security alberta
DESCRIPTION
Security Alberta. Tim McCreight, CISO – Government of Alberta Moderator: Moderator: Illena Armstrong, editor-in-chief, SC Magazine. WARNING. This Speaker may contain coarse language, personal opinions and occasional scenes of nudity and is rated for adult audiences. - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Security Alberta](https://reader035.vdocuments.net/reader035/viewer/2022062305/568151ee550346895dc028b1/html5/thumbnails/1.jpg)
Security Alberta Tim McCreight, CISO – Government of Alberta Moderator: Moderator: Illena Armstrong, editor-in-chief,
SC Magazine
![Page 2: Security Alberta](https://reader035.vdocuments.net/reader035/viewer/2022062305/568151ee550346895dc028b1/html5/thumbnails/2.jpg)
WARNING
This Speaker may contain coarse language, personal opinions and occasional scenes of
nudity and is rated for adult audiences.
Viewer discretion is advised.
![Page 3: Security Alberta](https://reader035.vdocuments.net/reader035/viewer/2022062305/568151ee550346895dc028b1/html5/thumbnails/3.jpg)
Outline
• Quick Intro• The past…• …meets the Auditors• Issues & Threats• Progress made• Looking ahead• Q&A
![Page 4: Security Alberta](https://reader035.vdocuments.net/reader035/viewer/2022062305/568151ee550346895dc028b1/html5/thumbnails/4.jpg)
Quick Intro
• Almost 30 years in Information Systems, Physical and IT security
• Certifications in both Physical and IT Security…
• Audit experience, too!• Interesting
combination…
![Page 5: Security Alberta](https://reader035.vdocuments.net/reader035/viewer/2022062305/568151ee550346895dc028b1/html5/thumbnails/5.jpg)
The Past
![Page 6: Security Alberta](https://reader035.vdocuments.net/reader035/viewer/2022062305/568151ee550346895dc028b1/html5/thumbnails/6.jpg)
The Past – con’t
• Each division responsible for security
• Each area spent based on their perception of risk…
• Some areas mature, others – not
• Not conducive to sharing…
![Page 7: Security Alberta](https://reader035.vdocuments.net/reader035/viewer/2022062305/568151ee550346895dc028b1/html5/thumbnails/7.jpg)
Meets the Auditors
![Page 8: Security Alberta](https://reader035.vdocuments.net/reader035/viewer/2022062305/568151ee550346895dc028b1/html5/thumbnails/8.jpg)
Meets the Auditors
• OAG Report in 2008 identified major issues:– Identified flaws in the
federated model for IT Security
– Individual departments not following one central approach
– No overall area responsible for security
![Page 9: Security Alberta](https://reader035.vdocuments.net/reader035/viewer/2022062305/568151ee550346895dc028b1/html5/thumbnails/9.jpg)
Issues and Threats
![Page 10: Security Alberta](https://reader035.vdocuments.net/reader035/viewer/2022062305/568151ee550346895dc028b1/html5/thumbnails/10.jpg)
Issues and Threats – con’t
• Coordinating across multiple divisions
• Budget• Resources• Moving to web-centric
services:– Citizen’s portal– Identity & Access
Management– Reliance on Social
Media
• Increased scrutiny from public, etc.
• Malware and blended threats
• Mix of new/old technologies
• Coordinating with multiple service providers…
![Page 11: Security Alberta](https://reader035.vdocuments.net/reader035/viewer/2022062305/568151ee550346895dc028b1/html5/thumbnails/11.jpg)
Progress Made
![Page 12: Security Alberta](https://reader035.vdocuments.net/reader035/viewer/2022062305/568151ee550346895dc028b1/html5/thumbnails/12.jpg)
Progress Made – con’t
• Created Directives:– Based on ISO– Endorsed by Sr.
Management– Identified “rules of the road”
for IS Security
• Created central monitoring and surveillance program
• Developed forensic examination capabilities
• Sought industry-leading Managed Security Services
• Began reaching out to other security/risk groups
• Focused on enforcement• Began cleanup of ID’s,
privileges and access control
• Linked with Corporate Architecture
![Page 13: Security Alberta](https://reader035.vdocuments.net/reader035/viewer/2022062305/568151ee550346895dc028b1/html5/thumbnails/13.jpg)
Progress Made – con’t
• Focused on education:– Online eLearning
course– Online brochure
• Got a seat at the table for:– Social Media policy– Overarching Security
Policy
![Page 14: Security Alberta](https://reader035.vdocuments.net/reader035/viewer/2022062305/568151ee550346895dc028b1/html5/thumbnails/14.jpg)
Looking Ahead
![Page 15: Security Alberta](https://reader035.vdocuments.net/reader035/viewer/2022062305/568151ee550346895dc028b1/html5/thumbnails/15.jpg)
Looking Ahead – con’t
• Goal: protect the data/core:– Never win the endpoint security game– User behavior still an issue…
• How to achieve this state:– Virtualization– Enhanced Security Operations Centre (SOC)– BYOC– Intelligent traffic scanning
![Page 16: Security Alberta](https://reader035.vdocuments.net/reader035/viewer/2022062305/568151ee550346895dc028b1/html5/thumbnails/16.jpg)
Embracing Virtualization
• Move toward this cautiously..
• Focus on removing the endpoint issues:– Locked down session– Roles based control– Forced path to apps– Use technology to
meet business requirements
![Page 17: Security Alberta](https://reader035.vdocuments.net/reader035/viewer/2022062305/568151ee550346895dc028b1/html5/thumbnails/17.jpg)
Enhanced SOC
• Integrate SOC into all IT components:– MSS– Network
• Boundary• Internal
– Wireless– Virtual environment
• Desktops• Servers
– Physical systems
![Page 18: Security Alberta](https://reader035.vdocuments.net/reader035/viewer/2022062305/568151ee550346895dc028b1/html5/thumbnails/18.jpg)
BYOC
• What if we didn’t care what you used to:– Access email– Connect to applications– Generally, work!
• Bring Your Own Computer!
• Secure, virtual containers• App store…• RBAC/fine-grained
control• No data left behind…
![Page 19: Security Alberta](https://reader035.vdocuments.net/reader035/viewer/2022062305/568151ee550346895dc028b1/html5/thumbnails/19.jpg)
Intelligent Traffic Scanning
• A virtual world has challenges:– Tough to prove segregation
• Need to build Defense in Depth:– Escalating trust levels– Finite access control– More mgmt
scanning/logging– Scanning active/dormant
VM’s– Monitor, authenticate and
authorize…
![Page 20: Security Alberta](https://reader035.vdocuments.net/reader035/viewer/2022062305/568151ee550346895dc028b1/html5/thumbnails/20.jpg)
Questions?
![Page 21: Security Alberta](https://reader035.vdocuments.net/reader035/viewer/2022062305/568151ee550346895dc028b1/html5/thumbnails/21.jpg)
Thank You!
Tim McCreight, CISSP CPP CISA
Chief Information Security Officer
Government of Alberta