00000nam 2200000zi 4500 9.918725 CaOODSP 20240502140436 m o d f cr mn||||||||| 221228t20232023onc ob f000 0 eng d 9780660468785 CaOODSP eng rda CaOODSP n-cn--- y2y2 Rv4-167/2023E-PDF Internal audit - security assessment and authorization : final report / Audit, Evaluation, and Risk Branch. Internal audit - security assessment and authorization Internal audit - Programs and IT Division [Ottawa] : Canada Revenue Agency = Agence du revenu du Canada, 2023. ©2023 1 online resource (16 pages) text txt rdacontent computer c rdamedia online resource cr rdacarrier Issued also in French under title: Vérification interne - évaluation et autorisation de la sécurité : rapport final. Cover title. "January 2023." Includes bibliographical references. "As cyber threats grow in sophistication and magnitude, the Canada Revenue Agency (CRA) must manage a wide range of security risks in a rapidly changing environment. A cyber attack can disrupt the availability of digital services and threaten the security of information that taxpayers and benefit recipients have submitted to the CRA. Security assessment and authorization is an essential process for the information technology (IT) security function to establish and maintain confidence in the security of information systems that are used or managed by the CRA, while considering the business needs for security. This internal audit covered the current security assessment and authorization process in place within the Security Branch, which is responsible for establishing security governance at the CRA. The Security Branch is also responsible for overseeing the IT and electronic data security elements of the security program. In conjunction with process stakeholders in branches, the Security Branch assesses the security posture of all IT projects and ensures IT security-related residual risks associated with the programs, services, and operations are assessed and appropriately approved to operate. The objective of the audit was to provide the Commissioner, CRA management, and the Board of Management with assurance that the security assessment and authorization requirements are in place and working as intended"--Executive summary, page 1. Canada Revenue Agency Computer networks Security measures Auditing. Computer security Canada Auditing. Canada Revenue Agency. Audit, Evaluation and Risk Branch, issuing body. Vérification interne - évaluation et autorisation de la sécurité : (CaOODSP)9.918724 PDF 456 KB https://publications.gc.ca/collections/collection_2023/arc-cra/Rv4-167-2023-eng.pdf HTML N/A https://www.canada.ca/en/revenue-agency/programs/about-canada-revenue-agency-cra/internal-audit-program-evaluation/internal-audit-program-evaluation-reports-2023/internal-audit-security-assessment-authorization.html