IDSP Webinar 013108

Views:
 
     
 

Presentation Description

No description available.

Comments

Presentation Transcript

Report of the Identity Theft Prevention and Identity Management Standards Panel : 

Report of the Identity Theft Prevention and Identity Management Standards Panel Webinar on the Release of the IDSP Report January 31, 2008

Slide 2: 

. Webinar Agenda Speaker Introductions – IDSP Chair Overview of IDSP Process and Deliverables – IDSP Chair Findings and Recommendations – IDSP Working Group Co-Chairs Industry Analyst Perspectives Question & Answer Period

Slide 3: 

. Today’s Speakers IDSP Chairman (Master of Ceremonies) Joseph V. Gurreri, III President, CorporatePlanningGroup.NET Former VP, General Manager, Global Solutions Development TransUnion

Slide 4: 

. Today’s Speakers (contd.) Co-Chairs Working Group 1 - Issuance James E. Lee President, C2M2 Associates, LLC Former SVP and Chief Public & Consumer Affairs Officer ChoicePoint James X. Dempsey Policy Director Center for Democracy and Technology

Slide 5: 

. Today’s Speakers (contd.) Co-Chairs Working Group 2 - Exchange Julie Fergerson VP of Emerging Technologies Debix, The Identity Protection Network Working Group 3 - Maintenance George K. “Chip” Tsantes EVP and Chief Technology Officer Intersections Inc.

Slide 6: 

. Today’s Speakers (contd.) Industry Analysts James Van Dyke President and Founder Javelin Strategy & Research Larry Ponemon Founder and Chairman Ponemon Institute

What is the IDSP? : 

Cross-sector coordinating body focused on preventing ID Theft Identify existing standards, guidelines and best practices Analyze gaps, need for new standards, leading to improvements Make catalogue available to businesses, government, consumers Jointly administered by the American National Standards Institute (ANSI) and the Better Business Bureau (BBB) ANSI – coordinator of the U.S. standardization system BBB – advancing trust in the marketplace Launched September 13, 2006 – a 16 month effort 165 representatives from 78 organizations What is the IDSP?

Charter : 

Charter

Founding PartnersA diverse group of organizations : 

Founding PartnersA diverse group of organizations

Steering CommitteeComposition : 

Steering CommitteeComposition AARP Accredited Standards Committee X9 Affinion Group Alliance for Telecommunications Industry Solutions American Financial Services Assn. AOL LLC ARMA International Center for Democracy and Technology Debix Fellowes, Inc. General Services Administration KPMG National Institute of Standards and Technology North American Security Products Organization Pay By Touch Telecommunications Industry Assn. Underwriters Laboratories Inc. At Large Members Chairman – Joseph V. Gurreri, III Founding Partners

Working GroupsDefinitions : 

Working GroupsDefinitions WG 1 Issuance Standards relating to issuance of identity documents by government and commercial entities WG 2 Exchange Standards relating to acceptance and exchange of identity information WG 3 Maintenance Standards relating to ongoing maintenance and management of identity information

First DeliverableStandards Inventory – Volume II, Final Report : 

First DeliverableStandards Inventory – Volume II, Final Report Working Groups Catalogued into a SINGLE Resource . . . Existing Standards, Guidelines and Best Practices PRIVATE AND PUBLIC SECTOR Laws / Regulations Proposed Legislation White Papers Conformity Assessment Programs Glossaries of Identity Terms Research Studies / Reports Market Survey and ANSI Database Search filled out Inventory

Sample EntryStandards Inventory – Volume II, Final Report : 

Sample EntryStandards Inventory – Volume II, Final Report SAMPLE

Second DeliverableFindings and Recommendations – Volume I, Final Report : 

Second DeliverableFindings and Recommendations – Volume I, Final Report WGs Described / Prioritized Identity Fraud-Related Problems Considered Range of Possible Solutions to Identify Gaps New Account Processing Identified as a Risk Scenario Two Process Flows Created to Facilitate Gap Analysis Birth of a Citizen and Acquisition of ID Credentials Typical New Account Establishment Procedure WGs Performed Gap Analysis Against these Flows / Identified Problem Areas Considered Items Referenced in Standards Inventory Plenary Meeting / Full Panel Discussion Drafting / Review of Report and Recommendations

Issuance of Identity CredentialsEnhance Security of Issuance Process : 

Issuance of Identity CredentialsEnhance Security of Issuance Process Recommendation #1 Issue standards for birth certificates and Social Security cards National Ctr. for Health Statistics and Social Security Admin. should do so under Intelligence Reform and Terrorism Prevention Act of 2004 Improve communication / cooperation between government agencies and private sector National Assn. for Public Health Statistics & Information Systems should expand to government agencies use of Electronic Verification of Vital Events system

Issuance of Identity CredentialsEnhance Security of Issuance Process (contd.) : 

