As the threats to Information Technology security continue to grow and pose a significant risk to Government of Saskatchewan's business, it is important to note that information security is everyone's responsibility. No single person is responsible for the security of Government information. To ensure the privacy and accuracy of the information entrusted to us, everyone must comply with the security policies and procedures for managing information in a secure manner.
The Information Security branch within the IT Division (ITD) of the Ministry of Central Services is responsible for managing all things related to IT security. This includes:
- Providing interpretation and enforcement of the information security policy and standards
- Providing information security education and awareness
- Responding to information security Incidents;
- Performing Threat Risk Assessments (TRAs);
- Providing information security advice for business areas; and
- Evaluating new threats and vulnerabilities
To learn more about this service, read the IT Security Handbook or use the links below to jump to the content:
Completing a security assessment is an important part of any project. Are you involved in starting a new government IT project or initiative? Or working on an IT project handling sensitive information? Or does your project involve any external hosting of data? Have you thought about how the information will be protected from unauthorized access, loss or modification? If you are concerned about Confidentiality, Integrity and Availability, then a Threat Risk Assessment (TRA) is required and you can initiate a TRA by submitting a service request to the Information Security Branch.
Information Classification Guidelines are used to determine the appropriate security classification for data. This document will help determine if data is considered public, class C, class B or class A. Depending the classification, different security measures are required.
Unfortunately, even with firewalls in place, spam can get through. Sometimes, spam is sent to employees containing links or files with viruses or other malware. You can do your part to help prevent any viruses or other malware by not opening suspicious links and attachments in emails.
Phishing, the act of trying to obtain confidential information or money from users, has become increasingly common. This is often done with an email that appears to be legitimate, but is just a fake used to trick you. In some cases, phishing campaigns may even use a fake @gov.sk.ca email account. If you think you may have a suspicious email, trying phoning the sender before opening any links or attachments to confirm it is legitimate. If you cannot confirm this, do not open it. Delete the email from your inbox, delete it permanently from the deleted folder and call the IT Service Desk at 306-787-5000.
In the event that a suspicious email, attachment or link is accidentally opened, please call the IT Service Desk immediately at 306-787-5000. Similarly, if you suspect you may have a virus or notice abnormal activity on your workstation call the IT Service Desk.
If you manage any staff, it’s your responsibility to ensure their access changes to correspond with any change in their role. Whether or not your staff take a temporary or permanent leave, or simply change to a new role within the ministry, you are responsible to submit an IT Service Request to the IT division of Central Services, notifying them of the need to change or remove the employee’s access. This should be done a minimum of five days before the change takes effect.
When in doubt reference the policy. Policies are in place to help us govern IT security issues and make the best possible decisions when it comes to protecting government data.
- Government’s Information Security policy is intended to help safeguard the confidentiality, integrity and availability of the government’s information and systems. Users are bound by this policy, and should understand and abide by it.
- Government’s IT Acceptable Usage policy is the main IT policy that applies to users and is administered by the Public Service Commission. Users should understand and abide by it.
- Government has a Social Media policy that governs government employee use of social media, be it for government business or personal use that is administered by Executive Council. Users should understand and abide by it.
Ministry Security Officers exist across government, and are there to help you with matters related to IT security. They have a responsibility to promote security awareness and compliance with information security policies within their ministry or agency. If you have a question related to the security of your data or electronic information, you should contact your designated Ministry Security Officer
security, breach, policy, policies, information security policy, standard, standards, information, technology, information technology, information system, system, password, classify, classification, access, control, application, system, audit, authentication, backup, biometric, confidentiality, cryptography, encryption, firewall, malware, virus, network, threat, risk, safeguard, security control, incident, security incident; hacking; acceptable use; acceptable usage; vulnerability; streaming; IT security policy, acceptable usage, internet, ServiceNow
Get IT support; Start an IT project