Cyber security should be a shared responsibility in the Canadian federal government. Every department has a role to play, and there needs to be full transparency between departments and agencies to effectively deal with emerging threats.
That’s the message we heard at last week’s RSA Summit in Ottawa. Iceberg joined over 200 IT professionals from the government and other organizations to hear presentations from government leaders and RSA security experts about the current cyber threat environment, and new approaches to address security and risk.
With the volume and velocity of threats increasing, there were a lot of questions from participants about how they can use their limited resources as effectively as possible: How do departments know they’re spending money in the right places? What are the right tools to use? How should those tools be deployed to get user buy-in and adoption. How to prioritize security spending? Where do we start?
Iceberg’s Kirk Hogan gave a presentation on advancements in Governance, Risk and Compliance (GRC) solutions, including RSA Archer GRC, that address many of these concerns. He also shared some success stories on work that is already occurring in federal government departments towards building Risk Intelligence programs, including:
- Two large federal departments that are leveraging ITSG-33 content within the Archer platform to automate parts of their Security Assessment & Authorization (SA&A) program. In one case they are now adding automation for their TRA (Threat Risk Assessment) process, allowing for a more efficient and effective ability to complete their assessments.
- One large provincial government has leveraged GRC tools to automate parts of their TRA program, improving coverage from 50% to over 90%
- Another popular use case has been automating the BIA (Business Impact Analysis) process for government organizations. This allows for more trusted, transparent and aggregated results providing management the ability to effectively prioritize where to focus their investments.
In the end all organizations, provincial and federal, want to provide transparent (drill-down) and aggregated data for executive dashboard reports, that allows for more confident and effective decisions.