Infrastructure Ontario (IO) is a Crown agency of the Province of Ontario whose purpose is to modernize the Province’s public assets. IO operates through four main business lines: Real Estate Services, Infrastructure Lending, Project Delivery and Commercial Projects. The Information Technology (“IT”) team at Infrastructure Ontario supports the organization by providing IT services to manage networks, network security, server and desktop infrastructure and applications.
The cyber security infrastructure at IO is robust, with many key controls in place, and IO continues to invest in additional technology, partnerships and capabilities. Through investments in technology and use of third-parties, IO has augmented its internal team and demonstrated capabilities to detect many of the common cyber-attacks seen within industry today.
IO uses a defense in depth strategy, which leverages multiple layers of cyber security controls (reducing reliance on a single control), surrounding its use of technology to protect the organization. Multi-factor authentication has been implemented with many network security controls in place in terms of perimeter defenses, and technical vulnerabilities are identified on a regular basis.
Security monitoring is provided by a third-party on an ongoing (24/7/365) basis and mandatory cyber security awareness training is conducted semi-annually to ensure personnel remain aware of cyber threats and their responsibility to safeguard the business.
IO has elements of a cybersecurity governance program in place today, with initiatives underway to improve overall visibility, reporting and oversight. IO is moving towards a heightened cybersecurity maturity level to combat and effectively manage the complex and evolving cyber threats facing organizations today. IO continues to expand its overall cyber capabilities in governance, risk and compliance, data protection, secure applications and systems, security testing and monitoring, and identity and access management.