The business impact of a unified cyber security plan

The City of Guelph, located in Southwestern Ontario, has a growing, diverse population of close to 150,000 people. As the City continues to expand, so have their cyber security and privacy needs, with an emphasis on strategy and execution.

The City of Guelph initially approached MNP to address its payment card industry (PCI) compliance. The clearly articulated solution prompted the City to continue the partnership, hiring MNP to assess its cyber security program.

The City’s IT management team realized it was caught in a legacy mindset around cyber security, where established procedures were followed but not updated to match evolving threats. While the internal team was knowledgeable and skilled, it was small, and required more expertise and focused ability to seek out and become familiar with alternative solutions. As well, the connection between meeting the growing business needs of the City and the technology to support them, lacked definition; the team needed an advisor who could articulate the business case of upgrading technology to City management and council.

“We realized that we were stuck in a legacy mindset still, that legacy mindset was one of continually doing the same things, and it was because we didn’t know what we didn’t know.”
– David Boyle, Manager of Information Technology Infrastructure Operations, City of Guelph

MNP conducted a cyber security maturity assessment, developing a baseline approach using the case controls. We sat with the IT team to find out their challenges, what the gaps were, and what impacts a cyber breach would have using their current technology. The maturity assessment was then communicated to senior management as well as council, to determine the organization’s big-picture priorities around recovery and operations.

MNP demonstrated cyber security was a business issue, not simply an IT issue, bringing forward a case to establish a framework and a multi-year cyber security strategy program. The development of a three-year strategy cycle enabled the city to prioritize assets in terms of security solutions, response actions, and discussions going forward with executives and leadership. As the solution implementation continues forward, the plan has been staggered by design to conform with the City’s budgetary requirements.

“The relationship with MNP allowed us to get out of that circular mindset and into more of a progressive evolution.”
– David Boyle, Manager of Information Technology Infrastructure Operations, City of Guelph