1 / 23

Enhancing Security and Trust: The Role of SVB in Information Protection and Quality Service

As the Information Security Officer at SVB (Sociale Verzekeringsbank), Peter De Witte emphasizes the importance of maintaining robust security measures while delivering high-quality citizen services to over 5 million clients. With a history of managing various national insurance schemes, the SVB is committed to adapting its security strategies in response to evolving threats, such as the Diginotar incident. By fostering awareness among employees and clients, adhering to standards like NEN-ISO/IEC 27002, and implementing effective incident response protocols, SVB aims to maximize both trust and effectiveness in its operations.

bishop
Download Presentation

Enhancing Security and Trust: The Role of SVB in Information Protection and Quality Service

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Introduction • Peter De Witte • Information Security Officerfor the IT Department • Advisor for • Software Development • Infrastructure

  2. Introduction SVB • SVB SocialeVerzekeringsbank • 15 different national insurance schemes. • Child Benefits, AOW Pensions, Anw Survivor Benefits • 100 years + • 5 Million Clients • € 35 Billion on a yearly basis.

  3. how can SVB assure adequate levels of securityand gaincustomers trust, while maximizingqualityandeffectivenessof citizen service? 25 may 2012

  4. Security, Trust, Quality & Effectiveness • Awareness • Provide a secure IT • Proper use of availablechannels • Adequate response to incidents

  5. Customer Awareness

  6. Employee Awareness • Code ofConduct • Security Guidelines • Classification ofinformation • Incident response • Organisation ofInformation Security

  7. Employee Awareness • Email policy

  8. Provide a secure IT • NEN-ISO/IEC 27002:2007 nl (BS27002) • CMMi • ITIL • OWASP • Security testing • Standard forwebapplicationsprovidedbyLogius in cooperation with NCSC

  9. Trusted Channels

  10. 3 Security levels for DIGID: Basis: login code (username + password) Middle: login code + textmessage on a mobile phone High:electronicidentifier (notyetimplemented)

  11. Shared secret Soon: 2 way sslauthentications Open A Select server Soon: SAML Server

  12. PKI GovernmentCertificates

  13. Public channels

  14. Response to incidents: Case Diginotar • Diginotar: certificateswere no longertrusted • DIGID was affecteddirectly, SVB indirectly • Ifcustomerswantedto login, theyreceived a warningof anunsafecertificate

  15. Case Diginotar: response SVB (short term) • Form aninternal crisisteam • Inventory of SVB certificates • Link up withother sister organisationsandMinistry of the Interior and Kingdom Relations • Communication to the customer, ifnecessary

  16. Case Diginotar: response SVB (long term) • Back-up CA • Investigation of the Dutch Safety Board • CooperatewithLogiusand sister organisationstodevelopandimplement new standards frameworkfor users of DIGID • Start of expert center intiatedby public service providers

  17. Responses fromexternalparties SUWI: “the SVB has a technical and organizational infrastructure of such a standard, that such an incident can be adequately addressed.Apparently the citizens understood where the problems where and have enough confidence in the SVB web service to continue itsuse.” Dutch Safety Board (stillunofficial): Indicationtowards a positivereaction National Ombudsman: Positivereactiontowardshow SVB deals withcustomersand customer data

  18. Future • Keep ourown security up to date • Proactivetowards new developments, likecloud. • Cooperation withexternalparties

  19. Questions?

More Related