united states department of justice global security working group update global advisory committee...
TRANSCRIPT
United StatesDepartment of Justice
www.it.ojp.gov/globalwww.it.ojp.gov/global
Global Security Working GroupUpdate
Global Advisory CommitteeNovember 2, 2006Washington, D.C.
United StatesDepartment of Justice
www.it.ojp.gov/globalwww.it.ojp.gov/global
Overview• Global Federated Identity and Privilege Management (GFIPM)
– Outcome—adopt Global Federated Identity and Privilege Management (GFIPM): A Technical Concept Report as a recognized resource
• New Wireless Security Resource– Outcome—adopt Applying Wireless Security Practices to Justice Information
Sharing as a recognized resource for the field
• GSWG Technical Privacy Task Team– Takeaway—Global standards and specifications are under development for
privacy
• GSWG Framework for Trusted Information Sharing– Takeaway—GSWG framework is evolving
United StatesDepartment of Justice
www.it.ojp.gov/globalwww.it.ojp.gov/global
Global Federated Identity and Privilege Management (GFIPM)• Problem statement
– How should local, state, tribal, and federal justice and public safety organizations exchange identity information across domains to support real-time sessions or transactions within a secure environment?
United StatesDepartment of Justice
www.it.ojp.gov/globalwww.it.ojp.gov/global
Lessons From the GFIPM Demonstration Project• Sponsored by DOJ and DHS to demonstrate essential
GFIPM concepts through test implementations• Participants
– Criminal Information Sharing Alliance Network (CISA)– Regional Information Sharing Systems® (RISS) – Pennsylvania Justice Network (JNET)
United StatesDepartment of Justice
www.it.ojp.gov/globalwww.it.ojp.gov/global
Success from the Field -- JNET
United StatesDepartment of Justice
www.it.ojp.gov/globalwww.it.ojp.gov/global
Proposed GAC Resolution—GAC on Behalf of Global• Recognizes GFIPM as the recommended scalable approach for
development of interoperable security functions for authentication and privilege management for information exchange among cross-domain justice information sharing systems
• Adopts the Global Security Working Group’s “Global Federated Identity and Privilege Management (GFIPM): A Technical Concept Report” as a recommended resource for defining the next steps and activities to further the utility of GFIPM for the justice community
• Urges the members of the justice community to consider GFIPM as a potential building block to a distributed security solution when authenticating users between organizations
United StatesDepartment of Justice
www.it.ojp.gov/globalwww.it.ojp.gov/global
New Wireless Security Resource• Outcome—adopt “Applying Wireless Security Practices
to Justice Information Sharing” as a recognized resource for the field.– Available in CD format– Available at http://it.ojp.gov/GSWG
United StatesDepartment of Justice
www.it.ojp.gov/globalwww.it.ojp.gov/global
Goal—Enable Justice Information Sharing and Protect Privacy
United StatesDepartment of Justice
www.it.ojp.gov/globalwww.it.ojp.gov/global
What Is the 500-lb Gorilla in the Information Sharing World?
• Is it security?• Is it quality of data?• Is it privacy?• Is it disclosure?
• OR is it—All of the above
United StatesDepartment of Justice
www.it.ojp.gov/globalwww.it.ojp.gov/global
How Do We Go for the Goal?• You need privacy and information quality policies to
guide information sharing efforts for your agency or organization
United StatesDepartment of Justice
www.it.ojp.gov/globalwww.it.ojp.gov/global
Privacy Technology Focus Group—November 2005, Phoenix, Arizona
United StatesDepartment of Justice
www.it.ojp.gov/globalwww.it.ojp.gov/global
The Challenge for Focus Group Members• Identify the most important issues in privacy policy and
technology• Narrow the focus to areas that can be addressed within the
given time frame• Outline tangible, targeted technology solutions• Develop specific recommendations for action
United StatesDepartment of Justice
www.it.ojp.gov/globalwww.it.ojp.gov/global
The Focus Areas of the Group• Access and authentication• Data aggregation and dissemination• Identity theft• Personal safety and protection
United StatesDepartment of Justice
www.it.ojp.gov/globalwww.it.ojp.gov/global
Global Security Working Group
(GSWG)
Global Privacy and Information Quality
Working Group(GPIQWG)
Global Infrastructure/Standards
Working Group(GISWG)
What Happens Next?
United StatesDepartment of Justice
www.it.ojp.gov/globalwww.it.ojp.gov/global
Global Technical Privacy Task Team
United StatesDepartment of Justice
www.it.ojp.gov/globalwww.it.ojp.gov/global
GSWG Framework• Security requirements drive framework• GSWG work evolves from framework• Available resources
– Executive Summary– A Framework for Secure Justice Information Sharing