|
000
| 03334nam 2200409zi 4500 |
|---|
| 001 | 9.918725 |
|---|
| 003 | CaOODSP |
|---|
| 005 | 20240502140436 |
|---|
| 006 | m o d f |
|---|
| 007 | cr mn||||||||| |
|---|
| 008 | 221228t20232023onc ob f000 0 eng d |
|---|
| 020 | |a9780660468785 |
|---|
| 040 | |aCaOODSP|beng|erda|cCaOODSP |
|---|
| 043 | |an-cn--- |
|---|
| 045 | |ay2y2 |
|---|
| 086 | 1 |aRv4-167/2023E-PDF |
|---|
| 245 | 00|aInternal audit - security assessment and authorization : |bfinal report / |cAudit, Evaluation, and Risk Branch. |
|---|
| 246 | 17|aInternal audit - security assessment and authorization |
|---|
| 246 | 17|aInternal audit - Programs and IT Division |
|---|
| 264 | 1|a[Ottawa] : |bCanada Revenue Agency = Agence du revenu du Canada, |c2023. |
|---|
| 264 | 4|c©2023 |
|---|
| 300 | |a1 online resource (16 pages) |
|---|
| 336 | |atext|btxt|2rdacontent |
|---|
| 337 | |acomputer|bc|2rdamedia |
|---|
| 338 | |aonline resource|bcr|2rdacarrier |
|---|
| 500 | |aIssued also in French under title: Vérification interne - évaluation et autorisation de la sécurité : rapport final. |
|---|
| 500 | |aCover title. |
|---|
| 500 | |a"January 2023." |
|---|
| 504 | |aIncludes bibliographical references. |
|---|
| 520 | |a"As cyber threats grow in sophistication and magnitude, the Canada Revenue Agency (CRA) must manage a wide range of security risks in a rapidly changing environment. A cyber attack can disrupt the availability of digital services and threaten the security of information that taxpayers and benefit recipients have submitted to the CRA. Security assessment and authorization is an essential process for the information technology (IT) security function to establish and maintain confidence in the security of information systems that are used or managed by the CRA, while considering the business needs for security. This internal audit covered the current security assessment and authorization process in place within the Security Branch, which is responsible for establishing security governance at the CRA. The Security Branch is also responsible for overseeing the IT and electronic data security elements of the security program. In conjunction with process stakeholders in branches, the Security Branch assesses the security posture of all IT projects and ensures IT security-related residual risks associated with the programs, services, and operations are assessed and appropriately approved to operate. The objective of the audit was to provide the Commissioner, CRA management, and the Board of Management with assurance that the security assessment and authorization requirements are in place and working as intended"--Executive summary, page 1. |
|---|
| 610 | 20|aCanada Revenue Agency|xComputer networks|xSecurity measures|xAuditing. |
|---|
| 650 | 0|aComputer security|zCanada|xAuditing. |
|---|
| 710 | 2 |aCanada Revenue Agency. |bAudit, Evaluation and Risk Branch, |eissuing body. |
|---|
| 775 | 08|tVérification interne - évaluation et autorisation de la sécurité : |w(CaOODSP)9.918724 |
|---|
| 856 | 40|qPDF|s456 KB|uhttps://publications.gc.ca/collections/collection_2023/arc-cra/Rv4-167-2023-eng.pdf |
|---|
| 856 | 4 |qHTML|sN/A|uhttps://www.canada.ca/en/revenue-agency/programs/about-canada-revenue-agency-cra/internal-audit-program-evaluation/internal-audit-program-evaluation-reports-2023/internal-audit-security-assessment-authorization.html |
|---|