliance with a set of technical and security standards to allow interoperability with other PSN services Security Compliance • Compliance with a set of security requirements to ensure behaviours Service Management Compliance • Agreement to comply with the Service Management Framework. • Agreement to co-operate in resolving Incidents that span across service providers/customers

  14. PSN Service Certification All Services must be Certified • Combines Accreditation plus compliance verification • Services are certified, not companies • Direct or Indirect access to the GCN must be included • There are no PSN Certified products available as today’s date The Customer environment must be certified for usage. PSN Certification is for a defined period Self verified each year 20% of Services will be externally verified each year.

  15. Security Compliance - summary • Standardised IA Conditions for each: • Impact Level: IL2, IL3, IL4 • Service Type: Connectivity, Web, Email, Telephony and Video • More Impact Levels and Service Types will be developed, driven by demand • Accreditation process should • Take the PSN IA Conditions (not re-invent) • Consider any additional threats and countermeasures • Centre on shared models for Threat Profiles and Risk Appetites • Ability to give “Fit for Consumption” Accreditation (and hence PSN Compliance Certification) for PSN Services before they have customers

  16. Accreditation Challenge • Do the Condition once, do it well and re-use • Accreditation Scope, boundaries • Think of layers and end-points, not higher walls and strongholds • Who is managing the service? • Some Service Providers provide outsourcing use off-shoring, but are the risks understood and managed today? • Understand the Reliance picture (upstream) • What underlying services do the Service Provider use to create their service • Do SLAs flow through the supply chain? • What Risk appetite and Threat Profile are the services engineered to • Understand the Liability picture (downstream) • The Service Provider may not know how much customers depend on them • Impact Assessments

  17. Common standards build trust • There must always be an accountable entity which may be liable • Who appears before any enquiry? • A Departmental SIRO’s accountability for Information does not change • To enable savings, Accreditations will be built on • Overseen by PGA and Infrastructure SIRO • Infrastructure SIRO, on behalf of all participating SIROs, will be responsible for approving services to operate across the pan government infrastructure • Think of layers and end-points, not higher walls and strongholds • Need to trust each others’ IA processes and assurance. • Both Public Sector and Industry • The use of common IA standards for shared models for Threat Profiles and Risk Appetites is the foundation

  18. Thank You Mike Thomas Global Crossing 0203 356 4774 mike.thomas@globalcrossing.com

More Related