Transport Canada mulls e-training on IT security

Transport Canada hopes to improve risk management profile by planning some enhancements to its IT security training programs for all its employees.

The federal department is responsible for overseeing the flow of millions of dollars in goods and services across the border, and a big part of that job involves ensuring people and assets are properly protected, said Richard Ruta, director of IT/IM security and infrastructure planning at Transport Canada. At the same time, it is equally important that services be sustained despite any potential security threats, he added.

Ruta made his comments at last week’s GovSym, a public sector conference held in Ottawa and hosted by IT World Canada and founding sponsor Symantec.

Transport Canada already provided IT security training as part of new employee orientation, Ruta said. The plan now is to introduce a refresher about once every two years. Ruta is currently overseeing an initiative that could involve using technology as part of the process.

“We’re looking at computer-based training that could be pushed out and checked to ensure it has been completed,” he said. “We’re not trying to penalize people here, but we need to make sure the emphasis on proper security policies are well understood. Compliance is not discretionary.”

Ruta said Transport Canada has deliberately integrated IT security with information management policies in order to show that both elements are necessary for the successful operations of its services.

Rob Thorne, director of risk management and compliance at EDS, told GovSym that proper IT security depends in part on how well an organization can gauge its “risk appetite” related to various threats. For example, some risks may require an organization to terminate a certain activity. In other situations, it may be possible to transfer the risk onto a person, department or third party who can better handle it. Risks can also be treated and effectively dealt with, or simply accepted if the potential outcome isn’t too severe.

All these variables become critically important in the public sector, Thorne said, which Symantec has indicated represents the second-largest target for IT security attacks. “Threats are becoming much more state-sponsored,” he said.

Ruta said Transport Canada is very careful to follow federal government guidelines such as creating Statements of Sensitivity (SoS) that becomes part of the system development process and looks at issues around access. The department tries to look at everything under its purview to see what should be considered unclassified, protected or classified, he said.

A more challenging risk, perhaps, is that posed by the increased use of mobile technologies such as laptops or thumb drives which store confidential data. “Employees going home and working on these things on their home computers could bring back malware,” he pointed out.

Ruta did not say what kind of computer-based training tools Transport Canada was considering or what kind of a timeline would be involved in rolling it out.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Shane Schick
Shane Schickhttp://shaneschick.com
Your guide to the ongoing story of how technology is changing the world

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now