FAQ

Last updated on April 23, 2024

What is a security threat and risk assessment (STRA)?

A security threat and risk assessment (STRA) assess and report security risks for an information system at a point in time. For each identified risk, an STRA documents a risk rating and planned treatment. STRAs help make informed, risk-based decisions. The assessment may result in multiple artifacts and, at minimum, must produce a Statement of Acceptable Risks (SoAR).

Visit the B.C. government’s Security Threat and Risk Assessment web page for more information about conducting an STRA.

Does CyberBC offer any security threat and risk assessment tools?

Visit the STRA Tools and Templates web page to access the following STRA tools:

STRA/SoAR template for Broader Public Sector organizations
Risk register template
Return on security investment calculator

What is the difference between policies, standards, and specifications?

The three documents work together to provide an increasing level of detail about a topic. First, policies give high-level statements of intent. Then, standards provide controls that support and expand on the policy statements. Lastly, specifications provide technical guidance to support the controls in the standard.

Example:

Policy: Sensitive traffic must be encrypted.

Standard: You must only use approved cryptographic algorithms and key sizes for encryption.

Specifications: For public key algorithms, only use Rivest-Shamir-Adleman (RSA) or Elliptic curve cryptography (ECC).

Where can I find IM/IT Policies and Frameworks offered by CyberBC?

To learn more about IM/IT Policies and Frameworks, see our CyberBC Packages. If you have any questions regarding our policies or standards, contact Cyber.BC@gov.bc.ca.

Where can I find information about incident response?

The following resources provide information about incident response:

Canadian Centre for Cyber Security

Incident Response – Province of British Columbia (gov.bc.ca)

If you have any further questions, contact Cyber.BC@gov.bc.ca

Do you have any resources for adopting cloud services?

Visit the following B.C. government web pages to learn more about adopting cloud services:

Cloud Services in the B.C. government
Security Schedule – Cloud Security

Can B.C. public sector organizations use the B.C. government’s Corporate Supply Arrangements (CSAs) for security services?

Broader public sector organizations in B.C. may be eligible to access the pricing, terms, and conditions in many of the CSAs. Visit the CSA FAQ for more details on registration and procurement.

Email questions about CSAs to the Procurement Services Branch (procurement@gov.bc.ca).

My organization would like to participate in the CyberBC program. Where can I find information on how to participate?

If you have any questions regarding CyberBC, please contact us at Cyber.BC@gov.bc.ca. If you are a vendor looking to participate in the CyberBC program, please note that a Corporate Supply Arrangement can be used by both public and private sector organizations. Please visit the CSA FAQ website where you can find valuable information and may address most of the questions you may have.

A current RCSA is open to vendors until May 10, 2024.

How can I hire a co-op student to work on a cybersecurity project in my organization?

Contact Cyber.BC@gov.bc.ca for details about hiring a co-op student from the Grow with Us program.

Did you find what you were looking for?

The B.C. Public Service acknowledges the territories of First Nations around B.C. and is grateful to carry out our work on these lands. We acknowledge the rights, interests, priorities, and concerns of all Indigenous Peoples - First Nations, Métis, and Inuit - respecting and acknowledging their distinct cultures, histories, rights, laws, and governments.

More topics

FAQ