City of St. Albert to undertake cyber security audit

/in


The City of St. Albert is planning an audit of its cybersecurity processes, policies, and programs this spring.

“This is to really minimize the risk,” Coun. Sheena Hughes said. “Should things go not the way you’re hoping in the risk department for cybersecurity, it can be very expensive.”

Hughes also said she thinks the audit will make the city government more effective, and cybersecurity is something all governments need to be on top of.

“The project objective is to evaluate the effectiveness of the city’s cybersecurity practices and controls to identify key risks and vulnerabilities, develop a plan to mitigate risks, and ensure the confidentiality, integrity, and availability of sensitive data and critical systems is protected against potential cyber threats and attacks,” reads an audit outline presented to St. Albert’s internal audit steering committee last month.

The committee is made up of two residents, and in 2024 will include Hughes, Coun. Wes Brodhead, and Coun. Ken MacKay.

The outline says the city will hire a consultant to use frameworks like the V8 Controls developed by the Centre for Internet Security or the United States government’s National Institute of Standards and Technology’s Cyber Security Framework to “identify, score, and assess risk level and maturity for each domain and related processes within the [frameworks] and provide [a] detailed report that outlines observations and recommendations for enhancements … to address identified gaps in controls or improvements of cybersecurity processes.”

Some aspects of the city’s processes that will be covered under the audit, according to the outline, include data recovery, malware defences, network monitoring and defence, penetration testing, incident-response management, security awareness and skills training, and more.

“You can prevent a lot of unnecessary costs by making sure that your risks are covered or minimized,” Hughes said. “So, this will allow that ability to recognize the fact that because everything is basically online now, we need to have the proper checks and balances in place to make sure that our data and all the other data for residents is properly…

Source…