Cyber Authentication Renewal Project Executive Overview June – 2006 30 minute Brief.

Slides:

Advertisements

Similar presentations

State of Indiana Business One Stop (BOS) Program Roadmap Updated June 6, 2013 RFI ATTACHMENT D.

Advertisements

HR Manager – HR Business Partners Role Description

Overview of Priorities and Activities: Shared Services Canada Presentation to the Information Technology Infrastructure Roundtable June 17, 2013 Liseanne.

Becoming a Strategic Partner: Key Leadership Competencies

GLOBAL BEST PRACTICES IN PUBLIC ADMINISTRATION REFORMS: A COLLECTIVE, MERIT-BASED APPROACH TO MANAGING WORKFORCE ADJUSTMENT PUBLIC SERVICE COMMISSION OF.

IDESG Goals & Work-plans for 2013 and beyond Brett McDowell IDESG Management Council Chair

Internal Audit : Framework for the Management of Compliance Presentation at FMI meeting Sept

Our aim is to understand how to deliver effective cyber security both within the UK and internationally. We will make this knowledge available to governments,

Dr. Julian Lo Consulting Director ITIL v3 Expert

Priority Project Update PSSD-CIO Joint Council Meeting Lac Carling, May 28, 2003 Service Delivery to Business and Mapping.

© 2007 by Prentice Hall1-1 Chapter 1 Meeting Present and Emerging Strategic Human Resource Challenges.

1 July 23, 2002 Strategic Technology Plan Briefing to LOT Committee.

Moving from money well accounted for to money well spent UK Information Technology Summit May 2005 Helen McDonald A/Chief Information Officer Treasury.

Geneva, Switzerland, September 2014 Introduction of ISO/IEC Identity Proofing Patrick Curry Director, British Business Federation Authority.

Federating Identity Management in the Government of Canada Identity North Conference November 20 th 2012 Presented by: Rita Whittle Senior Director, Cyber.

Inter-jurisdictional Service Delivery Initiatives Overview of Key Potential Opportunities Victor Abele Public Sector Service Delivery Council February.

The Crown and Suppliers: A New Way of Working People & Security15:35 – 16:20 Channels & Citizen Engagement Social Media ICT Capability Risk Management.

Charting a course PROCESS.

Information Technology Audit

Internal Auditing and Outsourcing

1 EDUCAUSE Midwest Regional Conference Top Strategies for Working with Stakeholders: Synopses of Recommendations from the Identity Management Summit Mark.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Information Security Governance 25 th June 2007 Gordon Micallef Vice President – ISACA MALTA CHAPTER.

2006 CACR Privacy and Security Conference November 3, 2006 Identity: Setting the Larger Context, Achieving the Right Outcomes.

DMV’s Service Transformation Program AASHTO Auditor’s Conference Tom McClellan, DMV Administrator and Dawn Farr, Interim STP Lead Oregon Department of.

Internet Trust Defined. Delivered. Electronic Business the Way It Was Meant to Be.

Dao Dinh Kha National Centre of Digital Signature Authentication - Agency of Information Technology Application A vision on a national Electronic Authentication.

1©NQI NQI Progressive Excellence Criteria for the Federal Public Service No part of this publication may be reproduced, stored in a retrieval system, or.

THE REGIONAL MUNICIPALITY OF YORK Information Technology Strategy & 5 Year Plan.

1 Identity and Transparency ( Bridging the GAPS of Governance Bridging the GAPS of Governance in eGov Initiatives in eGov Initiatives )‏ Badri Sriraman.

Session Chair: Peter Doorn Director, Data Archiving and Networked Services (DANS), The Netherlands.

GC Credential Management Evolution for the OASIS/World Bank eGov Workshop 17 th April, 2009For information, please contact:

International ILO Conference - November 2009 Maurice Dhooge Global Health & Safety Department.

E-Authentication: Simplifying Access to E-Government Presented at the PESC 3 rd Annual Conference on Technology and Standards May 1, 2006.

Enterprise Architecture, Enterprise Data Management, and Data Standardization Efforts at the U.S. Department of Education May 2006 Joe Rose, Chief Architect.

