The document outlines the agenda for a PSNGB seminar on October 4th, 2012, including sessions on framework procurement, compliance, security, innovation, and the future direction of PSN. There will be workshops in the morning and afternoon with topics like procurement, compliance, security, and innovation. The event aims to provide an update on PSN and get input from attendees.
Blue Planet Networks is a Global Service Provider of managed internet services in 140 countries for Carriers, Service Integrators and Cloud Providers.
Managed Internet Services are preferred choice for organisations that need consistent high performance, together with the flexibility to grow with demand and run business critical applications that command 100% service availability.
As more applications move to the Cloud, mobility, video and IoT demands grow, Managed Internet Services are key to optimising hybrid network performance and costs. These will be further enhanced by emerging SDN & NFV technologies.
Blue Planet Networks provides maximum choice and flexibility in access technologies and enables Service Providers to ensure enterprises to select the connectivity method that best suits their business requirements. With an increasing dependency on the Internet and different requirements across company sites, straightforward access to all the major carriers in a given geography means the optimal service can be provided at each site.
Blue Planet Networks takes care of everything, on a one stop shop basis, from our express delivery service to 24/7 incident management and service restoration, all at amazing prices.
RouteONE from Integrc; the fastest way to implement SAP GRCIntegrc
A transformational approach to implementing SAP GRC has arrived. RouteONE from Integrc delivers SAP GRC projects of any scale - typically in half the time and cost of the traditional approach – but with all the benefits of a fully customised solution.
Blue Planet Networks is a Global Service Provider of managed internet services in 140 countries for Carriers, Service Integrators and Cloud Providers.
Managed Internet Services are preferred choice for organisations that need consistent high performance, together with the flexibility to grow with demand and run business critical applications that command 100% service availability.
As more applications move to the Cloud, mobility, video and IoT demands grow, Managed Internet Services are key to optimising hybrid network performance and costs. These will be further enhanced by emerging SDN & NFV technologies.
Blue Planet Networks provides maximum choice and flexibility in access technologies and enables Service Providers to ensure enterprises to select the connectivity method that best suits their business requirements. With an increasing dependency on the Internet and different requirements across company sites, straightforward access to all the major carriers in a given geography means the optimal service can be provided at each site.
Blue Planet Networks takes care of everything, on a one stop shop basis, from our express delivery service to 24/7 incident management and service restoration, all at amazing prices.
RouteONE from Integrc; the fastest way to implement SAP GRCIntegrc
A transformational approach to implementing SAP GRC has arrived. RouteONE from Integrc delivers SAP GRC projects of any scale - typically in half the time and cost of the traditional approach – but with all the benefits of a fully customised solution.
Design of internal campaign to announce a new learning initiative within GPS. Series of slides played on internal screens and email, counting down to launch.
BHD Creative ENGAGE: Public Consultation ServicesBHD Creative Ltd
BHD Creative ENGAGE provide specialist public consultation services to planning consultancies, developers and local authorities including design and production Consultation leaflets, Websites and Displays as well as on street surveys and door to door distribution.
Wolverhampton Grand Theatre Season brochure 16/17. Design and print of Theatre programme of performances at the Wolverhampton Grand for the Winter-Spring season.
BHD have developed a series of icons and practice literature to market each practice specialisms for Berwick Partners. The icons are bold and describe the practice in an interesting and engaging manner.
November 14, 2012—Lighthouse Point, FL. Future Strategies Inc., is pleased to announce the Gold and Silver Winners for the 2012 Global Awards for Excellence in Business Process Management and Workflow. Sponsored by WfMC and now in their 20th year, these prestigious awards recognize user organizations that have demonstrably excelled in implementing innovative business process solutions to meet strategic business objectives.
Workflow Management Coalition (WfMC) and BPM.com jointly sponsor the annual Global Awards for Excellence in BPM and Workflow. The Awards program is managed by Future Strategies Inc.
About the Workflow Management Coalition (www.wfmc.org)
The WfMC, founded in August 1993, is a non-profit, international organization of workflow vendors, users, analysts and university/research groups. The Coalition's mission is to promote and develop the use of workflow through the establishment of standards for software terminology, interoperability and connectivity between workflow products. Comprising over 300 members worldwide, the Coalition is the only standards body for this specific software market. The creation of the WfMC Standards Reference Model has proved its importance in other areas of technology, most notably the ISO Seven Layer reference model for computer communications.
Presentation from Work Smarter | Deliver More event hosted at North Lanarkshire Council in conjunction with GOSS Interactive.
http://www.gossinteractive.com/online_efficiency
#gossevent
This presentation is a short guide to G-Cloud pan-government accreditation processes. More information on G-Cloud and HMG pan-government Accreditation is available on our website
http://gcloud.civilservice.gov.uk/supplier-zone/accreditation/
IAUG Converge2013 Avaya CEO Kevin Kennedy June 4 2013 KeynoteAvaya Inc.
