586
edits
Changes
Jump to navigation
Jump to search
Line 115:
Line 115: − + − − <s>Security architecture and privacy has always been an important but often poorly addressed aspect of solution design. However, for the successful implementation of the GC Enterprise Ecosystem Target Architecture depends on a proper security architectural implementation. Legacy systems based on monolithic architectures often had simplistic approaches to mitigating security risks. The future digitally enabled GC services will support a diverse community and have interoperating components spread across multiple environments. It is critical that security be built into all processes and across all architectural layers.</s> Line 136:
Line 134: − − === <s>Privacy by Design</s> === − * <s>Perform Privacy Impact Assessment (PIA) to support risk mitigation activities when personal information is involved</s> − * <s>Perform Algorithmic Impact Assessment (AIA) to support risk mitigation activities when deploying an automated decision system as per Directive on Automated Decision Making. For more info, please go to this link</s> − * <s>Implement security measures to assure the protection of personal information and data</s> − * <s>Take into consideration the 7 Foundational Privacy Design Principles (English only) when designing services</s> − <nowiki>*</nowiki>The Open Group Architecture Framework (TOGAF) is a framework for enterprise architecture that provides an approach for designing, planning, implementing, and governing an enterprise information technology architecture. TOGAF has been adopted by the Government of Canada.{{OCIO_GCEA_Footer}}+
GC Enterprise Architecture/Framework (view source)
Revision as of 11:06, 6 October 2020
, 11:06, 6 October 2020→Security Architecture and Privacy
* Include your users and other stakeholders as part of DevSecOps process
* Include your users and other stakeholders as part of DevSecOps process
== Security Architecture <s>and Privacy</s> ==
== Security Architecture ==
The GC Enterprise Security Architecture (ESA) program is a government-wide initiative to provide a standardized approach to developing IT security architecture, ensuring that basic security blocks are implemented across the enterprise as the infrastructure is being renewed.
The GC Enterprise Security Architecture (ESA) program is a government-wide initiative to provide a standardized approach to developing IT security architecture, ensuring that basic security blocks are implemented across the enterprise as the infrastructure is being renewed.
=== Build Security into the System Life Cycle, Across All Architectural Layers ===
=== Build Security into the System Life Cycle, Across All Architectural Layers ===
* Enable event logging, in accordance with GC Event Logging Guidance, and perform monitoring of systems and services in order to detect, prevent, and respond to attacks.
* Enable event logging, in accordance with GC Event Logging Guidance, and perform monitoring of systems and services in order to detect, prevent, and respond to attacks.
* Establish an incident management plan in alignment with the GC Cyber Security Event Management Plan (GC CSEMP) and report incidents to the Canadian Centre for Cyber Security (CCCS).
* Establish an incident management plan in alignment with the GC Cyber Security Event Management Plan (GC CSEMP) and report incidents to the Canadian Centre for Cyber Security (CCCS).
== EA Framework Playbook ==
== EA Framework Playbook ==
Here is an [[GC Enterprise Architecture/Playbook#1. Business Architecture|archived version of the playbook]] that was developed for the original EA assessment Criteria. It will updated to align the updated EA Framework once it is approved at GC EARB.
Here is an [[GC Enterprise Architecture/Playbook#1. Business Architecture|archived version of the playbook]] that was developed for the original EA assessment Criteria. It will updated to align the updated EA Framework once it is approved at GC EARB.
{{OCIO_GCEA_Footer}}
