Line 109: |
Line 109: |
| For more information about the ESA program key stakeholders and the relationship of the ESA program governance to the GC security governance, please read the [[:en:images/8/81/GC_ESA_Program_Charter.pdf|GC ESA Program Charter]] or its [[ESA Program Charter|synopsis]]. | | For more information about the ESA program key stakeholders and the relationship of the ESA program governance to the GC security governance, please read the [[:en:images/8/81/GC_ESA_Program_Charter.pdf|GC ESA Program Charter]] or its [[ESA Program Charter|synopsis]]. |
| [[File:ESA Governance Structure.png|centre|thumb|616x616px|ESA Program Governance and GC security governance]] | | [[File:ESA Governance Structure.png|centre|thumb|616x616px|ESA Program Governance and GC security governance]] |
| + | |
| + | <br> |
| + | == GC IT Security Strategy Vision and Guiding Principles == |
| + | The GC is taking steps to transform the current disparate and aging IT infrastructure into an integrated, secure, modern and agile environment that will provide citizens, partners and our workforce with reliable and trusted access to GC programs and services. The overall vision of the GC IT security strategy is:<blockquote>'''''A modern, secure and resilient GC enterprise infrastructure enabling the trusted delivery of internal and external GC programs and services.'''''</blockquote>There are a number of fundamental principles that will guide the formation and evolution of the GC IT security strategy in order to realise this vision, including: |
| + | * The GC needs to increase its understanding of the cyber threat landscape to devise better and more comprehensive security defences; |
| + | |
| + | * Security will be applied in a more consistent manner; |
| + | |
| + | * The GC must not act in isolation; |
| + | |
| + | * The GC will improve its information sharing and collaboration capabilities; |
| + | |
| + | * Security must be considered through all phases of the development life cycle, not bolted on afterwards; |
| + | |
| + | * The GC must seek an appropriate balance between security, the associated cost and the end-user experience; |
| + | |
| + | * Defence in depth will remain a key tenet of enterprise security; and |
| + | |
| + | * The GC needs to be agile and adapt to a constantly changing threat environment. |
| + | |
| + | The ESA program will provide support to the broader GC IT security strategy and its transformation initiatives using a proactive approach to build an infrastructure that will address threats, technologies, and business requirements as they change over time and develop flexible and dynamic architectures that enable faster adoption of new use models and capabilities, while providing security across and increasingly complex environment and changing threat landscape. |
| + | |
| + | For more information about the GC IT Security Strategy Vision and Guiding Principles, please read the [http://www.gcpedia.gc.ca/gcwiki/images/a/ae/GC_ESA_Backgrounder.pdf GC ESA Backgrounder] or its [[ESA Backgrounder (Strategy)|synopsis]] |
| | | |
| <br> | | <br> |