From E-Government to Connected Governance : A Security Perspective

Wei Ming TANHead of Government Relations, Asia Pacific & JapanSymantec Corporation4 February 2009

Government needs to protect the nation’s critical infrastructure

Challenges for a Connected Government

Government needs to deliver more and better integrated services 24/7

Government Agency and State Enterprise need to manage IT risk while

dealing with increasing IT complexity

2

Governments prone to attacks

3

Attacks are not just external, but internal*

“This was the first time that a botnet threatened the national security of an

entire nation” Estonian Defense Minister Jaak Aaviksoo

*Symantec ISTR vol. XIII, Apr 2008

Governments target of data loss

4

*Symantec ISTR vol. XIII, Apr 2008

Government, healthcare and education sectors accounted for 60% of data breaches and 60% of identities exposed*

Connected government poses even greater challenges

5

•Integrated approach

•Collect, reuse and share information

•Connect the ‘silos’ in an environment of trust

Cost-effective & efficient information management and delivery

E-government-as-a-whole concept

•Achieving interoperability between agencies’ systems

•Security in processing TB/PBs of data

•Continual or 24/7 availability of services

ID Theft UnknownAttacks

101010110101011010101101010110101011010101

Worms

Viruses Bots

What keeps Govt CIOs awake?

CMS

RFIDBPM

KM

Security

Privacy

Green IT

DR

Governance

Wired/Wireless

CONFIDENCE IN E-GOV•ENHANCING SECURITY

•PREVENTING DATA LOSS

•IMPROVING COMPLIANCE

6

Symantec as trusted advisor to governments worldwide

7

Cyber Initiatives(US)

Trusted Internet Connections

(US)

Einstein Programs (US)

National Information Assurance Strategy

(UK)

European Programme for Critical Infrastructure Protection

(EU)

Coalition Warrior Interoperability Demonstration

(AUS CAN NZ UK US & NATO)

Security Operations Centers(Global)

International Multilateral Partnership Against

Cyber Threats (IMPACT)

Critical Infrastructure Warning Information Network

(US & UK)

Anti-Phishing Working Group(Global)

Comprehensive national framework

AGENCIES RESPONSIBLE FOR

ICT & CRITICAL INFRASTRUCTURES

& THAICERT

TELCOS

ISPS

TRANSPORT(SEA, AIR,

LAND)WATER

BANKS

FINANCIAL

INSTITU

-TIONS

ENERGY HEALTHINDUSTRY

ADVISORY

GROUP

Private-Public PartnershipInformation security experts

SCADA experts

Information exchange at national levelResearch, trials and evaluation projects

International partnerships

8

Inci

dent

m

anag

emen

t

Ris

k as

sess

men

ts

Sta

ndar

ds

deve

lopm

ent

Cou

nter

larg

e sc

ale

atta

cks

Sound regulations & policies

9

REGULATIONS / POLICIES

National Spam LawComputer Security/Crimes LawData Protection LawOnline Child Safety LawE-Commerce Transaction Law

Government ISO27001

•Analysis of existing policy in comparison with international standards and best practices•Enhancement of policies to fill identified gaps

•Conduct risk assessment•Ensure effectiveness of controls

•Establish plan of actions & milestones•Implement protective measures

•Establish means to monitor compliance•Scorecard for obtaining visibility of government-wide risk posture

10

IT Governance, Risk, & Compliance

IT OperationsImplement & manage IT process & technology to enable online transaction

Protect citizens’ data

IT ComplianceDemonstrate IT controls are in place to protect customer data AND meet data privacy requirements

Thai Computer Crime Act

IT RiskTheft of customer data

Data privacy non-compliance

Business ObjectiveExpand online transactions

Comply with regulations - data privacy; ISO 27001

Symantec Enterprise Solutions

12

INFRASTRUCTURE OPERATIONS

BUSINESS CONTINUITYSTORAGE INFORMATION

RISK & COMPLIANCESECURITY

ServerManagement

Archiving

Backup and Recovery

Storage Management

SecurityManagement

Messaging Management

Data Loss Prevention

IT Compliance

Endpoint Security

Messaging Security

High Availability

Disaster Recovery

Discovery & Retention Management

Endpoint Management

Application Security

The road to Smart THAILAND

• National ICT Master Plan II (2009-2013)– 2nd strategy on “National ICT Governance” – 4th Strategy on “e-Governance”

• National ICT Security Master Plan

• Important priorities– Information security incident policies and management– Business continuity– Compliance and measurement

13

Copyright © 2009 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries.  Other names may be trademarks of their respective owners.

This document is provided for informational purposes only and is not intended as advertising.  All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law.  The information in this document is subject to change without notice.

Wei Ming TAN

Head of Government Relations, APJ

Email : weiming_tan@symantec.com

Mobile : +65 96236998