22
edits
Changes
Jump to navigation
Jump to search
Line 134:
Line 134: − +
GC Enterprise Architecture/Framework (view source)
Revision as of 18:30, 10 July 2020
, 18:30, 10 July 2020no edit summary
<b>Build Security into the System Life Cycle, Across All Architectural Layers</b>
<b>Build Security into the System Life Cycle, Across All Architectural Layers</b>
* Identify and [https://www.gcpedia.gc.ca/wiki/Security_Categorization_Tool categorize] information based on the degree of injury that could be expected to result from a compromise of its confidentiality, integrity and availability.
* Identify and [https://www.gcpedia.gc.ca/wiki/Security_Categorization_Tool categorize] information based on the degree of injury that could be expected to result from a compromise of its confidentiality, integrity and availability.
* Implement a continuous security approach, in alignment with CCCS’s IT Security Risk Management Framework. Perform threat modelling to minimize the attack surface by limiting services exposed and information exchanged to the minimum necessary.
* Implement a continuous security approach, in alignment with [https://cyber.gc.ca/en/guidance/it-security-risk-management-lifecycle-approach-itsg-33 CCCS’s IT Security Risk Management Framework]. Perform threat modelling to minimize the attack surface by limiting services exposed and information exchanged to the minimum necessary.
* Apply proportionate security measures that address business and user needs while adequately protecting data at rest and data in transit.
* Apply proportionate security measures that address business and user needs while adequately protecting data at rest and data in transit.
* Design systems to be resilient and available in order to support service continuity.
* Design systems to be resilient and available in order to support service continuity.
