Internal audit - security assessment and authorization : final report / Audit, Evaluation, and Risk Branch.: Rv4-167/2023E-PDF

"As cyber threats grow in sophistication and magnitude, the Canada Revenue Agency (CRA) must manage a wide range of security risks in a rapidly changing environment. A cyber attack can disrupt the availability of digital services and threaten the security of information that taxpayers and benefit recipients have submitted to the CRA. Security assessment and authorization is an essential process for the information technology (IT) security function to establish and maintain confidence in the security of information systems that are used or managed by the CRA, while considering the business needs for security. This internal audit covered the current security assessment and authorization process in place within the Security Branch, which is responsible for establishing security governance at the CRA. The Security Branch is also responsible for overseeing the IT and electronic data security elements of the security program. In conjunction with process stakeholders in branches, the Security Branch assesses the security posture of all IT projects and ensures IT security-related residual risks associated with the programs, services, and operations are assessed and appropriately approved to operate. The objective of the audit was to provide the Commissioner, CRA management, and the Board of Management with assurance that the security assessment and authorization requirements are in place and working as intended"--Executive summary, page 1.

Permanent link to this Catalogue record:
publications.gc.ca/pub?id=9.918725&sl=0

• MARC XML format
• MARC HTML format

Request alternate formats