slide1 n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Introduction PowerPoint Presentation
Download Presentation
Introduction

Loading in 2 Seconds...

play fullscreen
1 / 23

Introduction - PowerPoint PPT Presentation


  • 136 Views
  • Uploaded on

Introduction. Peter De Witte Information Security Officer for the IT Department Advisor for Software Development Infrastructure. Introduction SVB. SVB Sociale Verzekeringsbank 15 different national insurance schemes. Child Benefits, AOW Pensions, Anw Survivor Benefits

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Introduction' - regan-conway


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
introduction
Introduction
  • Peter De Witte
  • Information Security Officerfor the IT Department
  • Advisor for
    • Software Development
    • Infrastructure
introduction svb
Introduction SVB
  • SVB SocialeVerzekeringsbank
  • 15 different national insurance schemes.
  • Child Benefits, AOW Pensions, Anw Survivor Benefits
  • 100 years +
  • 5 Million Clients
  • € 35 Billion on a yearly basis.
25 may 2012

how can SVB assure adequate levels of securityand gaincustomers trust, while maximizingqualityandeffectivenessof citizen service?

25 may 2012

security trust quality effectiveness
Security, Trust, Quality & Effectiveness
  • Awareness
  • Provide a secure IT
  • Proper use of availablechannels
  • Adequate response to incidents
employee awareness
Employee Awareness
  • Code ofConduct
  • Security Guidelines
  • Classification ofinformation
  • Incident response
  • Organisation ofInformation Security
employee awareness1
Employee Awareness
  • Email

policy

provide a secure it
Provide a secure IT
  • NEN-ISO/IEC 27002:2007 nl (BS27002)
  • CMMi
  • ITIL
  • OWASP
  • Security testing
  • Standard forwebapplicationsprovidedbyLogius in cooperation with NCSC
slide12

3 Security levels for DIGID:

Basis: login code (username + password)

Middle: login code + textmessage on a mobile phone

High:electronicidentifier (notyetimplemented)

slide13

Shared secret

Soon: 2 way sslauthentications

Open A Select server

Soon: SAML Server

response to incidents case diginotar
Response to incidents: Case Diginotar
  • Diginotar: certificateswere no longertrusted
  • DIGID was affecteddirectly, SVB indirectly
  • Ifcustomerswantedto login, theyreceived a warningof anunsafecertificate
case diginotar r esponse svb short term
Case Diginotar: response SVB (short term)
  • Form aninternal crisisteam
  • Inventory of SVB certificates
  • Link up withother sister organisationsandMinistry of the Interior and Kingdom Relations
  • Communication to the customer, ifnecessary
case diginotar response svb long term
Case Diginotar: response SVB (long term)
  • Back-up CA
  • Investigation of the Dutch Safety Board
  • CooperatewithLogiusand sister organisationstodevelopandimplement new standards frameworkfor users of DIGID
  • Start of expert center intiatedby public service providers
responses from external parties
Responses fromexternalparties

SUWI:

“the SVB has a technical and organizational infrastructure of such a standard, that such an incident can be adequately addressed.Apparently the citizens understood where the problems where and have enough confidence in the SVB web service to continue itsuse.”

Dutch Safety Board (stillunofficial):

Indicationtowards a positivereaction

National Ombudsman:

Positivereactiontowardshow SVB deals withcustomersand customer data

future
Future
  • Keep ourown security up to date
  • Proactivetowards new developments, likecloud.
  • Cooperation withexternalparties