-
Univers
-
Ebooks
-
Livres audio
-
Presse
-
Podcasts
-
BD
-
Documents
-
- Cours
- Révisions
- Ressources pédagogiques
- Sciences de l’éducation
- Manuels scolaires
- Langues
- Travaux de classe
- Annales de BEP
- Etudes supérieures
- Maternelle et primaire
- Fiches de lecture
- Orientation scolaire
- Méthodologie
- Corrigés de devoir
- Annales d’examens et concours
- Annales du bac
- Annales du brevet
- Rapports de stage
La lecture à portée de main
4 pages
English
Le téléchargement nécessite un accès à la bibliothèque YouScribe
Tout savoir sur nos offres
Tout savoir sur nos offres
4 pages
English
Le téléchargement nécessite un accès à la bibliothèque YouScribe
Tout savoir sur nos offres
Tout savoir sur nos offres
Description
Audit of Information Technology Security WESTERN ECONOMIC DIVERSIFICATION CANADA Audit and Evaluation Branch March 2010 Western Economic Diversification Canada 1.0 Summary Report Background 1.1 Western Economic Diversification Canada (WD) has a mandate to promote the development and diversification of the economy of western Canada (Manitoba, Saskatchewan, Alberta and British Columbia) and to advance the interests of western Canada in national economic policy, program and project development and implementation. WD works to improve the long-term economic competitiveness of the West and the quality of life of its citizens by supporting a wide range of initiatives that support the department’s strategic outcome: the western Canadian economy is developed and diversified. WD headquarters office is located in Edmonton with a corporate support office in Ottawa. Regional offices are located in Vancouver, Edmonton, Saskatoon and Winnipeg. 1.2 WD is subject to the Treasury Board Policy on Government Security. The Policy defines the basic requirements to safeguard employees and assets, and to assure the continued delivery of services. In 2005, the Treasury Board Secretariat required federal departments, including WD, to implement by December 2006 the 144 standards, as applicable, from the Management of Information Technology Security operational standard. These standards form the baseline requirements for ...
Informations
| Publié par | Zoed |
| Nombre de lectures | 20 |
| Langue | English |
Extrait
Audit
of Information Technology Security
WESTERN ECONOMIC DIVERSIFICATION CANADA
Audit and Evaluation Branch
March 2010
Western Economic Diversification Canada
Audit of Information Technology Security
Final report
1
1.0
Summary Report
Background
1.1
Western Economic Diversification Canada (WD) has a mandate to promote the
development and diversification of the economy of western Canada (Manitoba,
Saskatchewan, Alberta and British Columbia) and to advance the interests of western
Canada in national economic policy, program and project development and
implementation.
WD works to improve the long-term economic competitiveness of the
West and the quality of life of its citizens by supporting a wide range of initiatives that
support the department’s strategic outcome: the western Canadian economy is developed
and diversified. WD headquarters office is located in Edmonton with a corporate support
office in Ottawa.
Regional offices are located in Vancouver, Edmonton, Saskatoon and
Winnipeg.
1.2
WD is subject to the Treasury Board
Policy on Government Security
. The Policy defines
the basic requirements to safeguard employees and assets, and to assure the continued
delivery of services. In 2005, the Treasury Board Secretariat required federal
departments, including WD, to implement by December 2006 the 144 standards, as
applicable, from the
Management of Information Technology Security
operational
standard. These standards form the baseline requirements for departmental Information
Technology (IT) security programs so that federal departments, like WD, ensure the
security of information and IT assets under their control.
1.3
The audit of Information Technology Security was identified in WD’s approved 2009 –
2012 Risk Based Audit Plan. WD is a department with limited IT security exposure from
a federal government perspective, but WD needs to respond to all the same federal IT
security policy and standards requirements.
1.4
The audit objective is for the chief audit executive to provide audit assurance whether
WD has in place effective information technology security framework and practices that
meet the Government of Canada
Management of Information Technology Security
standards and complies with WD Information Security policy.
1.5
The audit work was undertaken by a consulting firm with knowledge and experience in
conducting IT Security audits and managing vulnerability assessments. The WD Audit
and Evaluation Branch monitored the audit and the Chief Audit Executive is responsible
for the Statement of Assurance.
