Changes

Jump to navigation Jump to search
no edit summary
Line 134: Line 134:  
<b>Build Security into the System Life Cycle, Across All Architectural Layers</b>
 
<b>Build Security into the System Life Cycle, Across All Architectural Layers</b>
 
* Identify and [https://www.gcpedia.gc.ca/wiki/Security_Categorization_Tool categorize] information based on the degree of injury that could be expected to result from a compromise of its confidentiality, integrity and availability.
 
* Identify and [https://www.gcpedia.gc.ca/wiki/Security_Categorization_Tool categorize] information based on the degree of injury that could be expected to result from a compromise of its confidentiality, integrity and availability.
* Implement a continuous security approach, in alignment with CCCS’s IT Security Risk Management Framework. Perform threat modelling to minimize the attack surface by limiting services exposed and information exchanged to the minimum necessary.
+
* Implement a continuous security approach, in alignment with [https://cyber.gc.ca/en/guidance/it-security-risk-management-lifecycle-approach-itsg-33 CCCS’s IT Security Risk Management Framework]. Perform threat modelling to minimize the attack surface by limiting services exposed and information exchanged to the minimum necessary.
 
* Apply proportionate security measures that address business and user needs while adequately protecting data at rest and data in transit.  
 
* Apply proportionate security measures that address business and user needs while adequately protecting data at rest and data in transit.  
 
* Design systems to be resilient and available in order to support service continuity.
 
* Design systems to be resilient and available in order to support service continuity.

Navigation menu

GCwiki