These are the slides from Avaya CEO Kevin Kennedy's keynote speech. Includes details about the new Avaya Aura Collaboration Environment application development platform, as well as Avaya's six most innovative customers of 2013.
Similar to Psngb sunderland complete slide set 04 10 2012 (20)
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Sudheer Mechineni, Head of Application Frameworks, Standard Chartered Bank
Discover how Standard Chartered Bank harnessed the power of Neo4j to transform complex data access challenges into a dynamic, scalable graph database solution. This keynote will cover their journey from initial adoption to deploying a fully automated, enterprise-grade causal cluster, highlighting key strategies for modelling organisational changes and ensuring robust disaster recovery. Learn how these innovations have not only enhanced Standard Chartered Bank’s data infrastructure but also positioned them as pioneers in the banking sector’s adoption of graph technology.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024Neo4j
Neha Bajwa, Vice President of Product Marketing, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
4. Martin Farncombe
Commercial Manager
PSN Delivering on the Promise
PSNGB Seminar
4 October2012
PSNGB
The Industry association for PSN suppliers
UNCLASSIFIED
5. Now
Why
Change?
• 2000+ networks
• 5.5 million people,
• 000’s sites
• Inflexible
• High cost
• Difficult to share
• Barriers to flexibility
• Limited collaboration
• Duplication
• No optimisation
• Complex
• Legacy interconnections
UNCLASSIFIED
6. Local authorities Government
departments
Common Standards
• Technical standards improves interoperability over the same
underlying infrastructure
• Information Assurance standards enable us to trust one
Blue light services another to handle our data
• Service Management standards enable services to operate
Other public
effectively within a multi-supplier environment
services
• Commercial standards enable us to operate within an open
and transparent market place, adopt common portfolio
Accredited private products and services and aggregate demand
sector
Common infrastructure
services
By aligning to these common standards we can:
• Create a more unified market aligned to wider market investments
• Harness our corporate buying power
• Reduce procurement costs
• Share services and reduce duplication of infrastructure services and business systems
• Generate greater competition and innovation
• Save money
UNCLASSIFIED
8. • Core standards set • Central government mandate
• Successful pilot being enforced
• PSN Authority established • Substantial take up by Non
Central Government
• Focus on benefit realisation -
£30m 11/12 target • Transition plans published
significantly exceeded – • Major customers contracting
actual £64.2m now for PSN services
• PSN Connectivity Framework • 2012 standards now
operational and first published
competitions completed • Cyber work in progress
• PSN Services Framework • Users and suppliers
operational –competitions becoming PSN Certified
underway
UNCLASSIFIED
9. • The PSN marketplace is open for business
• Delivery of PSN has begun, with wide scale
adoption across all parts of the Public Sector
continuing throughout 2012/13
• There has been great progress by both
Government and the supplier community:
but there’s lots more to do
• The big prize is ahead of us: we need to
accept the challenge to exploit PSN, aim
high, collaborate and drive business
transformation
UNCLASSIFIED
10. PSN Website
http://www.cabinetoffice.gov.uk/content/public-services-network
PSN Collaboration zone on Huddle
https://psn.huddle.net
Contact us:
General Communications with the PSN Programme and PSN
Authority
psn@cabinet-office.gsi.gov.uk
PSNA Compliance Team, for compliance requests and questions
regarding compliance
psna.compliance@cabinet-office.gsi.gov.uk
PSNA Service Bridge, for major incidents and security incidents
psna.servicebridge@cabinet-office.gsi.gov.uk
UNCLASSIFIED
14. PSN Compliance
What it is, who has to do it and what has to be done.
Frequently asked questions
UNCLASSIFIED
15. PSN Compliance is the process by which we assure
that all PSN connected organisations meet the
minimum requirements for connection.
• Based on commercial best practice for Information Assurance
(IA) and networks
• Takes place at on-boarding and then annually
• Must be completed by all PSN customers and suppliers.
UNCLASSIFIED
16. • Initial contact from supplier.
Dialogue • Discussion of Compliance process and general advice
• Programme Transition support (subject to resource availability)
• Submission of application and supporting documentation
Application psna.compliance@cabinet-office.gsi.gov.uk
• PSNA conduct initial assessment of the application
Initial Assessment (1 week) • May require additional information or clarification
• PSNA confirms acceptability of the application
PSNA Application approval • Application passed to PGA for formal accreditation.
