Report hits fed security

The Canadian government doesn’t meet its own minimum standards for IT security, Canada’s auditor general said in a report last month.

In a document that pulled no punches, Sheila Fraser dubbed the government’s IT security efforts as “unsatisfactory.”

“Two and a half years after revising its Government Security Policy, the government has…to translate its policies and standards into consistent, cost-effective practices that will result in a more secure IT environment in departments and agencies,” the report said.

Those findings, which were tabled in the House of Commons on Feb. 15, represent an update to a 2002 report that put IT security under scrutiny. Fraser expressed concern that the government had made little progress on the earlier report’s recommendations.

“In many departments and agencies, senior management is not aware of IT security risks and does not understand how breaches of IT security could affect operations and the credibility of the government,” Fraser told the House. “If security weaknesses allowed someone to access a database or confidential information, Canadians’ trust in the government would be greatly eroded.”

Her report warned that if a citizen’s privacy were violated because of a failure to keep confidential information secure, “it could cause that person hardship and seriously undermine the government’s efforts to deliver services to Canadians electronically.”

In a news release on the report, Fraser expressed disappointment that though most IT security standards have been known for more than a decade, the government still does not fully comply with them. “It means government systems and the sensitive data they hold are vulnerable to security breaches.”

The report also said compliance and awareness failures have broad implications and could “erode the trust Canadians have in the ability of their government to transact business online, in a secure and confidential environment.” The auditor general recommended all departments and agencies should prepare timely IT security action plans, which would be reviewed in December, 2006.

A Canadian security expert agreed and said IT security breaches would be more than just an embarrassment to the government. “The consequences are very high [and] the penalty could be severe. Security is like quality, you need it,” said Brian O’Higgins, CTO for Ottawa-based Third Brigade, a software security firm. As well, Fraser’s audit found that, in general, depart

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now