Download
1 / 6
60 likes | 176 Views
In June 2009, Bob Bence, CIO of St. Louis County, presented essential strategies for securing and protecting citizens' sensitive data. The session covered necessary information in need of protection, including personal identifiers, medical records, and law enforcement data. Key topics included establishing a culture of security awareness, compliance with regulations like HIPAA and PCI, and implementing robust IT architecture. Policies to identify confidential information, limit access, and ensure data is redacted were emphasized, alongside the importance of security audits and governance.
E N D
Securing and Protecting Citizens' Data Bob Bence CIO St. Louis County June 18, 2009
Citizen Data • Information Needing Protection • Governance • Policies • IT Architecture
Information Needing Protection • Personal identification (SSN) • Medical records • Credit card • Law enforcement • Criminal history records • Finger prints • Certain addresses on real estate web site • Stalking victims
Governance • Have a culture of awareness & security • Compliance (HIPAA, PCI, CJIS, etc) • IT Security Team • Peer Reviews, Gartner • Security report to IT Steering Committee three times/yr • Internal & External security audits
Policies • Identify & label Confidential & Private information • Limit access to systems with sensitive information • No credit card numbers stored on our systems • Website privacy statement on web site • Redact personal information • Review web content before posting • Security section in bids & RFPs
St. Louis County E-commerce Architecture DMZ Zone 1 Zone 2 Zone 3 Applicat-ion Servers Database Server Web Servers Internet W S EC FW2 FW1 FW3 FW = Firewall S = Switch W = Web Application Firewall • VLANS for network segmentation