1.6
The audit focused primarily on the management controls within the Information
Management and Technology Division, and examined linkages to overall departmental
security management. The scope of the audit work covered the period from April 2007 to
February 2010. The work included the use of technical applications to conduct
vulnerability assessment on WD premises in February 2010. A vulnerability assessment
is the process of using application software to identify, quantify, and prioritize the
vulnerabilities in a system or network.
Western Economic Diversification Canada
Audit of Information Technology Security
Final report
2
Findings
1.7
For the most part, WD has put in place reasonably effective IT security measures in the
context of the size of the department and the scope of threats and risk. However,
opportunities exist to fortify IT security in the overall security regime of the department
as noted herein. These are moderate risks to WD and can be corrected through
appropriate management action.
1.8
The working relationship between the IT Security Coordinator and Departmental Security
Officer is a good one and both see security as a shared role. However, while the IT
Security Coordinator is responsible for the IT security policy and program, it is not clear
who is accountable for the overall role of reviewing, updating and issuing WD security
policies as there is no single suite of WD Security Policies that includes IT Security. The
existing security strategy document references to the older Government Security Policy
which predates the current Treasury Board
Policy on Government Security
.
It has not
been updated to reflect the
Directive on Departmental Security Management
issued in
July 2009.
1.9
WD does not have a security policy suite or an integrated IT security plan in place. IT
security policy and other security policies have lapsed beyond their scheduled review
dates. WD security policies no longer provide up-to-date guidance on roles,
responsibilities and
Policy on Government Security
and the
Management of IT Security
requirements. WD’s policy has not been updated since the introduction of the Treasury
Board
Policy on Government Security
.
1.10
Greater communication and coordination amongst headquarters and regional IT resources
could exist. Service and operational level agreements with regional IT involvement have
not yet been developed.
1.11
The vulnerability assessment found that majority of the active systems demonstrated
reasonable configuration, patch levels, and other protective measures to mitigate risk. The
vulnerability assessment provided specific examples of technical vulnerabilities and a
baseline for network security. Existing technical vulnerabilities in the network potentially
expose WD to a variety of risks.
Western Economic Diversification Canada
Audit of Information Technology Security
Final report
3
2.0
Conclusion and Audit Assurance
2.1
Western Economic Diversification Canada has instituted processes and practices that
address many of the
Management of IT Security
requirements and the
Policy on
Government Security
.
Many elements of an effective IT Security framework are in place.
Opportunities exist to further strengthen the current practices and processes. If not
addressed, the auditors feel that these gaps present moderate residual risk to management.
2.2
In the professional judgment of the Chief Audit Executive, sufficient and appropriate
audit procedures have been conducted and evidence gathered to support the accuracy of
the conclusion provided and contained in this report. The conclusion is based on a
comparison of the conditions as they existed at the time, against pre-established audit
criteria that were agreed with management. The evidence was gathered in accordance
with the Government of Canada internal audit standards, the Treasury Board of Canada
Policy on Internal Audit and its associated directives.
-
Univers
-
Ebooks
-
Livres audio
-
Presse
-
Podcasts
-
BD
-
Documents
-
Jeunesse
-
Littérature
-
Ressources professionnelles
-
Santé et bien-être
-
Savoirs
-
Education
-
Loisirs et hobbies
-
Art, musique et cinéma
-
Actualité et débat de société
-
Jeunesse
-
Littérature
-
Ressources professionnelles
-
Santé et bien-être
-
Savoirs
-
Education
-
Loisirs et hobbies
-
Art, musique et cinéma
-
Actualité et débat de société
-
Actualités
-
Lifestyle
-
Presse jeunesse
-
Presse professionnelle
-
Pratique
-
Presse sportive
-
Presse internationale
-
Culture & Médias
-
Action et Aventures
-
Science-fiction et Fantasy
-
Société
-
Jeunesse
-
Littérature
-
Ressources professionnelles
-
Santé et bien-être
-
Savoirs
-
Education
-
Loisirs et hobbies
-
Art, musique et cinéma
-
Actualité et débat de société
- Cours
- Révisions
- Ressources pédagogiques
- Sciences de l’éducation
- Manuels scolaires
- Langues
- Travaux de classe
- Annales de BEP
- Etudes supérieures
- Maternelle et primaire
- Fiches de lecture
- Orientation scolaire
- Méthodologie
- Corrigés de devoir
- Annales d’examens et concours
- Annales du bac
- Annales du brevet
- Rapports de stage
Signaler un problème
YouScribe
Le catalogue
Le service
© 2010-2024 YouScribe