The final approval to authorize operation of an information system and to explicitly accept the risk to the Ministry or Government (including mission, functions, image, or reputation), assets, or individuals, based on the implementation of an agreed upon set of security controls.
Legislation; the laws of the province.
Advise ministries and provide support for particular areas. They do not report through the department unless the Minister responsible for administrating the department specifically identifies an agency, board or commission to be within scope.
A collection of computer hardware, computer programs, databases, procedures and knowledge workers that work together to perform a related group of services or business processes.
For the purposes of information security policy, information in all forms and media, networks, hardware, software and application systems.
Is an examination of the facts to render an opinion and would include testing evidence to support the opinion.
Includes all types of event logs including (but not limited to) security, audit, application, access and network across all operating system platforms.
The act of establishing or confirming something (or someone) as authentic, that is, that claims made by, or about, the thing are true. Authenticating a person often consists of verifying their identity.
The property of being accessible and usable upon demand by an authorized entity. (ISO/IEC 13335-1:2004).
The procedures and information necessary for the timely recovery of essential services, programs and operations, within a predefined timeframe. The BCP includes the recovery following an emergency or a disaster that interrupts an operation or affects service or program delivery.
This is a business context assessment conducted as part of business planning that includes analysis of threats, risks, strengths, strategic opportunities, external environmental factors (e.g. macroeconomic factors and analysis of the potential value propositions for different groups of constituents) at a respective level of planning (e.g. ministry business context assessment is conducted as part of the ministry business planning).
Internal administrative and productivity information systems that support the organization such as e-mail, calendars and financial systems.
The business or project sponsor champions, and is accountable for, the project. He chairs the steering committee meetings and has ongoing accountability for the outcomes of the project in the form of its end product/services. The business/project sponsor provides overview and direction for the project.
The process of determining the system capacity needed to deliver specific performance levels through quantification and analysis of current and projected workload.
See: Security Certification
The objective of change management is to ensure that standardized methods and procedures are used for efficient and prompt handling of all changes in order to minimize the impact of change-related incidents and to improve day-to-day operations.
A circular is a document outline records management requirements set by
the Alberta Records Management Committee (ARMC).
An initiative in which a group of ministries collaborate to achieve commonality, cost-effectiveness, improved services delivery and performance.
Commercially available products that can be purchased and integrated with little or no customization.
Includes; an audit, risk and control review; security review; and monitoring of an information system to ensure compliance with relevant IMT Policies, Policy Directives or Standards.
Information is not made available or disclosed to unauthorized individuals, entities or processes.
Are the policies, procedures, practices and organizational structures
designed to provide reasonable assurance that business objectives will be
achieved and undesired events will be prevented or detected and corrected.
See: Information Security Program.
An initiative relating to all ministries within the GoA and/or Service Alberta operated shared services.
A piece of information that controls the operation of a cryptography algorithm. In encryption, a key specifies the particular transformation of data into encrypted data and the transformation of encrypted data into data during decryption. The cryptographic algorithm ensures that only someone with knowledge of the key can reproduce or reverse the transformation of data.
The discipline which embodies principles, means and methods for the transformation of data in order to hide its information content, prevent its undetected modification, or prevent its unauthorized use.
The physical location housing any information processing system, service or infrastructure; this includes storage facilities for equipment not yet deployed or awaiting disposal.
Hardware that information is written to and/or stored on. See also Hardware.
Establish expected behaviours and actions of ministries and employees to support policy approved by elected officials. Directives provide formal instruction that oblige ministries to take or avoid specific actions or provide specific objectives that must be met. Directives state control objectives and specify clear expectations for selection of controls in order to meet control objectives.
Establish expected behaviors and actions of ministries and employees to
support policy approved by elected officials. Directives provide formal
instruction that oblige ministries to take or avoid specific actions or provide
specific objectives that must be met.
The procedures and information necessary to recover critical IT functions from any event that may interrupt an operation or affect service or program delivery, within the timeframes determined in the Business Impact Assessment. The DRP is part of a ministry’s overall business continuity plan (Business Continuity Plan or BCP).
The actions taken regarding information that is no longer needed to support on-going administrative and operational activities in accordance with an approved Records Management Schedule. Directions may include destroy, transfer to the government archives, transfer to inactive records storage space, or retain permanently in unit.
The exchange of information between government and internal and external stakeholders independently of either participant’s computer system. e.g., electronically accessing forms, obtaining payments, sending invoices, receiving tax returns, placing orders and receiving transaction acknowledgements.
Includes all forms of electronic messaging such as e-mail, voice mail, instant messaging etc.
Is a person appointed under the Public Service Act.
A group of individuals working together for a common purpose, typically within the context of an organizational form such as corporation, public agency, charity or trust.
Is an identified occurrence of a system or service state indicating a possible breach of information security policy or failure of safeguards, or a previously unknown situation that may be security relevant.
A person external to government, including vendors, service delivery agents, business and citizens.
An error or failure in either software or hardware.
The GoA IMT Strategic Plan will provide: A 3-5 year overview of the GoA IMT strategic priorities that are required in the IMT environment; IMT technology opportunities assessment; and measurable outcomes of the proposed programs and projects to support realization of the IMT Strategy. The GoA IMT Strategic Plan is reviewed and updated on an annual basis based on the result of annual performance reviews.
A set of architecture blueprints and standards, security and policies, directives and standards and other compliance requirements that each project, regardless of funding sources and costs, must be evaluated against, comply with or provide satisfactory alternative approach to managing risks and security threats, enabling alignment with the business capabilities and corporate IMT standards.
Means all recorded information, regardless of physical format, that is received, created, deposited or held by or in any ministry, agency, board, commission, Crown corporation, institution, committee or council reporting or responsible to the Government of Alberta.
Government records include machine-readable records, data stored in information systems, film, audio and audiovisual tapes, etc. Government records include cabinet ministers' records that are created and/or accumulated and used by a Minister (or a Minster's office) in developing, implementing and/or administering programs of government. Government records do not include legislative records (records created and/or accumulated and used by an individual or an office in the administration of the Legislative Assembly of Alberta or by a Member of the Legislative Assembly). See: Record and Information.
See: Network infrastructure.
Provide information, advice or explanation to assist in implementation of policy or policy instruments. Guidelines provide advice or recommendations on controls to meet control objectives.