Changes

Line 37: Line 37:  
The GC ESA program will serve as a guide to departments and agencies in planning, implementing, and operating their information systems by offering the necessary framework, tools, and templates to design, evaluate, and build an IT security architecture tailored to their organization, in accordance with Communications Security Establishment’s (CSE) [https://www.cse-cst.gc.ca/en/publication/itsg-33 ITSG-33 – IT Security Risk Management: A Lifecycle Approach] and other security industry best practices in the area of architecture, risk management and compliance.
 
The GC ESA program will serve as a guide to departments and agencies in planning, implementing, and operating their information systems by offering the necessary framework, tools, and templates to design, evaluate, and build an IT security architecture tailored to their organization, in accordance with Communications Security Establishment’s (CSE) [https://www.cse-cst.gc.ca/en/publication/itsg-33 ITSG-33 – IT Security Risk Management: A Lifecycle Approach] and other security industry best practices in the area of architecture, risk management and compliance.
   −
For more information about the GC ESA Program, please read the [[:en:images/8/81/GC_ESA_Program_Charter.pdf|GC ESA Program Charter]]<nowiki/>or its [[ESA Program Charter|synopsis]].
+
For more information about the GC ESA Program, please read the [[:en:images/8/81/GC_ESA_Program_Charter.pdf|GC ESA Program Charter]] or its [[ESA Program Charter|synopsis]].
 +
 
 +
 
    
<br>
 
<br>
Line 135: Line 137:  
<br>
 
<br>
 
== Integration of the GC ESA into GC IT Security Management Activities ==
 
== Integration of the GC ESA into GC IT Security Management Activities ==
[[File:Integration of esa dept picture.png|512x512px|Integration of ESA into GC IT Security Risk Management Activities |thumb]]The GC ESA program is a key component of IM/IT governance in the Government of Canada. Th<nowiki/>e GC ESA program will use terminology and concepts from CSE’s [https://www.cse-cst.gc.ca/en/publication/itsg-33 IT Security Risk Management: A Lifecycle Approach (ITSG-33)] to enable it integrate IT security in the development of business needs for security and system security architectures.  ITSG-33 defines a set of activities to ensure key steps are continuously performed during the entire <nowiki/>life cycle of the departmental security program and information systems.<nowiki/> It also ensures that risk management is applied <nowiki/>from a business and threat context perspective.  
+
[[File:Integration of esa dept picture.png|512x512px|Integration of ESA into GC IT Security Risk Management Activities |thumb]]The GC ESA program is a key component of IM/IT governance in the Government of Canada. Th<nowiki/>e GC ESA program will use terminology and concepts from CSE’s [https://www.cse-cst.gc.ca/en/publication/itsg-33 IT Security Risk Management: A Lifecycle Approach (ITSG-33)] to enable it integrate IT security in the development of business needs for security and system security architectures.  ITSG-33 defines a set of activities to ensure key steps are continuously performed during the entire <nowiki/>life cycle of the departmental security program and information systems.<nowiki/> It also ensures that risk management is applied <nowiki/>from a business and threat context perspective.
    
The image on the left provides a high-level view of the GC IT Security Risk Management approach.  It is one example of how the ESA supports programs and services in following risk management processes and in remaining compliant.  It demonstrates how ESA artifacts such as blueprints, use cases, and security requirements traceability matrices complement and provide input to departmental IT security risk management artifacts such as a departmental security plan, departmental security control profiles, and departmental threat assessments.  In turn, those artifacts inform the information system security risk management activities that relate to implementation of an information system.  
 
The image on the left provides a high-level view of the GC IT Security Risk Management approach.  It is one example of how the ESA supports programs and services in following risk management processes and in remaining compliant.  It demonstrates how ESA artifacts such as blueprints, use cases, and security requirements traceability matrices complement and provide input to departmental IT security risk management artifacts such as a departmental security plan, departmental security control profiles, and departmental threat assessments.  In turn, those artifacts inform the information system security risk management activities that relate to implementation of an information system.  
    
For more information about how the GC ESA program is being integrated into GC IT security management activities and the IM/IT planning and reporting cycle, please read the [http://www.gcpedia.gc.ca/gcwiki/images/2/20/GC_ESA_Program_Implementation_Framework.pdf GC ESA Program Implementation Framework] or its [[ESA Program Implementation Framework|synopsis]].
 
For more information about how the GC ESA program is being integrated into GC IT security management activities and the IM/IT planning and reporting cycle, please read the [http://www.gcpedia.gc.ca/gcwiki/images/2/20/GC_ESA_Program_Implementation_Framework.pdf GC ESA Program Implementation Framework] or its [[ESA Program Implementation Framework|synopsis]].
  −
<br>
   
== References ==
 
== References ==
* [http://www.gcpedia.gc.ca/gcwiki/images/8/81/GC_ESA_Program_Charter.pdf GC ESA Program Charter]
+
* [[:en:images/8/81/GC_ESA_Program_Charter.pdf|GC ESA Program Charter]]
    
* [http://www.gcpedia.gc.ca/gcwiki/images/a/ae/GC_ESA_Backgrounder.pdf GC ESA Program Backgrounder]
 
* [http://www.gcpedia.gc.ca/gcwiki/images/a/ae/GC_ESA_Backgrounder.pdf GC ESA Program Backgrounder]