Changes

Jump to navigation Jump to search
Created page with "<div class="center"><div style="float: right; z-index: 10; position: absolute; right: 0; top: 1;">File:JoinusonGCconnex.png|link=http://gcconnex.gc.ca/groups/profile/2785549..."
<div class="center"><div style="float: right; z-index: 10; position: absolute; right: 0; top: 1;">[[File:JoinusonGCconnex.png|link=http://gcconnex.gc.ca/groups/profile/2785549/gc-enterprise-security-architecture-gc-esa]]<br />[[File:ESAcontactus.png|link=mailto:ZZTBSCYBERS@tbs-sct.gc.ca]]</div>
[[File:GOC ESA.jpg|center|link=http://www.gcpedia.gc.ca/wiki/Government_of_Canada_Enterprise_Security_Architecture_(ESA)_Program]]
<div class="center">
{| style="border: 2px solid #000000; border-image: none;" width="1000px"
|-
! style="background: #e1caf7; color: black" width="20%" scope="col" " width="175px" | [[Government of Canada Enterprise Security Architecture (ESA) Program|ESA Program Overview]]
! style="background: #C495F0; color: black" width="20%" scope="col" " width="125px" | [[ESA Backgrounder (Strategy)|ESA Foundation]]
! style="background: #e1caf7; color: black" width="20%" scope="col" " width="125px" | [[ESA Requirements|ESA Artifacts]]
! style="background: #e1caf7; color: black" width="20%" scope="col" " width="125px" | [[Cloud Security Initiative|ESA Initiatives]]
! style="background: #e1caf7; color: black" width="20%" scope="col" " width="125px" | [[ ESA Tools and Templates]]
! style="background: #e1caf7; color: black" width="20%" scope="col" " width="125px" | [[GC ESA Artifact Repository|ESA Reference Materials]]
! style="background: #e1caf7; color: black" width="20%" scope="col" " width="100px" | [[ESA Glossary| Glossary]]
|}
{| style="border-bottom: #000000 2px solid; border-left: #000000 2px solid; border-right: #000000 2px solid" width="1000px"
|-
! style="background: #c2c2fa; color: black" width="25%" scope="col" " width="225px" | [[ESA Backgrounder (Strategy)| ESA Backgrounder]]
! style="background: #c2c2fa; color: black" width="25%" scope="col" " width="225px" | [[ESA Program Charter| ESA Program Charter]]
! style="background: #9a9af8; color: black" width="25%" scope="col" " width="325px" | [[ESA Program Implementation Framework| ESA Program Implementation Framework]]
! style="background: #c2c2fa; color: black" width="25%" scope="col" " width="225px" | [[ESA Framework| ESA Framework]]
|}
{| style="border-bottom: #000000 2px solid; border-left: #000000 2px solid; border-right: #000000 2px solid" width="1000px"
|-
! style="background: #d7d7d7; color: black" width="14%" scope="col" " width="225px" | [[ESA Program Processes]]
! style="background: #d7d7d7; color: black" width="14%" scope="col" " width="325px" | [[ESA Program Life Cycle Integration]]
! style="background: #d7d7d7; color: black" width="14%" scope="col" " width="225px" | [[Operational Scenarios]]
! style="background: #d7d7d7; color: black" width="14%" scope="col" " width="225px" | [[Foundational Disciplines]]
|}
</div></div>


{{TOCright}}

== Overview of the ESA Program Implementation Framework ==
The purpose of the GC ESA Program Implementation Framework is to describe the processes required to support the successful delivery and integration of security across the GC. The primary target audience for this Framework is GC executives, managers, departmental security officials and security practitioners, senior IT/IS architects, and IT practitioners tasked with ensuring the security of the GC enterprise IT/IS infrastructure in the short-term and improving its long-term security in response to the evolving threat landscape. This page will provide an overview of the ESA Program Implementation Framework. For more details about the Framework, please read the [http://www.gcpedia.gc.ca/gcwiki/images/2/20/GC_ESA_Program_Implementation_Framework.pdf GC ESA Program Implementation Framework].

