Difference between revisions of "ESA Framework Actors"
Jump to navigation
Jump to search
(Created page with "<div class="center"><div style="float: right; z-index: 10; position: absolute; right: 0; top: 1;">File:JoinusonGCconnex.png|link=http://gcconnex.gc.ca/groups/profile/2785549...") |
(No difference)
|
Revision as of 08:36, 7 April 2021
Enterprise Actors
As defined by The Open Group Architecture Framework (TOGAF), an actor is "a person, organization, or system that has a role that initiates or interacts with activities." Actors may be internal or external to an organization. The list below originates from the GC ESA Concept of Operations (ConOps) document, and defines a set of notional Enterprise Actors. The set of actors will remain constant even though GC roles may change over time or vary by department. A single GC role may assume multiple responsibilities or a responsibility may be shared by multiple roles. This is not an exhaustive list of actors and should be modified as appropriate. For more information, please read the GC ESA Framework and/or GC ESA ConOps document.
Actor | GC Roles | Definition | Responsibilities |
80px | Deputy Head | The highest-level senior official or executive within an organization. |
|
80px | Department Security Officer | The risk executive is an individual or group within an organization that helps to ensure that: (i) risk-related considerations for individual information systems, including authorization decisions, are viewed from an organization-wide perspective with regard to the overall strategic goals and objectives of the organization in carrying out its core missions and business functions; and (ii) information system-related security risks are consistently managed across the organization, reflect organizational risk tolerance, and are considered along with other types of risks in order to ensure mission/business success. |
|
70px | CIO | A senior official designated by the senior organization official to represent the organization on matters relating to IT management. |
|
80px | Organizational official with legislative, management, or operational authority for specified information. |
| |
80px | IM Functional Specialist | Individual or group that ensures the careful and responsible management of federal information belonging to the federal government, regardless of the entity or source that may have originated, created, or compiled the information. |
|
80px | Organizational official representing the information security interests of the CIO who heads an office with the mission and resources to assist the organization in achieving more secure information and information systems. |
| |
80px | Senior official or executive with the authority to formally assume responsibility for operating an information system at an acceptable level of risk to organizational operations and assets, individuals, other organizations, and the Nation. |
| |
80px | An individual, group, or organization responsible for the development, implementation, assessment, and monitoring of common controls |
| |
80px | Program Owner; Service Provider | Organizational official responsible for the procurement, development, integration, modification, operation, maintenance, and disposal of an information system, also called 'Program Manager'. |
|
80px | IT Security Coordinator | Individual with assigned responsibility for maintaining the appropriate operational security posture for an information system or program, and the principal advisor on all matters, technical and otherwise, involving the security of an information system. |
|
80px | Liaison between the enterprise architect and the information system security engineer, who also coordinates between information system owners, common control providers, and information system security officers on the allocation of security controls as system-specific, hybrid, or common controls. |
| |
80px | An individual, group, or organization responsible for conducting information system security engineering activities |
| |
80px | An individual, group, or organization responsible for conducting a comprehensive, independent assessment of the management, operational, and technical security controls employed within or inherited by an information system to determine the overall effectiveness of the controls |
| |
80px | Responsible for the protection of privacy for an organization. |
| |
80px | Interprets Canadian and international law, provides guidance to organizational activities, participates in investigation and lawful pursuits, and is an integral part of contract negotiations |
| |
80px | Handles activities related to people in the organization, including conduct, compensation, development, performance management, motivation, safety, wellness, benefits, hiring, training, organizational development, and communications. |
| |
80px | Audits federal government operations, looks for compliance from a security perspective, from a contract perspective, and from a privacy perspective, and conducts independent analysis. |
| |
80px | Any users, including GC employees, contractors, trusted partners, and public users, accessing an IT/IS asset directly or via a service. |
| |
80px | Personnel responsible for developing, integrating, and testing IT/IS solutions prior to introduction to the production environment. |
| |
80px | Insider Threat | Any user, including a black hat hacker inside or outside the enterprise, unauthorized or authorized users, and privileged users, attempting to exploit the IT/IS assets with the goal of unauthorized access, distribution, modification, or deletion of GC content, and/or to prevention of access to GC information. |
|