News

Protecting the Medium and the Message: Information Security at CPKN

By Brian Fleming, CPKN Manager of IT Systems

The nature of CPKN operations demands information security to be a top priority.

CPKN protocols address information security on two levels: the confidentiality, integrity and accessibility of the technology infrastructure through which data is stored, manipulated, and transferred (the medium); and the various data associated with day-to-day business such as learner details, training records, passwords, credit card numbers, course content, etc. (the message).

CPKN has adopted a series of best practices for planning, assessing, and managing information security. These are based on:

  1. SEI's Operationally Critical Threat, Asset, and Vulnerability EvaluationSM (OCTAVE®) which defines a risk-based strategic assessment and planning technique for security; and
  2. ISO/IEC 27002:2005 (Information technology - Security techniques - Code of practice for information security management) which establishes guidelines and general principles for initiating, implementing, maintaining, and improving information security management in an organization.

CPKN is committed to providing the highest possible levels of security. As part of continuing efforts in this area, recent activities have included:

  • An independent IT security audit conducted by CISSP/CISA certified professionals;
  • Development of general INFOSEC and information classification policies;
  • Ongoing development of data ownership/ stewardship policies;
  • Research regarding the feasibility of adopting COBIT;
  • Implementation of an IT inventory system;
  • Developing data transfer encryption standards; and
  • The investigation of TLS (transport layer security) for portal access.

CPKN takes information security very seriously and will continue to review and enhance policies, procedures, guidelines, and practices as part of an ongoing improvement process.

Brian Fleming has 18 years of experience in IT management in both the private and public sectors. He is an Information Systems Professional of Canada and Applied Science Technologist in Industrial Management, and holds a Master of Science degree in Information Systems from Athabasca University.