Risk management is a process of identifying, assessing, and mitigating threats that can affect an organization. It involves analyzing risks, impacts, monitoring and developing strategies to minimize harm.
One way to analyze risk is using a Security Threat and Risk Assessment (STRA) and a Statement of Acceptable Risk (SoAR). CyberBC provides examples of STRAs by allowing BC public sector partners to share sanitized versions of STRAs/SoARs with each other, allowing organizations to share best practices and reduce administrative work.
Risk Register Template (Excel)
Risk Register is a repository for residual risks identified when completing Security Threat and Risk Assessment. It’s also used to track and follow-up on risks mitigations to fulfill any regulatory compliance and includes additional information such as nature of the risk, references and the accountable individual.
Broader Public Sector – STRA SoAR Template (Docx)
STRA / SoAR Word template for Broader Public Sector organizations.
STRA Standard (PDF)
The purpose of this standard is to set requirements for efficiently assessing, defining planned treatments, and reporting security threats and risks in information systems.
STRA Specification (PDF)
Provides guidance on completing a Statement of Acceptable Risks.
Return on Security Investment (ROSI) Calculator (Excel)
ROSI Calculator which can help when assessing security risk.
Government of Canada Releases Its First Enterprise Cyber Security Strategy
Over the last few decades, public institutions and governments across Canada have become more and more reliant on the digital world to deliver programs and services.
Executive Overview
In this quick 15-minute training video we provide an executive overview of how the Province of British Columbia approaches Information Security Risk Management.
What is a security risk?
In this training video we cover basic concepts around what a security risk is.
Patch Management Course
This course covers what patch management is, why it is required, OCIO patch standard, benefits, and responsibilities.