from e-government to connected governance : a security ... · 2/2/2009 · governments target of...
TRANSCRIPT
![Page 1: From E-Government to Connected Governance : A Security ... · 2/2/2009 · Governments target of data loss 4 *Symantec ISTR vol. XIII, Apr 2008 ... European Programme for Critical](https://reader035.vdocument.in/reader035/viewer/2022070802/5f02b1d87e708231d4058b9b/html5/thumbnails/1.jpg)
From E-Government to Connected Governance : A Security Perspective
Wei Ming TANHead of Government Relations, Asia Pacific & JapanSymantec Corporation4 February 2009
![Page 2: From E-Government to Connected Governance : A Security ... · 2/2/2009 · Governments target of data loss 4 *Symantec ISTR vol. XIII, Apr 2008 ... European Programme for Critical](https://reader035.vdocument.in/reader035/viewer/2022070802/5f02b1d87e708231d4058b9b/html5/thumbnails/2.jpg)
Government needs to protect the nation’s critical infrastructure
Challenges for a Connected Government
Government needs to deliver more and better integrated services 24/7
Government Agency and State Enterprise need to manage IT risk while
dealing with increasing IT complexity
2
![Page 3: From E-Government to Connected Governance : A Security ... · 2/2/2009 · Governments target of data loss 4 *Symantec ISTR vol. XIII, Apr 2008 ... European Programme for Critical](https://reader035.vdocument.in/reader035/viewer/2022070802/5f02b1d87e708231d4058b9b/html5/thumbnails/3.jpg)
Governments prone to attacks
3
Attacks are not just external, but internal*
“This was the first time that a botnet threatened the national security of an
entire nation” Estonian Defense Minister Jaak Aaviksoo
*Symantec ISTR vol. XIII, Apr 2008
![Page 4: From E-Government to Connected Governance : A Security ... · 2/2/2009 · Governments target of data loss 4 *Symantec ISTR vol. XIII, Apr 2008 ... European Programme for Critical](https://reader035.vdocument.in/reader035/viewer/2022070802/5f02b1d87e708231d4058b9b/html5/thumbnails/4.jpg)
Governments target of data loss
4
*Symantec ISTR vol. XIII, Apr 2008
Government, healthcare and education sectors accounted for 60% of data breaches and 60% of identities exposed*
![Page 5: From E-Government to Connected Governance : A Security ... · 2/2/2009 · Governments target of data loss 4 *Symantec ISTR vol. XIII, Apr 2008 ... European Programme for Critical](https://reader035.vdocument.in/reader035/viewer/2022070802/5f02b1d87e708231d4058b9b/html5/thumbnails/5.jpg)
Connected government poses even greater challenges
5
•Integrated approach
•Collect, reuse and share information
•Connect the ‘silos’ in an environment of trust
Cost-effective & efficient information management and delivery
E-government-as-a-whole concept
•Achieving interoperability between agencies’ systems
•Security in processing TB/PBs of data
•Continual or 24/7 availability of services
ID Theft UnknownAttacks
101010110101011010101101010110101011010101
Worms
Viruses Bots
![Page 6: From E-Government to Connected Governance : A Security ... · 2/2/2009 · Governments target of data loss 4 *Symantec ISTR vol. XIII, Apr 2008 ... European Programme for Critical](https://reader035.vdocument.in/reader035/viewer/2022070802/5f02b1d87e708231d4058b9b/html5/thumbnails/6.jpg)
What keeps Govt CIOs awake?