<br>

== The ESA Program ==
[[File:ESA Program.PNG|thumb|424x424px|ESA Program Implementation Framework|left]]
The GC [[Government of Canada Enterprise Security Architecture (ESA) Program|Enterprise Security Architecture (ESA) Program]] has been established as a government-wide initiative to provide a standardized approach to developing IT security architectures, ensuring basic security building blocks are implemented across the enterprise as the infrastructure is being renewed. As shown on the left, the focus of the ESA program is the development and maintenance of an enterprise IT security architecture vision, strategy, and designs, led by TBS, in collaboration with CSE and SSC, in order to achieve Pillar 1, Securing GC Systems, of [http://www.publicsafety.gc.ca/cnt/rsrcs/pblctns/cbr-scrt-strtgy/index-eng.aspx Canada's Cyber Security Strategy (CCSS)]:

'''Architecture Vision:''' The architecture vision is captured in the [http://www.gcpedia.gc.ca/gcwiki/images/1/17/GC_ESA_Vision_and_Strategy.pdf GC ESA Program Vision and Strategy] document. The [http://www.gcpedia.gc.ca/gcwiki/images/4/47/GC_ESA_Definition_Document_%28ESADD%29_-_Main_Body.pdf GC ESA Description Document (ESADD)] supports the vision and organizes security functions into a number of functional groups known as Enterprise Security Focus Areas (ESFAs). A companion document, the [http://www.gcpedia.gc.ca/gcwiki/images/a/ac/GC_ESA_ConOps_-_Main_Body.pdf GC ESA Concept of Operations (ESA ConOps)] presents the operational view of the GC enterprise IT/IS environment to drive development of policy instruments and processes, and describe the ESA program from the viewpoint of the user community.

'''Strategy:''' The GC ESA Roadmap defines a set of enterprise security initiatives and their dependencies intended to meet the GC IT/IS enterprise security vision and objectives. Each initiative incorporates processes and technical capabilities defined in one or more ESFAs, and identifies required policy instruments necessary for the initiative to succeed. A separate workplan document, updated quarterly, defines shorter term objectives and milestones.

'''Set of Designs:''' Each initiative is documented by an Operational Concept (OpsCon) that presents the operational (people and process) view of the initiative, an Implementation Strategy that defines a roadmap for the initiative and, for initiatives with technical content, a High-Level Design (HLD) that provides an implementation-independent description of the technology. Additional implementation-specific artifacts are developed during implementation.

Technology alone is not sufficient to secure an enterprise. Of equal importance are the '''people''' who use GC IT/IS resources, the '''processes''' they follow to ensure secure operation, and the '''policies''' mandating GC IT/IS enterprise improvement activities, assigning expectation and responsibilities, and ensuring sufficient funding is available to realize the ESA Program vision, as shown in the image on the left.

For more information about the GC ESA Program and its implementation framework, please read the [http://www.gcpedia.gc.ca/gcwiki/images/2/20/GC_ESA_Program_Implementation_Framework.pdf GC ESA Program Implementation Framework].

<br>

== ESA Program Processes ==
The [http://www.gcpedia.gc.ca/gcwiki/images/2/20/GC_ESA_Program_Implementation_Framework.pdf ESA Program Implementation Framework] describes some of the strategies that will help implement the ESA program to meet GC strategic objectives. It focuses on the processes required to support the successful delivery of the program. For more information about these processes, please read the [[ESA Program Processes|GC ESA Program Processes]] page.

<br>

== ESA Program Artifacts ==
The [http://www.gcpedia.gc.ca/gcwiki/images/2/20/GC_ESA_Program_Implementation_Framework.pdf ESA Program Implementation Framework] provides an overview of the main artifacts that support the delivery of the ESA program. The three major themes are GC ESA governance and management, GC ESA planning, and GC ESA initiatives. For more information about these artifacts, please read the [[ESA Program Artifacts|GC ESA Program Artifacts]] page.

<br>

== ESA Tools and Templates ==

To facilitate the integration of security into existing business practices and processes, the ESA program will develop a set of tools and templates that can be used by practitioners.

Available [[ESA Tools and Templates]] can be found [[ESA Tools and Templates|here]].

