Information Technology (IT) Security Risk Management Practice

Number:	Creation Date: 2009-08-24
Category: Risk Management	Effective Date: 2009-08-24
Version: 4.2	Last Reviewed: 2021-03-01
Security Classification: Protected A	Scheduled Review Date:
Status: Approved	Scope: Government of Alberta

Description:

This practice is intended for use by Sector Information Security Officers (SISOs), CISO or other security practitioners to help understand Sector/Ministry IT security risks, and conduct Security Threats and Risks Assessments (STRAs) in a timely manner as new projects are initiated. This practice provides an overview of the relationship between these three vectors (vulnerabilities, threats and controls/safeguards) as they relate to IT security risks.

Please note that information classified as Protected (per the Data and Information Security Classification standard) is only accessible to Government of Alberta Employees. External users are therefore not able to download this document. To request access, please contact us: imt.policy@gov.ab.ca.

Keywords: CISO, Risk Assessment, Risk Management, stra, vulnerability, Cybersecurity

Download: Information Technology (IT) Security Risk Management Practice (PDF) (Cybersecurity Services)

Supporting Documents

High-level IT Security Risk Management Process Diagram (PDF) (Cybersecurity Services)

Related Policies

GoA Enterprise Risk Management Framework

Information Technology (IT) Security Risk Management Practice // <![CDATA[ _spBodyOnLoadFunctionNames.push("setupPageDescriptionCallout"); // ]]>

Information Technology (IT) Security Risk Management Practice