1 The World Bank Internet Services Program Rajan Bhardvaj

9 Systems Analysis and Design in a Changing World, Fourth Edition.

Chapter 3 Strategic Information Systems Planning.

Example Incident Mgmt Initiation No recording of Incidents Users can approach different departments Solutions of previous incidents are not available.

Data Governance 101. Agenda  Purpose  Presentation (Elijah J. Bell) Data Governance Data Policy Security Privacy Contracts  FERPA—The Law  Q & A.

Public Works and Government Services Canada Travaux publics et Services gouvernementaux Canada Brenda Watkins Director Policy and Business Strategies Information.

Student Technology Services June Student Technology Services Team Dedicated to creating a holistic strategy to improve the technological services.

Information Security IBK3IBV01 College 3 Paul J. Cornelisse.

Transformational Government Workshop 9 th December 2010 Washington DC.

1 Planning and Programming for Effective Use of External Audit Resources Victor Rezendes Managing Director Strategic Issues U.S. General Accounting Office.

Joint Priority Project #2: Service Visions and Mapping Presentation to PSSDC/PSCIOC Winnipeg, Manitoba, September 28, 2004 By: Industry Canada Ontario.

12-CRS-0106 REVISED 8 FEB 2013 APO (Align, Plan and Organise)

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

CHANGE READINESS ASSESSMENT Measuring stakeholder engagement and attitude to change.

Information Sharing for Integrated Care A 5 Step Blueprint.

A Framework for Marketing Management International Edition 2 Developing Marketing Strategies and Plans 1.

ICAJ/PAB - Improving Compliance with International Standards on Auditing Planning an audit of financial statements 19 July 2014.

UNDERSTANDING INFORMATION MANAGEMENT (IM) WITHIN THE FEDERAL GOVERNMENT.

Canadian SNOMED CT Strategy October 2012 Draft. Content 1 Background Approach Current State Future State Considerations Action Plan.

TM Rosemarie Day, President Sarah Matousek, Consultant.

Shared Services Initiative Summary of Findings and Next Steps.

Shared Services and Third Party Assurance: Panel May 19, 2016.

Agenda VA’s Transformation Continues

Supervision of Insurance Market Conduct in Canada

Update from the Faster Payments Task Force

IT Governance at the SCO

Training Course on Integrated Management System for Regulatory Body

EDUCAUSE Fed/Higher ED PKI Coordination Meeting

Policy on Transfer Payments Renewal

Introduction of ISO/IEC Identity Proofing

Employee engagement Delivery guide

MAZARS’ CONSULTING PRACTICE Helping your Business Venture Further

MAZARS’ CONSULTING PRACTICE Helping your Business Venture Further

Acquisitions Business Model Business Innovations and To-be Model

Presentation transcript:

Cyber Authentication Renewal Project Executive Overview June – minute Brief

2 Agenda Background Business Problem Assessment Business Vision Transformation Strategy Next Steps

3 Background: Project Scope Online electronic service delivery (1-channel) Horizontal GC-wide authentication Both internal & external subscribers ePass Services that rely on cyber authentication: –Identity Management –Authorization –Transactions No classified or Protected C systems

4 Background: Project Triggers Global trend-enterprise services Global trend - shared services TB commitment - shared services TB direction - contestable services MAF - distributed responsibility Policy Suite Renew - window of opportunity ID Management - credential element IT Security Strategy - GC-wide initiatives

5 Background: Approach Engage key stakeholders –Service Canada, CRA, PWGSC, CSE, TBS Short & focused on business –5 week effort, précis like deliverables Focus on problems, vision and activities –Needs follow-on overall planning Breadth over depth –Details in follow-on projects

6 Business Problem Assessment: Target Groups Subscribers - entities that hold credentials and present them on-line to acquire service –Examples: employees, contractors, agents, citizens, businesses Credential Service Providers - entities that provide, maintain and govern credentials –Examples: programs, departments, ePass, provinces, municipalities, banks Relying Parties - entities that accept credentials on-line from subscribers in a specific context –Examples: programs, provinces, municipalities

