A report assessing cybersecurity at a B.C. university could improve cybersecurity at all provincial post-secondary institutions and beyond.

At least that is the hope of Auditor-General Michael Pickup after presenting his audit of cybersecurity risk management at Vancouver Island University Tuesday (Aug. 1) at a news conference in the provincial legislature.

The audit 香蕉视频直播� first of its kind since Pickup assumed his current role three years ago and the first involving a post-secondary institution in more than a decade 香蕉视频直播� finds VIU香蕉视频直播檚 board failed to oversee policies and strategies critical to protecting information systems and data.

Pickup said the audit did not consider the day-to-day technical issues of cybersecurity at the university, but rather the role of the university board, which according to the report, serves as 香蕉视频直播渁 line of defence香蕉视频直播� to protect the university and improve its response to cyber threats.

香蕉视频直播淔or example, the board of governors can evaluate whether management has implemented strategies to mitigate risks to its technology infrastructure,香蕉视频直播� it reads.

VIU has an enrollment of 12,000 students spread across four campuses and employs 1,500 faculty and staff.

As such, VIU represents only a small sample of the 25 publicly-funded post-secondary institutions in British Columbia and their nearly 180,000 full-time students in 2021-2022.

RELATED:

But if Pickup香蕉视频直播檚 office only audited VIU because of its relative size, the implications of the audit promise to touch the other 24 post-secondary institutions as well, given the crucial and growing importance of IT in post-secondary learning and not just since the COVID-19 pandemic.

Accordingly, Pickup urged other post-secondary institutions to review his findings and the criteria it used.

香蕉视频直播淲e can香蕉视频直播檛 be everywhere auditing everything, but there is no reason why other organizations, universities (and) post-secondary institutions can香蕉视频直播檛 pick this audit up and look at it and do some self-assessment,香蕉视频直播� Pickup said.

According to the report, VIU香蕉视频直播檚 board failed in three areas. First, the board lacks a training program in cybersecurity risk management to increase their subject knowledge in areas of risk, including cybersecurity risk.

香蕉视频直播淏oard members need to have up-to-date knowledge of cybersecurity risk management to be effective in their oversight role,香蕉视频直播� it reads.

Second, the board has updated its current risk management policy since 2012, so more than a decade ago, which may be nothing short of eternity in the world of IT.

香蕉视频直播淒uring the audit period, the board of governors reviewed, but didn香蕉视频直播檛 approve, an updated risk management policy,香蕉视频直播� it reads.

Third, for most of the last fiscal year, the board of governors had not reviewed cybersecurity risk mitigation strategies, which include compliance with legal and regulatory requirements.

Pickup praised the board for adopting his office香蕉视频直播檚 four recommendations, but noted his office will review their implementation.

He also expressed hope that the findings of the report will inform broader political changes with effects for cybersecurity at large.

Improving oversight of cybersecurity policies and strategies does not reduce risks to zero, he said.

香蕉视频直播淏ut it should reduce the likelihood of a risk of bad things happening,香蕉视频直播� he said. 香蕉视频直播淪o you want to do all the appropriate things that one would expect.香蕉视频直播�

READ ALSO:

sig code