E-CommerceALERT.com is part of the Bennett Gold LLP web site network.
LINK TO: Bennett Gold LLP, Chartered Professional Accountants, home page.
LINK TO: E-CommerceALERT.com Home Page.
CLICK to GO BACK to Main Page.

Research and retrieval of news articles by:
Bennett Gold LLP, Chartered Professional Accountants

Effective December 31 2012, articles are no longer being updated on this web site.
The site is now maintained as an historical archive, covering notable e-commerce news articles from the period 1999 to 2012.


Source: National Post

Posted on February 15, 2005

      The personal information of Canadians is at risk due to "significant weaknesses" in government computer security that leave the digital door open to hackers and thieves, says the auditor general.

      In a highly critical report released Tuesday, Sheila Fraser warns that federal agencies have failed to keep up with the demands of the electronic age, making sensitive information vulnerable.

      "If security weaknesses allowed someone to access a database or confidential information, Canadians' trust in the government would be greatly eroded," the report says.

      "Further, if a citizen's privacy were violated because of a failure to keep confidential information secure, it could cause that person hardship and seriously undermine the government's efforts to deliver services to Canadians electronically."

      Fraser told a news conference she was disappointed the government does not meet its own minimum standards for information technology security, even though most of them have been well known for more than a decade.

      The auditor general likened it to a homeowner leaving the back door open - eventually someone will break in.

      "Government must fill in the gaps," she said. "There are weaknesses in the system."

      But Fraser stopped short of urging Canadians to avoid using online federal services, saying she would continue to file her tax return by computer.

      Information security is becoming increasingly important given that the federal government wants Canadians to have electronic access to key information and transactions by the end of the year.

      Growing use of the Internet, portable computer devices and wireless technologies have made access to data easy and affordable, the report notes.

      "This environment provides more opportunities for problems to occur, such as theft of data, malicious attacks or criminal actions."

      Fraser found the Treasury Board Secretariat was "not adequately fulfilling its role of monitoring and overseeing" the state of security across the government.

      Last May, the secretariat surveyed 90 departments and agencies on their security practices. Of the 46 that responded, only one agency met the basic requirements of the government security policy and related standards.

      The survey found:

      - Sixteen per cent of departments did not even have an information security policy. Of those that did have one, 33 per cent indicated it had not been formally approved by management.

      - More than one-quarter of departments did not have a policy requiring a plan to keep critical systems and services running in the event of a major attack or power failure.

      Other internal studies flagged similarly worrisome problems.

      "Vulnerability assessments, conducted in departments and agencies over the last two years, have revealed significant weaknesses that, if exploited, could result in serious damage to government information systems," says Fraser's report.

      Despite the potential for difficulties, many departments and agencies had yet to adequately assess the threats and risks to their computer systems.

      In addition, there was often lax control of access to sensitive data and programs by people without authority to see it, the report says. In some cases, computer passwords were not set properly, and most organizations did not have a comprehensive program for monitoring who was using their digital networks.

      Fraser says there have been some advances since 2002 when she last examined these issues, but concludes that overall the government has made "unsatisfactory progress."

      A lack of money and people, coupled with little interest in information technology security among senior management, are among the reasons for the continuing gaps, the report says.

      Fraser makes several recommendations, including preparation of action plans indicating when each department and agency intends to comply with security requirements.

      The report says the Treasury Board Secretariat has "responded positively" to the recommendations and, in some cases, is already taking action.

CLICK to GO BACK to Main Page.

E-Commerce Alerts are issued by Bennett Gold LLP, Chartered Professional Accountants as situations develop. Bookmark this site and check back often. Our e-mail address is: info@BennettGold.ca

In accordance with United States Code, Title 17, Section 107 and Article 10 of The Berne Convention on Literary and Artistic Works, the news clippings on this web site are made available without profit for research and educational purposes.

Final Entries

LINK TO: Bennett Gold, Chartered Professional Accountants: A Licensed Provider of WebTrust Services.

WebTrust Is Your
Best Defense
Privacy Breaches.

Get WebTrust
Working For
Your Site.