Scribd
Upload
46 views27 pages

Security Categorization Template Examples

The document is a security questionnaire template for IRCC that was prepared by SA&A Lead Eddie Hatt and SA&A Consultant Clifford Clapp on April 21st, 2021. It contains definitions of potential injury levels from low to high and examples of outages and impacts. It also includes an inventory of IRCC business processes and information assets as well as potential failure scenarios and expected injury levels from loss of confidentiality, integrity, and availability.

Uploaded by

BiteMe76
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as XLSX, PDF, TXT or read online on Scribd
46 views27 pages

Security Categorization Template Examples

The document is a security questionnaire template for IRCC that was prepared by SA&A Lead Eddie Hatt and SA&A Consultant Clifford Clapp on April 21st, 2021. It contains definitions of potential injury levels from low to high and examples of outages and impacts. It also includes an inventory of IRCC business processes and information assets as well as potential failure scenarios and expected injury levels from loss of confidentiality, integrity, and availability.

Uploaded by

BiteMe76
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as XLSX, PDF, TXT or read online on Scribd
You are on page 1/ 27

IRCC - Security Question Template

SA&A Lead Eddie Hatt

SA&A Consultant Clifford Clapp

Prepared April 21st, 2021


Revision History
Revision Date
Questionnaire Development April 21st, 2021
emplate
Eddie Hatt

ifford Clapp

ril 21st, 2021

Date
April 21st, 2021
Injury Level
Low
Definition The potential injury is low if unauthorized disclosure,
modification or loss of acces to the informatio used
by business could cause no to limited injury to the
business

Qualifiers No to 10 minute outage on iRCC web


page/applications
No to 10 minute outage on IRCC login portal
No to little financial penalty
No to little reputation damage

Injury Type Injury Level


Low
Loss of application/website Users experience slow application response times
availability

Disclosure of protected B Single user or subset of users protected information


information is made available to the public
Injury Level
Medium High
The potential injury is medium if unauthorized The potential injury is high if unauthorized
disclousre, modification or loss of access infomration disclosure, modification, or loss could reasonably
or serviced is impacted. cause serious or gravely injure an individuals,
organization, or group of individuals

30 to 60 minute outage on iRCC web 60 to 180 minute outage on iRCC web


page/applications page/applications
30 to 60 minute outage on IRCC login portal 60 to 180 minute outage on IRCC login portal
Low to moderate financial penalties High to severe financial penalties
Low to moderate reputation damage resulting in loss Moderate to high reputation damage resulting in loss
of confidence of confidence and intervention by a third party

Injury Level
Medium High
Users experience intermittent application Users experience extended periods of application
unavailability unavailability

A moderate number of individuals protected data is Entire tables or databases of protected data are
made available to the public made available to the public
Business Process/Functional Specifications In

Domain Name Description Domain

User Interface Login Portal The loging portal users use to login into the portal. Immigration
Application

Website Website IRCC website Citizenship


Information Assets

Name Description

Immigration Documents that are completed for the immigration process,


documents these can include written documents as well as biometric
information

Documents that are necessary for the citizenship process,


Citizen Application these can include written documents as well as biometric
Documents information
Inventory of Business Processes and information Assets

Business Process/ Business Process Components/


Domain Information Asset Information Asset Components
Website Website Website (Accessed through browser)

Immigration Application Immigration Documents Documents related to the


immigration process
usiness Processes and information Assets

Type (Business
Component Description Process/Information asset) Notes
This is the user facing website Business Process This is referring to the website
where users can navigate to as a whole
and find information related to
the services provided by IRCC

These are documents required Information Asset This is referring to the


by the government of Canada documents used by IRCC to
to process immigration assess an individuals eligibilty
requests. These documents can to immigrate to Canada
include but are not limited to
written forms (Police Checks,
Education history) as well as
biometric information such as
fingerprints
Failure Scenario
(In context of Business Process/Information asset)

The website could become unavailable. This would


prevent individuals from navigating to the website to
find information and/or submitting documenation

Immigration Documentation could be exposed to


individuals that are not authorized to view the
information
Loss of Confi
Domain Failure Scenario Reasonable Injury from Loss of
Confidentiality (Refer to the injury table)

Immigration Immigration Documentation could be Single user or subset of users protected


Application exposed to individuals that are not information is made available to the public
authorized to view the information

Loss of In
Domain Failure Scenario Reasonable Injury from Loss of Integrity
(Refer to the injury table)

Loss of Av
Domain Failure Scenario Reasonable Injury from Loss of Availability
(Refer to the injury table)
Website The website could become unavailable. This Users experience intermittent application
would prevent individuals from navigating unavailability
to the website to find information
Loss of Confidentiality
Expected Level of Injury Injury Example (Refer to the injury table)

Low Sensitive information such as SIN number or


background checks could be exposed to
individuals resulting in potential identity
theft

Loss of Integrity
Expected Level of Injury Injury Example (Refer to the injury table)

Loss of Availability
Expected Level of Injury Injury Example (Refer to the injury table)

Medium Prospective individuals looking to apply for


immigration will not be able to submit
documentation In a timely manner
Analysis

An individuals sensitive data viewed by


unauthorized parties could result in financial
or reputation loss

Analysis

Analysis

The website not being available will


potentially cause delays for users submitting
forms/documents/information pertinent to
the business processes of IRCC

You might also like