Security Threat Risk Assessment — eServices Platform
The Government of the Yukon, Highways and Public Works, ICT leadership required an understanding of where and how sensitive information may be at risk of being compromised for the public facing systems serving their citizens. Adding to complexity was that their systems had many touch points between business owners, multiple external software vendors, IT, and front line staff.
Make IT was engaged to conduct a Security Threat Risk Assessment for several web based applications developed and supported by the eServices Frameworks spanning several departments. A total of 8 applications were evaluated including systems in operation for Highway and Public Works, Health and Social Services, Environment Services and the Yukon Courts.
Our assessment required us to interview business owners from each department, external software contractors, ICT infrastructure staff, and eService program management staff. Following the interview process, we evaluated the eServices platform, supporting network infrastructure and security for structural weaknesses that may be vulnerable to multiple internal and external threats.
Reporting directly to the eServices Branch Senior Management, Make IT delivered a report detailing sensitivity of the data managed by the platform, confidentiality and privacy considerations, data integrity and availability. The client was left with a comprehensive view of the overall risk profile of its eServices platform. As well, we were able to guide them through multiple approaches and tactics for risk mitigation they could act on immediately to secure their systems. Critical risks identified by the assessment were then addressed by the client and the 8 applications were deployed safely to production.
The Government of the Yukon needed a secure, easy-to-use tender management system that enabled them to manage, advertise, distribute, and download public purchasing opportunities for goods, services, and construction in the Yukon, and ensure the public was notified of new opportunities, addendums, cancellations, and tender awards.
Make IT designed and architected an eservice procurement platform that supports both public and private access to procurement information. The innovative security features keep sensitive procurement information safe for both the government and its public users without impeding access or usability.
The new system currently supports more than 300 internal government users, has attracted more than 5,000 active public users, and continues to mature and grow. Not only has the system significantly reduced the government’s production and distribution costs for the tender process, it has also enabled the government to enhance their visibility and tap into new and broader markets.