Independent Verification – non- • PSNA require the applicants to provide independent verification of the
code template responses
IA
PGA Accreditation (up to 16 • 3-stage process: Scoping, Assurance (eg CAS(T) then Review
weeks) • PGA accredit the service and recommend accreditation to PSAB
• PSAB review the recommendation and approves
PSAB Review (up to 2 weeks)
• PSNA review the complete application
PSNA Review (1 Week) • Recommend to Ops Director
• PSNA Ops. Director approves service for connection
Ops Director Approval
• PSNA Issue PSN certificate for the service
PSNA Certification (1 Week)
UNCLASSIFIED
17. • Initial contact from customer
Dialogue • Discussion of Compliance process and general advice (not consultancy)
• Programme Transition support (subject to resource availability)
• Submission of application and supporting documentation (network diagram,
Application IT health check report, remedial action plan)
psna.compliance@cabinet-office.gsi.gov.uk
• PSNA conduct initial validation and assessment of the application
• PSNA may require additional information or clarification
Initial Assessment (1 week) • PSNA may confirm acceptability of application, perhaps subject to Paper
Assessment or On Site Assessment (OSA)
• Detailed review of applicant’s responses, including dialogue with applicant
Paper Assessment – as required for clarifications
(up to 4 weeks) • PSNA may confirm acceptability of application, perhaps subject to OSA
On Site Assessment – as required • CESG On Site Assessment
• On Site Assessment Report
(up to 16 weeks)
• Customer agrees any necessary Remedial Action Plan, and begins working to it
Agree RAP
• PSNA review the application, and makes recommendation to Ops Director
PSNA Review (1 Week) • PSNA track any remedial actions, and escalate where necessary
• PSNA Ops. Director approves Customer Environment for connection
Ops Director Approval
• PSNA Issue PSN certificate for the Customer Environment
PSNA Certification (1 Week)
UNCLASSIFIED
18. What I can answer:
Anything compliance related
• Process
• Documentation requirements
• Completing the CoCo
• CoCo control queries
• Connectivity
What I can’t answer
Specific technical solution issues “If I use this product is that ok? ”
“Is this technical solution ok?” etc.
UNCLASSIFIED
20. The PSN Authority is evolving into
The Public Sector Technical Services
Latest Authority
news Government IT Strategy and Policy Standards
setting, risk appetite
PSTSA
Management and Governance
• PSN
• G-Cloud Front Office Back Office
• G-Hosting • Compliance • Finance
• End User Devices • Service Bridge • Communications
... and Security • Information
• Standards Management
• Day-to-day Maintenance • ICT
operational • Core Technical
decisions Services
• Evolving from
PSNA to support
wider IT reform UNCLASSIFIED
21. PSN – Infrastructure
Security & Cyber
Defence
John Stubley
PSN Operations Director and Cyber Lead
July 2012
UNCLASSIFIED
22. The Challenge
The Public Sector must deliver more for less; better, more reactive and joined
up services at less cost. This means allowing information to flow freely, and
allowing wider access to data which organisations are legally obliged to protect
Most citizens in the UK are now comfortable living part of their lives on-line;
shopping, social networking and business can all be conducted anywhere and
anytime from laptops, tablets and mobile phones
The public sector needs to adapt, and has an ICT Strategy which will enable it to
do so. But a change to the security model is required to enable the flow of
information and agility in delivery of services whilst maintaining appropriate
guards on the information.
Historically security is seen as a blocker or delay to progress in the public sector,
adding time and cost to projects and limiting availability of current technology -
It must become a business enabler
UNCLASSIFIED
23. Drivers - Strategic
The Government ICT Strategy – March 2011
Action 25
“The Government will develop an appropriate and effective risk management regime for
information and cyber-security risks for all major ICT projects and common infrastructure
components and services”
The UK Cyber Security Strategy – November 2011
Objective 2, Action 5
“Through the Government ICT strategy, ensure that we build and maintain appropriately secure
government ICT networks“
Civil Service Reform – June 2012
Action 4:
… plans to share a wide range of other services and expertise. … Sharing services should become
the norm
Also mentioned: Common Identity approaches and the need to streamline security processes
UNCLASSIFIED
24. Current Environment
• Each public sector organisation creates its own stronghold
• Some common standards –but differently applied
• Some common suppliers – but different solutions
• Some bilateral arrangements for information/service sharing –
