Line 351: |
Line 351: |
| * Ensure security of information, IT infrastructure and applications with the implementation of consistent security controls which reduces total cost of ownership; and | | * Ensure security of information, IT infrastructure and applications with the implementation of consistent security controls which reduces total cost of ownership; and |
| * Keep risk at acceptable levels. | | * Keep risk at acceptable levels. |
− | The GC ESA program will serve as a guide to departments and agencies in planning, implementing, and operating their information systems by offering the necessary framework, tools, and templates to design, evaluate, and build an IT security architecture tailored to their organization, in accordance with Communications Security Establishment’s (CSE) ITSG-33 – IT Security Risk Management: A Lifecycle Approach and other security industry best practices in the area of architecture, risk management and compliance. | + | The GC ESA program will serve as a guide to departments and agencies in planning, implementing, and operating their information systems by offering the necessary framework, tools, and templates to design, evaluate, and build an IT security architecture tailored to their organization, in accordance with Communications Security Establishment’s (CSE) [https://cyber.gc.ca/en/guidance/it-security-risk-management-lifecycle-approach-itsg-33 ITSG-33 – IT Security Risk Management: A Lifecycle Approach] and other security industry best practices in the area of architecture, risk management and compliance. |
| | | |
| A lot more information can be found here: | | A lot more information can be found here: |
− | | + | * [https://www.gcpedia.gc.ca/wiki/Government_of_Canada_Enterprise_Security_Architecture_(ESA)_Program; Government of Canada Enterprise Security Architecture (ESA) Program and here:] |
− | · Government of Canada Enterprise Security Architecture (ESA) Program and here:
| + | * [https://www.gcpedia.gc.ca/gcwiki/images/a/ac/GC_ESA_Description_Document_%28ESADD%29_-_Main_Body.pdf GC ESA Description Document Main Body -- Synopsis]<br><br> |
− | | + | <h4><b>Build Security into the Full System Life Cycle, Across All Architectural Layers</b></h4> |
− | · GC ESA Description Document Main Body -- Synopsis<br><br><h4><b>Build Security into the Full System Life Cycle, Across All Architectural Layers</b></h4>
| |
| * Identify and classify risks associated to the service’s business objectives, goals, and strategy | | * Identify and classify risks associated to the service’s business objectives, goals, and strategy |
| * Design security measures according to business and user needs, risks identified, and security categorization of the information and assets; integrate security across all architectural layers (BIAT) | | * Design security measures according to business and user needs, risks identified, and security categorization of the information and assets; integrate security across all architectural layers (BIAT) |