Issuance of Identity CredentialsEnhance Security of Issuance Process (contd.) Recommendation #1 Government / industry should dialogue about cross-application of existing security standards for identity issuance processes, and new standards development as appropriate Government / commercial ID issuers should give further attention to secure delivery of credentials to end user

Issuance of Identity CredentialsAugment Private Sector Commercial Issuance Processes : 

Issuance of Identity CredentialsAugment Private Sector Commercial Issuance Processes Recommendation #2 Government / industry need to dialogue about greater interoperability between public / private sector ID theft prevention mechanisms Private sector could benefit from appropriate and secure access to government vital records systems

Issuance of Identity CredentialsImprove the Integrity of Identity Credentials : 

Issuance of Identity CredentialsImprove the Integrity of Identity Credentials Recommendation #3 Document Security Alliance and North American Security Products Organization (NASPO) should proceed with project to measure effectiveness of document security technologies Department of Homeland Security should work with issue stakeholders to develop adversarial testing standards NASPO, SIA and SEMI in North America – and CEN in Europe – should proceed with standards for secure serialization anti-counterfeiting technology

Exchange of Identity DataStrengthen Best Practices for Authentication : 

Exchange of Identity DataStrengthen Best Practices for Authentication Recommendation #4 Financial Institutions and credit grantors should take into account level of risk, cost and convenience when determining an appropriate authentication procedure Should not use easily-obtainable personal information such as Social Security numbers as sole authenticators Financial regulatory agencies and FFIEC are encouraged to review the sufficiency of authentication practices for online banking

Exchange of Identity DataStrengthen Best Practices for Authentication (contd.) : 

Exchange of Identity DataStrengthen Best Practices for Authentication (contd.) Recommendation #4 Industry and standards developers are encouraged to continue to develop trusted networks for multi-factor mutual authentication Public and private sectors should implement systems to allow physical ID documents to be validated in real time FTC and financial regulatory agencies should provide guidance on best practices for credit grantors responding to fraud alerts

Exchange of Identity DataStrengthen Best Practices for Authentication (contd.) : 

Exchange of Identity DataStrengthen Best Practices for Authentication (contd.) Recommendation #4 Social Security Admin. should work with private sector on a mechanism that enables companies to verify if a Social Security number belongs to a minor Stakeholders should consider best practices / consumer education to help protect the elderly and terminally ill from fiduciary abuse Social Security Admin. should work with states and private sector to improve notification when someone is classified as deceased FTC should consider enhanced ID theft protection for active duty military

Exchange of Identity DataIncrease Understanding / Usability of Security Freezes : 

Exchange of Identity DataIncrease Understanding / Usability of Security Freezes Recommendation #5 Lenders, government agencies, consumer advocacy groups, credit reporting agencies and others should continue to support consumer education on benefits and limitations of security freezes

Maintenance of Identity InformationEnhance Data Security Management Best Practices : 

Maintenance of Identity InformationEnhance Data Security Management Best Practices Recommendation #6 ISO/IEC, PCI Security Standards Council, NASPO and other standards developers should review / augment existing data security management standards (or develop new ones) to: Define the frequency of periodic employee security training and content of an employee awareness program Clarify requirements for data access credentialing and background checks Provide guidance on continuous review of access credentials and privileges

Maintenance of Identity InformationEnhance Data Security Management Best Practices (contd.) : 

Maintenance of Identity InformationEnhance Data Security Management Best Practices (contd.) Recommendation #6 Develop targeted guidance for industry sectors that are not regulated or that do not have standards Provide guidance to ensure downstream vendors are secure Implement an ongoing program of security re-evaluation Develop a security breach risk assessment for insurance purposes

Maintenance of Identity InformationAugment Best Practices for Sensitive Data Collection, Retention and Access : 

Maintenance of Identity InformationAugment Best Practices for Sensitive Data Collection, Retention and Access Recommendation #7 Industry, Small Business Admin., Chambers of Commerce and similar organizations need to develop and distribute practical guidance for small businesses on data collection, retention and access Industry and key government stakeholders (FTC, OMB, SSA) need to develop uniform guidance on the collection, use and retention of Social Security numbers

Maintenance of Identity InformationCreate Uniform Guidance on Data Breach Notification and Remediation : 

Maintenance of Identity InformationCreate Uniform Guidance on Data Breach Notification and Remediation Recommendation #8 Issue stakeholders need to dialogue on the desirability / feasibility of developing a private sector standard for data breach notification, recognizing there are tradeoffs Industry should assemble a cross-sector forum to develop uniform guidance on consumer remediation in the event of a data compromise Issue stakeholders should educate / reinforce ID theft prevention strategies to consumers

Industry Analyst Perspectives : 

Industry Analyst Perspectives . James Van Dyke President and Founder Javelin Strategy & Research Larry Ponemon Founder and Chairman Ponemon Institute

Question & Answer Period : 

Question & Answer Period .

For more information,or to download the Report,please visit www.ansi.org/idspThank You! : 

For more information,or to download the Report,please visit www.ansi.org/idspThank You! .

authorStream Live Help