The City of Toronto offers multiple services over the internet and is expanding its technology landscape to residents, businesses, and visitors. The City’s Technology Services Division (TSD), and Office of Chief Information Security Officer (OCISO) are enhancing cybersecurity and implementing a standardized approach for the design and delivery of information technology (IT) solutions to provide enhanced and secure experiences for residents, businesses, visitors, and City staff.
The approach will first focus on standardizing processes and applications within City divisions, before extending to agencies and corporations.
The following steps have been taken:
More changes are planned, such as:
Cyberattacks can have devastating effects, resulting in an inability to deliver critical services, stolen personal data, financial losses, risk of legal lawsuits and reputational damage. To improve cybersecurity considerably, the City must change in three key areas:
In 2019, City Council adopted AU4.1: Cyber Safety: A Robust Cybersecurity Program Needed to Mitigate Current and Emerging Threats. City Council directed the Chief Technology Officer to take an expanded City-wide role and mandate to provide support, oversight and direction on standards, practices and policies to all City Divisions and certain agencies and corporations. The City has rolled out mandatory cyber security awareness training to help City staff recognize and report cyber threats and learn how to safely use the City’s IT systems and assets. In addition, the City has implemented enhanced password rules and will continue to proactively run vulnerability assessments, penetration testing and threat risk assessment services to identify and manage cyber risks. TSD conducted Disaster Recovery (DR) activities to assess current gaps and standardize DR services.
TSD and the OCISO meet with select City agencies and corporations to discuss best practices relating to technology and cyber security standardization.
The use of data and technology has equity implications predominantly associated with:
Technology and Cybersecurity Standardization is aligned with the City’s Digital Infrastructure Strategic Framework (DISF), which establishes guidelines that foster digital inclusion and integrates digital equity considerations into the decision-making process. The DISF includes an Equity and Inclusion Principle, supports the City of Toronto Data for Equity Strategy, and directs the City to use Digital Infrastructure to create and sustain equity and inclusion.
Interim Chief Technology Officer
Chief Information Security Officer