|
| Client: | Findhelp
Information Services |
| Projects: | 211Ontario.ca
Threat Risk Assessment
|
| Result: | The TRA confirmed control effectiveness and demonstrated due diligence of the 211Ontario.ca project team to stakeholders.
|
Issue:
Across North America, 211 is the first number to call for access to non-emergency
community, human and social services information and referral. In Canada, the
211 Canada Project is being spearheaded by United Ways-Centraides and the Inform
Canada Federation. In Ontario, the 211Ontario.ca project will consolidate local
sources of Ontario human services data into an integrated provincial database
of information and services. An important goal of 211Ontario.ca is to provide
a central, online repository of information to electronic community services
developed by communities, private sector initiatives, the Government of Ontario,
and 211 service providers across the province.
The 211Ontario.ca business case plans to add numerous municipalities
to the existing information
and communications technology that supports online community service
directories for Toronto, Niagara Region and Simcoe County. An
essential due diligence step in realizing the 211Ontario.ca vision
is a threat risk assessment (TRA), to identify security requirements
of the portal as contemplated in the business case, and, to identify
risks associated with the existing in-scope portal, which is operated
by the City of Toronto.
Approach
and Workplan:
The 211Ontario.ca TRA follows best
practices in IT risk management and risk
assessment. It first examined the critical
211Ontario.ca related assets and their
sensitivities. Using internationally applied
frameworks for controls for information
security and information technology, controls
objectives were identified. Through a
review of the 211Ontario.ca business case,
and other pertinent documentation, and
discussions with Findhelp management and
designated participants, existing controls
and potential risks, threats and vulnerabilities
were identified and assessed. From this,
a recommended set of controls that incorporates
effective controls and risk mitigation
strategies was identified that safeguards sensitive information and other assets
against potential threats and risks.
The Results:
The 211Ontario.ca TRA found existing controls effective,
and recommended to the 211Ontario.ca
Project Steering Committee checkpoint to proceed as planned.
Testimonial:
Kathy
Kelly, IT
Manager,
Threat Risk Assessment Client Project Manager,
Findhelp Information Services
View
testimonial "I
am thoroughly pleased with
the work that was done and
the manner in which it was
accomplished."
