1 / 12

Statistics Canada’s strategic approach to IT Security

Statistics Canada’s strategic approach to IT Security. OECD Conference on IT Security Paris, April 19th and 20th, 2001 Dave Venables Director, Informatics Technology Services Division Statistics Canada (613) 951-8428 dave.venables@statcan.ca. Overview. Business requirements Threats

ltrejo
Download Presentation

Statistics Canada’s strategic approach to IT Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Statistics Canada’s strategic approach to IT Security OECD Conference on IT Security Paris, April 19th and 20th, 2001 • Dave Venables • Director, Informatics Technology Services Division • Statistics Canada • (613) 951-8428 • dave.venables@statcan.ca

  2. Overview • Business requirements • Threats • Overall strategy • Tactics • Challenges • Summary

  3. Organisational Character • Statistics Canada comprises: • 5100 employees at Headquarters • 650 employees in 9 Regional Offices • 1200 interviewers in the Regions • Informatics is integral to our business: • 850 IT Staff, 400 in Central Informatics • 7,000 workstations; 300 Servers; 1 Mainframe • Strong corporate culture • Security

  4. Business requirements • Maintain respondent confidence • Protect respondent confidentiality • Preserve data integrity • Ensure data availability • Facilitate data accessibility • Support ongoing operations

  5. Threats • Unauthorised disclosure • Data collection • Collected micro-data and Published data • Authentication • Collection and Access • Accessibility • denial of service • Viruses • known, variants and unknown

  6. Overall Strategy • Centrally managed infrastructure • Dual Network • Prevention • Proactive • Balance operational flexibility with safeguards

  7. Tactics • Dual network with air gap • Internal network (A) for confidential data • External network (B) for published data • Robotic A/B switch • Manual A/B switch • Firewall with hardened OS • Automatic encryption • between HQ, RO and interviewers

  8. Tactics • Interviewer Laptop - full disk encryption • Internal access controls • Token based remote access • Anti-virus desktop software • Anti-virus software at firewall • Attribute checking of email at firewall • Inbound overnight mail queued

  9. Tactics • Oath • Clear security policy • Clear security practices • Proactive security awareness program • Regular automated policy reminder • Proactive entry attempts

  10. Challenges • Full disk encryption for all laptops • Increased electronic data reporting • External data research centres • Virus detection for encrypted information • Wireless technology • PDAs • Other new technology

  11. Summary • Strong security culture • Some operational inconvenience • Room for improvement • Continual reassessment • High respondent confidence • High level of protection

  12. Schematic

More Related