Risk Management

Description

Outcomes

 

• Better protection against cyberattacks.
• Understanding how to assess and protect their computer systems.
• Up to date understanding of cybersecurity risks.
• Expended fewer resources on STRA development, leading to cost savings.
• Informed strategies by lessons learned from other public organizations.
• Provincial consistency and alignment in risk assessment and planning.

Resources

Risk Register Template (Excel)
Once an STRA is complete, residual risks which still require a treatment should be transferred to a risk register, tracked, and followed-up on until at an acceptable level to the accountable individual.

Broader Public Sector – STRA SoAR Template (Docx)
STRA / SoAR Word template for Broader Public Sector organizations.

STRA Standard (PDF)
The purpose of this standard is to set requirements for efficiently assessing, defining planned treatments, and reporting security threats and risks in information systems.

STRA Specification (PDF)
Provides guidance on completing a Statement of
Acceptable Risks.

Return on Security Investment (ROSI) Calculator (Excel)
ROSI Calculator which can help when assessing security risk.

_{Download All Resources (.zip)}

---

Videos

Executive Overview
In this quick 15-minute training video we provide an executive overview of how the Province of British Columbia approaches Information Security Risk Management.

What is a security risk?
In this training video we cover basic concepts around what a security risk is.

Patch Management Course
This course covers what patch management is, why it is required, OCIO patch standard, benefits, and responsibilities.