Changes

Jump to navigation Jump to search
no edit summary
Line 132: Line 132:     
For more information about the GC IT Security Strategy Vision and Guiding Principles, please read the [http://www.gcpedia.gc.ca/gcwiki/images/a/ae/GC_ESA_Backgrounder.pdf GC ESA Backgrounder] or its [[ESA Backgrounder (Strategy)|synopsis]]
 
For more information about the GC IT Security Strategy Vision and Guiding Principles, please read the [http://www.gcpedia.gc.ca/gcwiki/images/a/ae/GC_ESA_Backgrounder.pdf GC ESA Backgrounder] or its [[ESA Backgrounder (Strategy)|synopsis]]
 +
 +
<br>
 +
== Integration of the GC ESA into GC IT Security Management Activities ==
 +
[[File:Integration of esa dept picture.png|512x512px|Integration of ESA into GC IT Security Risk Management Activities |thumb]]The GC ESA program is a key component of IM/IT governance in the Government of Canada. Th<nowiki/>e GC ESA program will use terminology and concepts from CSE’s [https://www.cse-cst.gc.ca/en/publication/itsg-33 IT Security Risk Management: A Lifecycle Approach (ITSG-33)] to enable it integrate IT security in the development of business needs for security and system security architectures.  ITSG-33 defines a set of activities to ensure key steps are continuously performed during the entire <nowiki/>life cycle of the departmental security program and information systems.<nowiki/> It also ensures that risk management is applied <nowiki/>from a business and threat context perspective.
 +
 +
The image on the left provides a high-level view of the GC IT Security Risk Management approach.  It is one example of how the ESA supports programs and services in following risk management processes and in remaining compliant.  It demonstrates how ESA artifacts such as blueprints, use cases, and security requirements traceability matrices complement and provide input to departmental IT security risk management artifacts such as a departmental security plan, departmental security control profiles, and departmental threat assessments.  In turn, those artifacts inform the information system security risk management activities that relate to implementation of an information system.
 +
 +
For more information about how the GC ESA program is being integrated into GC IT security management activities and the IM/IT planning and reporting cycle, please read the [http://www.gcpedia.gc.ca/gcwiki/images/2/20/GC_ESA_Program_Implementation_Framework.pdf GC ESA Program Implementation Framework] or its [[ESA Program Implementation Framework|synopsis]].
    
<br>
 
<br>

Navigation menu

GCwiki