802
edits
Changes
Government of Canada Enterprise Security Architecture (ESA) Program (view source)
Revision as of 09:33, 25 August 2020
, 09:33, 25 August 2020→Overview of the GC ESA Program
The GC ESA program will serve as a guide to departments and agencies in planning, implementing, and operating their information systems by offering the necessary framework, tools, and templates to design, evaluate, and build an IT security architecture tailored to their organization, in accordance with Communications Security Establishment’s (CSE) [https://www.cse-cst.gc.ca/en/publication/itsg-33 ITSG-33 – IT Security Risk Management: A Lifecycle Approach] and other security industry best practices in the area of architecture, risk management and compliance.
The GC ESA program will serve as a guide to departments and agencies in planning, implementing, and operating their information systems by offering the necessary framework, tools, and templates to design, evaluate, and build an IT security architecture tailored to their organization, in accordance with Communications Security Establishment’s (CSE) [https://www.cse-cst.gc.ca/en/publication/itsg-33 ITSG-33 – IT Security Risk Management: A Lifecycle Approach] and other security industry best practices in the area of architecture, risk management and compliance.
For more information about the GC ESA Program, please read the [http://www.gcpedia.gc.ca/gcwiki/images/8/81/GC_ESA_Program_Charter.pdf GC ESA Program Charter]or its [[ESA Program Charter|synopsis]].
For more information about the GC ESA Program, please read the [[:en:images/8/81/GC_ESA_Program_Charter.pdf|GC ESA Program Charter]]<nowiki/>or its [[ESA Program Charter|synopsis]].
<br>
<br>
'''Solution view''': Artifacts developed at this layer are very detailed, system-specific in scope and have an operational impact. Examples include a detailed design documentation or a Standard Operating Procedure for a Data Loss Prevention System.
'''Solution view''': Artifacts developed at this layer are very detailed, system-specific in scope and have an operational impact. Examples include a detailed design documentation or a Standard Operating Procedure for a Data Loss Prevention System.
For more information about the scope of the ESA program, please read the [http://www.gcpedia.gc.ca/gcwiki/images/8/81/GC_ESA_Program_Charter.pdf GC ESA Program Charter]or its [[ESA Program Charter|synopsis]].
For more information about the scope of the ESA program, please read the [[:en:images/8/81/GC_ESA_Program_Charter.pdf|GC ESA Program Charter]]<nowiki/>or its [[ESA Program Charter|synopsis]].
<br>
<br>
* Insufficient resources.
* Insufficient resources.
For a more detailed explanation of the benefits and risks of the GC IT security strategy and ESA program, please read the [http://www.gcpedia.gc.ca/gcwiki/images/1/17/GC_ESA_Vision_and_Strategy.pdf GC ESA Program Vision and Strategy] document.
For a more detailed explanation of the benefits and risks of the GC IT security strategy and ESA program, please read the [http://www.gcpedia.gc.ca/gcwiki/images/1/17/GC_ESA_Vision_and_Strategy.pdf GC ESA Program Vision and Strategy] document.
== Key Stakeholders and Governance Structure of the GC ESA Program ==
== Key Stakeholders and Governance Structure of the GC ESA Program ==
[[File:ESA Program Key Stakeholders.png|left|thumb|461x461px|ESA Program Key Stakeholders]]
[[File:ESA Program Key Stakeholders.png|left|thumb|461x461px|ESA Program Key Stakeholders]]
The image below depicts the relationship of the IT Security Tripartite with the current GC Security Governance Structure. The scope of the GC Security Structure is much broader than IT. The IT Security Tripartite consists of members from ADM Security and Identity Committee (ADM SIDC) and the Lead Security Agency Steering Committee (LSA SC). The IT Security Tripartite aligns through the LSA SC and ADM SIDC. Communication is required to both the Departmental Security Officer and IT Security Coordinator communities, as well as to the Chief Information Officer Council (CIOC), which is the GC CIO's advisory body.
The image below depicts the relationship of the IT Security Tripartite with the current GC Security Governance Structure. The scope of the GC Security Structure is much broader than IT. The IT Security Tripartite consists of members from ADM Security and Identity Committee (ADM SIDC) and the Lead Security Agency Steering Committee (LSA SC). The IT Security Tripartite aligns through the LSA SC and ADM SIDC. Communication is required to both the Departmental Security Officer and IT Security Coordinator communities, as well as to the Chief Information Officer Council (CIOC), which is the GC CIO's advisory body.
For more information about the ESA program key stakeholders and the relationship of the ESA program governance to the GC security governance, please read the [http://www.gcpedia.gc.ca/gcwiki/images/8/81/GC_ESA_Program_Charter.pdf GC ESA Program Charter] or its [[ESA Program Charter|synopsis]].
For more information about the ESA program key stakeholders and the relationship of the ESA program governance to the GC security governance, please read the [[:en:images/8/81/GC_ESA_Program_Charter.pdf|GC ESA Program Charter]] or its [[ESA Program Charter|synopsis]].
[[File:ESA Governance Structure.png|centre|thumb|616x616px|ESA Program Governance and GC security governance]]
[[File:ESA Governance Structure.png|centre|thumb|616x616px|ESA Program Governance and GC security governance]]
<br>
<br>