but complex and cumbersome
• Trusted Networks (eg GSi) connecting customer sites – but poor
policing of compliance at customer locations
• We have the ability to “turn-off the taps” – but seldom exercised
• No clear resilience plan across the public sector
There is no Common Security Model enforced and therefore no
Common Trust – Sharing of information requires a variety of
solutions making it expensive and inefficient
UNCLASSIFIED
25. New Security Model - Principals
Simplify Risk Management Process
Do it Once, Do it Well, and Re-Use
Not ‘One Size Fits All’, rather common building blocks
based on legislation
Pragmatic approach to IA encouraged through greater
situational awareness and assurance and accountability of
users – managed risk, not avoidance
Clarity on compliance with standards – and policing of
compliance
Open standards where possible – avoid bespoke for HMG
UNCLASSIFIED
26. Security Model
To achieve Common Trust the
Security Model indicates that
we need to create: Common Trust
• Governance to manage risk
Federated Identity Assertion
Monitoring and Awareness
•Monitoring to ensure that
Anti-Malware & Patching
any operational anomalies
are addressed
Governance
Resilience
• Trust in systems through
common anti-malware and
patching standards
•Trust in the users asserted
through common standards
and federated authentication
• Resilience, to ensure that Security Model
key capabilities continue, no
matter what
UNCLASSIFIED
27. Security Model
Cloud Services Cloud & Shared
IL0/2 Services
DC
SOC
Authentication
Broker
Consolidated DC Resilient Core
Internet
Public Services Network
End User Devices
RAS
UNCLASSIFIED
28. Government Ministers /
SIRO Government
SCaRAB Sets RA
RFA
ICT Business SIRO’s Cyber Delivery
Risk
Futures
ICT
Gov IA view Provisions
Gov CTO view Strategy
Risk
Government
XXX Orgs
HO
DWP
Research
Gov Dep’t
Board CIO COUNCIL
CUSTOMER RELATIONSHIP
SIRO
IAOs
29. SOC – Relationships
Cyber Other open
CSOC
Other situational
awareness
Other situational
awareness Hub sources
Other open source alerts
communications communications
• Vendors etc
PSNA GovCertUK
• Black/whitelists
Management • Signatures
escalation and
control
Other
CSIRTs
Other Situational
Awareness Info
SOCs, e.g. PSN Incoming Alerts / Blacklists / Whitelists / Signatures
GOSCC
and knowledge sharing
WARPs
SOC
Other PSN
Central Services
events and alerts
Consumer incidents,
(through other reporting channels)
CERT / WARP alerts
National • Service Bridge
Fraud • PKI
Identification • Authentication
• DNS
Bureau (NFIB) PSN
probes
Network /
consumer
Consumer App / Cloud
Customer
consumer
SOCs/ NOCs
SOCs/ Service
Customer
Fraud reports SOCs/
Provider
SOCs/
NOCs SOCs/
NOCs
SOCs/ NOCs
PSN NOCs NOCs
UNCLASSIFIED
30. Security Events Security Operations Centre
PSN
SOC
Other PSN Central
PSN probe Services
events/alerts events/alerts
Filtered by
Filtered by Service Filtered by Filtered by PSN SOC would receive
Consumer Provider DNSP GCNSP events/alerts from PSN Central
SOC/NOC SOC/NOC SOC/NOC SOC/NOC Services and its own probes
Only those external events/alerts which pass defined PSN thresholds / conditions at each management level will be escalated t o next level of
SOC or directly to the PSN SOC. This includes those incidents classified as ‘Warning’, ‘Major’ or ‘Emergency’.
Version 0.5 UNCLASSIFIED 30
31. Employee Authentication
Security Domain
Identity
Registration
Resources
Provisioning IDs
Access Control Services
.
PEP
.
Management .
Point-to-Point
Applications
Authentication
Employee PDP
Authentication Security Token
(IDA Model)
Employee
Enrolment
Identity Provider 1 (IDP) Policy
Authorization
Service Provider 3 (SP)
AUTHENTICATION
TRUST
BUSINESS
TRUST
Resources
Access Control Services
Provider
.
Directory & PEP
.
.
Orchestration
Resources
Applications
Services Access Control
.
PEP
.
. PDP
Applications
Policy Enrolment
PDP
Authorization
Policy Enrolment Service Provider 1 (SP)
Authorization
Security Domain
Service Provider 2 (SP)
Identity
Security Domain
Registration
Provisioning IDs
Management
Authentication
Authentication Security Token
Identity Provider 2 (IDP)
Possible Authentication Number of Trust Paths for n Providers ® O(n 2 )
UNCLASSIFIED Trust Paths
32. Resilience
Possible Option Based on Using Separate Network
• Currently all
Government network
traffic relies, at least in
part, on a high
resilience network from
a single supplier
• But HMG does have
investment in separate
networks, but don’t
currently provide full UK
coverage
• Investigating option to
use some of this
redundant available and
physically separate
capacity
UNCLASSIFIED
33. Resilience
Possible Option Based on Using Separate Network
Exploring as part of the
option analysis:
• Security
• Regulatory
• Commercial
• Financial and
• Operating model
UNCLASSIFIED