Transcript Slide 1
WTS and PCI Nelson Lah Chief Technology Officer Workplace Technology Services May 27, 2009 •WTS - Who We Are and What We Do •PCI Initiative for Government – Our Role •What We’re Doing •Where We’re Going Who We Are Workplace Technology Services (WTS) Provides… • Shared Services Technology Infrastructure for all 19 Ministries and 168 Broader Public Sector Organizations • Technology Infrastructure includes: • Computer Workstations • Computer Servers • Government Network • Shared, Government-Wide Applications such as Payroll • Enterprise Online Products and Services What We Do Every Day, WTS Provides: • • • • • • Services to 4,000 locations, 50,000 customers and 600,000 students 37,000 workstations, 6,700 BlackBerry devices 40,000 email accounts, 6 million email messages/month (and growing) 50,000 telephone connections 1,600 computer servers, storing 15 terabytes of email 31,000 paycheques processed every two weeks FACTS: * $1,000 Vote * ~ 500 full time employees * Mixed-sourcing model * $250M in annual recoveries The PCI Initiative for Government – Our Role • As the IT infrastructure provider for government, we need to ensure support for compliance with new standards • Working to enhance existing network in light of new standard • Current focus is a core government solution • Initial offering of PCI security monitoring with Liquor Distribution Branch • Initial offering of security monitoring BC Express Pay and Royal BC Museum What We’re Doing • Still in early stages of development Security Monitoring • Developing expertise and capacity to ensure success Vulnerability Management Infrastructure Remediation • Ongoing work falls into 3 categories What We’re Doing • Focused on network segmentation of payment applications and Point of Sale (POS) devices • Benefits: • Reduces size and complexity of annual PCI audit • Provides additional security from internal attacks on the payment stream Security Monitoring Vulnerability Management Infrastructure Remediation What We’re Doing • Focused on recording changes within electronic payment infrastructure • Automated record keeping allows enhanced reporting Security Monitoring • Information feeds into Security Monitoring Vulnerability Management Infrastructure Remediation What We’re Doing • Focused on: • monitoring changes and activity within the electronic payment infrastructure • reporting anomalies • Acquired one of the leading Security Information and Event Management (SIEM) applications Security Monitoring Vulnerability Management Infrastructure Remediation Where We’re Going • Plan to develop as a shared service offering and very dependent on funding • New PCI standard requires that everything be in place and audited by October 2010 • Beyond PCI, will consider use of application for • Enterprise security • Compliance automation • Log Management • Configuration auditing and provisioning Thank You Nelson Lah Chief Technology Officer Workplace Technology Services [email protected] Shirley Mitrou A/Executive Director, Client Services Integrated Service Solutions [email protected] 11