7 Business Problem Assessment: Summary of Problems Usability –Need simple subscriber experience Good Solution Design –Need agile, non-duplicated, balanced, federated solution Management and Governance –Need horizontal, consistent, multi-jurisdictional governance Privacy and Legislation –Need balanced privacy solution & clear legal framework Security and Integrity –Need comprehensive IDM with assurance levels & traceability Relying Party / Provider Service –Need business collaboration agreements & clear costing model

8 Business Problem Assessment: Example of Problem in Employee Space

9 Business Problem Assessment: Cyber Authentication Adoption

10 Business Vision: Vision Statement Online clients of GC services require privacy and identity protection while using seamless online authentication services that are effective and of an assurance appropriate to the business risks.

11 Business Vision: Example of the Vision in Employee Space

12 Business Vision: Key Innovations 1 Client-controlled information service –Enables control, consent and minimal disclosure Citizen/Business use of external CSP credentials –Enables citizen credential choice Establish credential control assurance levels –Enables program flexibility in meeting business needs Establish identity assurance levels –Enables program flexibility in meeting business needs Innovations are new processes, capabilities, standards, methods, and tools often contrary to established norms.

13 Business Vision: Key Innovations 2 Establish Credentialing Federation Council –Service user governance on business issues / privacy / security Establish interoperability framework –Enables contestable market services Combine logical & physical access for employee –Enables single use credential for GC access Establish GC employee authoritative source – Enables rapid, cost effective, and secure solutions

14 Business Vision: Benefits 1 Employees, citizens and businesses will … Experience seamless access to government services, departments and jurisdictions Have a choice of credential service providers Have appropriate control over and consent for information sharing

15 Business Vision: Benefits 2 Government will … Enable subscriber authentication for all programs Avoid duplication of effort & costs Provide higher integrity information Harness contestable market benefits Act as an integrated enterprise Offer self-service to subscribers Potentially reduced service delivery costs

16 Business Vision: Benefits 3 A Federated approach… Improves government alliances with autonomy Allows growth through improved interoperability and decreased deployment time Avoids single points of failure Deploys faster using existing authentication services

17 Transformation Strategy: Principles Adopt a GC wide enterprise perspective Encourage contestable markets Citizen/business choice on credentials used Provide a harmonized client experience Support cross-jurisdictional interaction Establish horizontal governance Adopt service model for joined up service delivery

18 Transformation Strategy: Policy Initiatives Establish - authentication program Influence - Policy on Service to the GC and the Enterprise Architecture Extend - Common Look and Feel to include an online transactions standard Establish - online transaction audit - electronic records as documentary evidence standard Establish - credential control assurance standard Establish - GC credential policy Displace - Electronic Authorization and Authentication Policy to other policy instruments

19 Transformation Strategy: Enterprise Initiatives Establish - authentication responsibility centre Adopt - Enterprise wide behaviour Establish - funding model to encourage enterprise behaviour Establish - communications, stakeholder engagement and education strategy

20 Transformation Strategy: Implementation Considerations Requires strategic & tactical outlook Must exploit a window of opportunity –Departmental maturity levels rising –Stakeholder education has evolved –Current IDM/authentication momentum Risks –Lack of cultural change within the GC –Lack of buy-in by programs –Lack of sufficient resources –Complex implementation plans –Dependencies on IDM Project

21 Transformation Strategy: Critical Success Factors User Awareness and Consistent Experience Stakeholder involvement and buy-in Independence and loose coupling of services GC-wide Leadership and Stewardship Horizontal governance (policy instruments) Clear accountabilities Funding/Resources

22 Transformation Strategy: Out of Scope Observations Join Physical & Logical Employee Access –Adopt and ride Personal Identity Verification (PIV) market developing in the US Choose IDM Assurance Levels Wisely –IDM assurance levels must correlate with Credential control assurance levels IDM Deliverables & Timeframe –Tightly coupled dependencies

23 Next Steps: Lead Projects Departmental consultation for 2 months –Leading to establishment of a responsibility centre Establish the authentication program Co-ordinate IDM project & the authentication project