PUBLIC RELATIONS OVERVIEW - PowerPoint PPT Presentation

About This Presentation
Title:

PUBLIC RELATIONS OVERVIEW

Description:

Title: PUBLIC RELATIONS OVERVIEW Author: Alyssa Ure Last modified by: Lisa Pretty Created Date: 1/25/2000 6:48:44 PM Document presentation format – PowerPoint PPT presentation

Number of Views:142
Avg rating:3.0/5.0
Slides: 20
Provided by: Alys109
Learn more at: http://www.oasis-pki.org
Category:

less

Transcript and Presenter's Notes

Title: PUBLIC RELATIONS OVERVIEW


1

Dec. 5th., 2000
2
Agenda
  • E-Sign legislation effective Oct. 1, 2000
  • Implication of the legislation and what
    organization (Wells Fargo) needs to protect (and
    How) in order to mitigate risks and liabilities
  • System we have implemented (since 1997) to
    mitigate risks deployment status
  • System we are undertaking today to further reduce
    risks deployment status
  • Future Plans
  • Q A

3
Wells Processing Environment and What Do We need
to Protect
Back-End Processing
Middle Ware
End-user
TCP/IP traffics vulnerabilities - next slide
4
TCP/IP vulnerabilities
  • Lack of Authentication
  • Lack of Confidentiality
  • Lack of Integrity Check
  • Subject to Re-Play Attack
  • Lack of Non-Repudiation

5
How does Wells Fargo mitigate risks
6
MsgSecure - In production since 1997
  • Vendor Software ( based on MIT Kerberos V.5)
  • Custom Designed Software to Enhance the
    Capability (Key Distribution)
  • Add on Performance Accelerator (Hardware
    Encryption Engine on HDS and IBM Systems)
  • Support Infrastructure (H/A, 7/24, etc)
  • Bundle the Services as if you are a Security
    Vendor
  • Gain Support from the Organization (Policy)
  • Deployment Status (11.5 million trans/day, 3000
    servers, 200 human principal, cross platform
    sign-on for UNIX/NT/MVS in pilot)

7
System we are undertaking today- Public Key
Infrastructure (PKI)
  • Organizational Commitment
  • Define Trust Model
  • Project Organization and Responsibilities
  • Physical Environment
  • Certificate Practice Statement/Policies
  • Root Key Creation
  • Deployment Strategy Status
  • Future Opportunities within Wells Fargo

8
Organizational Commitment
  • A project truly requires the support of all
    levels within the organization
  • Business need vs technology
  • Industry analysis shows 20 of effort relies on
    technology and 80 on buy-in and support from
    others
  • Requires active participation from legal,
    enterprise architecture, HR, Audit, Network
    Engineering, Business Proponent, Security
    Administration, Security Consulting, Physical
    Security,Corporate Property and other support
    organizations.

9
Trust Model
Wells Fargo Root
Identrus Root
Wells Fargo Business CA
Enterprise CA
Other Purpose CA
Wells Fargo Identrus CA
10
Project Organization
CISO
11
Roles and Responsibilities
  • Project Proponent
  • Funding Source

CISO
PKI Review Board
  • See Next Slide
  • Project documentation
  • Meeting coordination
  • Meeting minutes
  • Reporting
  • Project budget and resources
  • Deliverables, timeline and quality
  • Communications and future growth

Project Manager
Project Coordinator
Technical Manager
QA Process Manager
Bus Application Liaison
Identrus Liaison
Legal, Audit Security Consulting
CPS/CP/Procedures
  • Build QA environment
  • QA testing
  • Implementation of CPS, CP, etc.
  • Administration help services
  • Training
  • Application development
  • RA functions
  • Appl related procedures
  • Appl help services
  • Identrus Integration
  • Identrus CPS and CPs
  • Identrus procedures
  • Identrus support
  • Validate requirements
  • WF CPS and CP development
  • WF Root Operational procedures
  • Project participant
  • Functional expertise
  • CPS,CP reviews
  • Security Plan
  • Facility Build
  • Hardware components
  • Software components
  • Vendor selection
  • Testing training

12
PKI Review Board
  • Objective
  • A 9 member board to provide the oversight of
    Wells Fargo PKI practice.
  • Responsibilities
  • Review and approve Certificate Practice Statement
    and Policies
  • Review and approve on-going changes to CPS and
    CPs
  • Review and approve Registration Authority and
    level of Authentication
  • Board Members
  • CISO
  • PKI Manager
  • Network Engineering
  • 2 Business Unit Representatives
  • Corporate legal
  • Corporate HR
  • Internal Audit
  • CTO - Application Development

13
Physical Environment
  • Site Selection
  • Environment For Housing the Root Key and Master
    CA/RA
  • Level of Security Requirements including the
    utilization of Token and multiple Biometrics
    devices
  • Dual Access Control
  • Camera, Alarm, Automated logging devices

14
Certificate Practice Statement (CPS) and Policies
(CP)
  • A set of agreed upon rules to guide the usage of
    Digital Certificates
  • CPS covers the life-cycle of the certificates and
    the associated process/procedures
  • CP address the applicability, usability and the
    community boundary specific to that certificate
  • True cooperative effort in the development
    process, involves all stakeholders in early stage
  • An item that could impact production schedule

15
Root Key Generation
  • Multi-day efforts
  • Plan step by step script
  • Internal, external and specialized personnel
  • Conduct multiple dry runs
  • Expert staff on-site
  • Record and log all tasks and deviations
  • Secure storage of key parts and all records

16
Deployment Strategy
  • Pilot with low volume, low risk application
  • Choose simple RA method
  • Gain quick Successes and users confidence
  • Support infrastructure need to be in place to
    handle the growth
  • Back Up Facility and fail-over is fully
    functional
  • Market the product - capabilities and benefits
  • Educate the users at large

17
Deployment Status
  • Secured physical environment completed in Oct.
    2000
  • Performed Root key Generation in Oct. 2000
  • Performed Business Sub-Master Generation Nov.,
    2000
  • Enabling first B-to-B application Dec., 2000
  • Perform Identrus Sub-Master Generation Feb., 2001
  • Enabling first Identrus application Feb.,2001
  • Perform Enterprise Sub-Master Generation Mar.,
    2001
  • Enabling enterprise application Mar., 2001

18
Future Opportunities
  • Enterprise CA supporting end user authentication
    and secured email
  • Integrate to support MsgSecure
  • Other e-business related initiatives
  • Support Wireless and Appliance related
    applications
  • Public Use of Digital-Certificates
  • Others

19
Questions??
  • Thanks for your time
Write a Comment
User Comments (0)
About PowerShow.com