Risk Management

Description

Outcomes

 

• Better protection against cyberattacks.
• Understanding how to assess and protect their computer systems.
• Up to date understanding of cybersecurity risks.
• Expended fewer resources on STRA development, leading to cost savings.
• Informed strategies by lessons learned from other public organizations.
• Provincial consistency and alignment in risk assessment and planning.

Resources

 

Risk Register Template (Excel)
Risk Register is a repository for residual risks identified when completing Security Threat and Risk Assessment. It’s also used to track and follow-up on risks mitigations to fulfill any regulatory compliance and includes additional information such as nature of the risk, references and the accountable individual.

Broader Public Sector – STRA SoAR Template (Docx)
STRA / SoAR Word template for Broader Public Sector organizations.

STRA Standard (PDF)
The purpose of this standard is to set requirements for efficiently assessing, defining planned treatments, and reporting security threats and risks in information systems.

STRA Specification (PDF)
Provides guidance on completing a Statement of Acceptable Risks.

Return on Security Investment (ROSI) Calculator (Excel)
ROSI Calculator which can help when assessing security risk.

Government of Canada Releases Its First Enterprise Cyber Security Strategy
Over the last few decades, public institutions and governments across Canada have become more and more reliant on the digital world to deliver programs and services.

_{Download All Resources (.zip)}

---

Videos

Executive Overview
In this quick 15-minute training video we provide an executive overview of how the Province of British Columbia approaches Information Security Risk Management.

What is a security risk?
In this training video we cover basic concepts around what a security risk is.

Patch Management Course
This course covers what patch management is, why it is required, OCIO patch standard, benefits, and responsibilities.