CMS
RFIDBPM
KM
Security
Privacy
Green IT
DR
Governance
Wired/Wireless
CONFIDENCE IN E-GOV•ENHANCING SECURITY
•PREVENTING DATA LOSS
•IMPROVING COMPLIANCE
6
![Page 7: From E-Government to Connected Governance : A Security ... · 2/2/2009 · Governments target of data loss 4 *Symantec ISTR vol. XIII, Apr 2008 ... European Programme for Critical](https://reader035.vdocument.in/reader035/viewer/2022070802/5f02b1d87e708231d4058b9b/html5/thumbnails/7.jpg)
Symantec as trusted advisor to governments worldwide
7
Cyber Initiatives(US)
Trusted Internet Connections
(US)
Einstein Programs (US)
National Information Assurance Strategy
(UK)
European Programme for Critical Infrastructure Protection
(EU)
Coalition Warrior Interoperability Demonstration
(AUS CAN NZ UK US & NATO)
Security Operations Centers(Global)
International Multilateral Partnership Against
Cyber Threats (IMPACT)
Critical Infrastructure Warning Information Network
(US & UK)
Anti-Phishing Working Group(Global)
![Page 8: From E-Government to Connected Governance : A Security ... · 2/2/2009 · Governments target of data loss 4 *Symantec ISTR vol. XIII, Apr 2008 ... European Programme for Critical](https://reader035.vdocument.in/reader035/viewer/2022070802/5f02b1d87e708231d4058b9b/html5/thumbnails/8.jpg)
Comprehensive national framework
AGENCIES RESPONSIBLE FOR
ICT & CRITICAL INFRASTRUCTURES
& THAICERT
TELCOS
ISPS
TRANSPORT(SEA, AIR,
LAND)WATER
BANKS
FINANCIAL
INSTITU
-TIONS
ENERGY HEALTHINDUSTRY
ADVISORY
GROUP
Private-Public PartnershipInformation security experts
SCADA experts
Information exchange at national levelResearch, trials and evaluation projects
International partnerships
8
Inci
dent
m
anag
emen
t
Ris
k as
sess
men
ts
Sta
ndar
ds
deve
lopm
ent
Cou
nter
larg
e sc
ale
atta
cks
![Page 9: From E-Government to Connected Governance : A Security ... · 2/2/2009 · Governments target of data loss 4 *Symantec ISTR vol. XIII, Apr 2008 ... European Programme for Critical](https://reader035.vdocument.in/reader035/viewer/2022070802/5f02b1d87e708231d4058b9b/html5/thumbnails/9.jpg)
Sound regulations & policies
9
REGULATIONS / POLICIES
National Spam LawComputer Security/Crimes LawData Protection LawOnline Child Safety LawE-Commerce Transaction Law
Government ISO27001
•Analysis of existing policy in comparison with international standards and best practices•Enhancement of policies to fill identified gaps
•Conduct risk assessment•Ensure effectiveness of controls
•Establish plan of actions & milestones•Implement protective measures
•Establish means to monitor compliance•Scorecard for obtaining visibility of government-wide risk posture
![Page 10: From E-Government to Connected Governance : A Security ... · 2/2/2009 · Governments target of data loss 4 *Symantec ISTR vol. XIII, Apr 2008 ... European Programme for Critical](https://reader035.vdocument.in/reader035/viewer/2022070802/5f02b1d87e708231d4058b9b/html5/thumbnails/10.jpg)
10
IT Governance, Risk, & Compliance
IT OperationsImplement & manage IT process & technology to enable online transaction
Protect citizens’ data
IT ComplianceDemonstrate IT controls are in place to protect customer data AND meet data privacy requirements
Thai Computer Crime Act
IT RiskTheft of customer data
Data privacy non-compliance
Business ObjectiveExpand online transactions
Comply with regulations - data privacy; ISO 27001
![Page 11: From E-Government to Connected Governance : A Security ... · 2/2/2009 · Governments target of data loss 4 *Symantec ISTR vol. XIII, Apr 2008 ... European Programme for Critical](https://reader035.vdocument.in/reader035/viewer/2022070802/5f02b1d87e708231d4058b9b/html5/thumbnails/11.jpg)
![Page 12: From E-Government to Connected Governance : A Security ... · 2/2/2009 · Governments target of data loss 4 *Symantec ISTR vol. XIII, Apr 2008 ... European Programme for Critical](https://reader035.vdocument.in/reader035/viewer/2022070802/5f02b1d87e708231d4058b9b/html5/thumbnails/12.jpg)
Symantec Enterprise Solutions
12
INFRASTRUCTURE OPERATIONS
BUSINESS CONTINUITYSTORAGE INFORMATION
RISK & COMPLIANCESECURITY
ServerManagement
Archiving
Backup and Recovery
Storage Management
SecurityManagement
Messaging Management
Data Loss Prevention
IT Compliance
Endpoint Security
Messaging Security
High Availability
Disaster Recovery
Discovery & Retention Management
Endpoint Management
Application Security
![Page 13: From E-Government to Connected Governance : A Security ... · 2/2/2009 · Governments target of data loss 4 *Symantec ISTR vol. XIII, Apr 2008 ... European Programme for Critical](https://reader035.vdocument.in/reader035/viewer/2022070802/5f02b1d87e708231d4058b9b/html5/thumbnails/13.jpg)
The road to Smart THAILAND
• National ICT Master Plan II (2009-2013)– 2nd strategy on “National ICT Governance” – 4th Strategy on “e-Governance”
• National ICT Security Master Plan
• Important priorities– Information security incident policies and management– Business continuity– Compliance and measurement
13
![Page 14: From E-Government to Connected Governance : A Security ... · 2/2/2009 · Governments target of data loss 4 *Symantec ISTR vol. XIII, Apr 2008 ... European Programme for Critical](https://reader035.vdocument.in/reader035/viewer/2022070802/5f02b1d87e708231d4058b9b/html5/thumbnails/14.jpg)
Copyright © 2009 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.
This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice.
Wei Ming TAN
Head of Government Relations, APJ
Email : [email protected]
Mobile : +65 96236998