Difference between revisions of "ESA Program Implementation Framework"
(Created page with "<div class="center"><div style="float: right; z-index: 10; position: absolute; right: 0; top: 1;">File:JoinusonGCconnex.png|link=http://gcconnex.gc.ca/groups/profile/2785549...") |
(No difference)
|
Revision as of 08:31, 7 April 2021
ESA Program Overview | ESA Foundation | ESA Artifacts | ESA Initiatives | ESA Tools and Templates | ESA Reference Materials | Glossary |
---|
ESA Backgrounder | ESA Program Charter | ESA Program Implementation Framework | ESA Framework |
---|
ESA Program Processes | ESA Program Life Cycle Integration | Operational Scenarios | Foundational Disciplines |
---|
Overview of the ESA Program Implementation Framework
The purpose of the GC ESA Program Implementation Framework is to describe the processes required to support the successful delivery and integration of security across the GC. The primary target audience for this Framework is GC executives, managers, departmental security officials and security practitioners, senior IT/IS architects, and IT practitioners tasked with ensuring the security of the GC enterprise IT/IS infrastructure in the short-term and improving its long-term security in response to the evolving threat landscape. This page will provide an overview of the ESA Program Implementation Framework. For more details about the Framework, please read the GC ESA Program Implementation Framework.
The ESA Program
The GC Enterprise Security Architecture (ESA) Program has been established as a government-wide initiative to provide a standardized approach to developing IT security architectures, ensuring basic security building blocks are implemented across the enterprise as the infrastructure is being renewed. As shown on the left, the focus of the ESA program is the development and maintenance of an enterprise IT security architecture vision, strategy, and designs, led by TBS, in collaboration with CSE and SSC, in order to achieve Pillar 1, Securing GC Systems, of Canada's Cyber Security Strategy (CCSS):
Architecture Vision: The architecture vision is captured in the GC ESA Program Vision and Strategy document. The GC ESA Description Document (ESADD) supports the vision and organizes security functions into a number of functional groups known as Enterprise Security Focus Areas (ESFAs). A companion document, the GC ESA Concept of Operations (ESA ConOps) presents the operational view of the GC enterprise IT/IS environment to drive development of policy instruments and processes, and describe the ESA program from the viewpoint of the user community.
Strategy: The GC ESA Roadmap defines a set of enterprise security initiatives and their dependencies intended to meet the GC IT/IS enterprise security vision and objectives. Each initiative incorporates processes and technical capabilities defined in one or more ESFAs, and identifies required policy instruments necessary for the initiative to succeed. A separate workplan document, updated quarterly, defines shorter term objectives and milestones.
Set of Designs: Each initiative is documented by an Operational Concept (OpsCon) that presents the operational (people and process) view of the initiative, an Implementation Strategy that defines a roadmap for the initiative and, for initiatives with technical content, a High-Level Design (HLD) that provides an implementation-independent description of the technology. Additional implementation-specific artifacts are developed during implementation.
Technology alone is not sufficient to secure an enterprise. Of equal importance are the people who use GC IT/IS resources, the processes they follow to ensure secure operation, and the policies mandating GC IT/IS enterprise improvement activities, assigning expectation and responsibilities, and ensuring sufficient funding is available to realize the ESA Program vision, as shown in the image on the left.
For more information about the GC ESA Program and its implementation framework, please read the GC ESA Program Implementation Framework.
ESA Program Processes
The ESA Program Implementation Framework describes some of the strategies that will help implement the ESA program to meet GC strategic objectives. It focuses on the processes required to support the successful delivery of the program. For more information about these processes, please read the GC ESA Program Processes page.
ESA Program Artifacts
The ESA Program Implementation Framework provides an overview of the main artifacts that support the delivery of the ESA program. The three major themes are GC ESA governance and management, GC ESA planning, and GC ESA initiatives. For more information about these artifacts, please read the GC ESA Program Artifacts page.
ESA Tools and Templates
To facilitate the integration of security into existing business practices and processes, the ESA program will develop a set of tools and templates that can be used by practitioners.
Available ESA Tools and Templates can be found here.
Architecture Repository
An architecture repository can be used to store different architectural outputs. It includes reference architectures, models, and patterns that have been accepted for use within the department. An Architecture Repository will allow architects to reuse as much as possible to avoid duplication of efforts and artifacts. For more information about the architecture repository, please read the ESA Program Implementation Framework.
Requirements Management Tool
This tool supports the architecture development process and it would help develop, visualize, communicate, and manage architectural artifacts, and facilitate the reuse of these components. A single "one size fits all" tool is advantageous because it would allow reduced training, shared licenses, quantity discounts, maintenance, and easier data interchange. An analysis on the option for an architecture and/or requirements management tool will be performed to identify the most effective tool to manage the ESA program artifacts. The GC ESA Tools Report discusses a number of tool considerations for various aspects of the ESA program. For more information about the benefits of a requirements management tool, please read the ESA Program Implementation Framework.
ESA Program Life Cycle Integration
Security must be considered an integral part of normal project and systems development planning cycles. It is important that IT security architectures are derived from an analysis of the business requirements for security, especially those in which security has an enabling function through which new business opportunities can be developed and exploited. This section of the ESA Program Implementation Framework provides a brief description of how security can be integrated into various life cycles of the ESA Program. For more information about this, please read the ESA Program Life Cycle Integration page.
Operational Scenarios
This section of the ESA Program Implementation Framework provides a brief description of the operational scenarios and key processes and activities required to support the delivery of the ESA Program activities. To learn more about them, please read the Operational Scenarios page. A detailed description of the stakeholders and their roles and responsibilities are further outlined in the ESA Program Charter.
References
- GC ESA Program Charter
- GC ESA Program Implementation Framework
- GC ESA Vision and Strategy
- GC ESA Framework
- System Concept (SysCon) Template
- Concept of Operations (ConOps) Template
- GC ESA Enterprise Threat Assessment
- GC ESA Requirements Database Overview
- Canada's Cyber Security Strategy (CCSS)
- ITSG-33 - IT Security Risk Management: A Lifecycle Approach