=== ''Architecture Repository'' ===
An architecture repository can be used to store different architectural outputs. It includes reference architectures, models, and patterns that have been accepted for use within the department. An Architecture Repository will allow architects to reuse as much as possible to avoid duplication of efforts and artifacts. For more information about the architecture repository, please read the [http://www.gcpedia.gc.ca/gcwiki/images/2/20/GC_ESA_Program_Implementation_Framework.pdf ESA Program Implementation Framework].

=== ''Requirements Management Tool'' ===
This tool supports the architecture development process and it would help develop, visualize, communicate, and manage architectural artifacts, and facilitate the reuse of these components. A single "one size fits all" tool is advantageous because it would allow reduced training, shared licenses, quantity discounts, maintenance, and easier data interchange. An analysis on the option for an architecture and/or requirements management tool will be performed to identify the most effective tool to manage the ESA program artifacts. The GC ESA Tools Report discusses a number of tool considerations for various aspects of the ESA program. For more information about the benefits of a requirements management tool, please read the [http://www.gcpedia.gc.ca/gcwiki/images/2/20/GC_ESA_Program_Implementation_Framework.pdf ESA Program Implementation Framework].

<br>

== ESA Program Life Cycle Integration ==
Security must be considered an integral part of normal project and systems development planning cycles. It is important that IT security architectures are derived from an analysis of the business requirements for security, especially those in which security has an enabling function through which new business opportunities can be developed and exploited. This section of the [http://www.gcpedia.gc.ca/gcwiki/images/2/20/GC_ESA_Program_Implementation_Framework.pdf ESA Program Implementation Framework] provides a brief description of how security can be integrated into various life cycles of the ESA Program. For more information about this, please read the [[ESA Program Life Cycle Integration]] page.

<br>

== Operational Scenarios ==
This section of the [http://www.gcpedia.gc.ca/gcwiki/images/2/20/GC_ESA_Program_Implementation_Framework.pdf ESA Program Implementation Framework] provides a brief description of the operational scenarios and key processes and activities required to support the delivery of the ESA Program activities. To learn more about them, please read the [[Operational Scenarios]] page. A detailed description of the stakeholders and their roles and responsibilities are further outlined in the [http://www.gcpedia.gc.ca/gcwiki/images/8/81/GC_ESA_Program_Charter.pdf ESA Program Charter].

<br>

== References ==
* [http://www.gcpedia.gc.ca/gcwiki/images/8/81/GC_ESA_Program_Charter.pdf GC ESA Program Charter]
* [[Media:GC ESA Program Implementation Framework.pdf|GC ESA Program Implementation Framework]]
* [http://www.gcpedia.gc.ca/gcwiki/images/1/17/GC_ESA_Vision_and_Strategy.pdf GC ESA Vision and Strategy]
* [[Media:GC ESA Framework.pdf|GC ESA Framework]]
* [http://www.gcpedia.gc.ca/gcwiki/images/a/a9/GC_ESA_System_Operational_Concept_Document_Template_%28May_2015%29.doc System Concept (SysCon) Template]
* [http://www.gcpedia.gc.ca/gcwiki/images/3/34/GC_ESA_Concept_of_Operations_Template_%28May_2015%29.doc Concept of Operations (ConOps) Template]
* [http://www.gcpedia.gc.ca/gcwiki/images/1/14/GC_ESA_Enterprise_Threat_Assessment_v1.0.pdf GC ESA Enterprise Threat Assessment]
* [http://www.gcpedia.gc.ca/gcwiki/images/8/89/GC_ESA_Requirements_Database_Overview.pdf GC ESA Requirements Database Overview]
* [https://www.publicsafety.gc.ca/cnt/rsrcs/pblctns/cbr-scrt-strtgy/index-eng.aspx Canada's Cyber Security Strategy (CCSS)]
* [https://www.cse-cst.gc.ca/en/publication/itsg-33 ITSG-33 - IT Security Risk Management: A Lifecycle Approach]
[[Category:Government of Canada Enterprise Security Architecture (ESA) Program|P]]
[[Category:Enterprise Security Architecture]]

Navigation menu

GCwiki