securing and protecting citizens' data
DESCRIPTION
Securing and Protecting Citizens' Data. Bob Bence CIO St. Louis County June 18, 2009. Citizen Data. Information Needing Protection Governance Policies IT Architecture. Information Needing Protection. Personal identification (SSN) Medical records Credit card Law enforcement - PowerPoint PPT PresentationTRANSCRIPT
Bob BenceCIO
St. Louis CountyJune 18, 2009
Information Needing Protection Governance Policies IT Architecture
Personal identification (SSN) Medical records Credit card Law enforcement
◦ Criminal history records◦ Finger prints
Certain addresses on real estate web site◦ Stalking victims
Have a culture of awareness & security Compliance (HIPAA, PCI, CJIS, etc) IT Security Team Peer Reviews, Gartner Security report to IT Steering Committee
three times/yr Internal & External security audits
Identify & label Confidential & Private information
Limit access to systems with sensitive information
No credit card numbers stored on our systems
Website privacy statement on web site Redact personal information Review web content before posting Security section in bids & RFPs
St. Louis County E-commerce Architecture
S W EC
FW1 FW2
FW3
Web Servers
Applicat-ion
Servers
DatabaseServer
Internet
DMZ
Zone 1 Zone 2 Zone 3
FW = FirewallS = SwitchW = Web Application Firewall
• VLANS for network segmentation