Difference between revisions of "ESA Tools and Templates"

From wiki
Jump to navigation Jump to search
(Created page with "<div class="center"><div style="float: right; z-index: 10; position: absolute; right: 0; top: 1;">File:JoinusonGCconnex.png|link=http://gcconnex.gc.ca/groups/profile/2785549...")
(No difference)

Revision as of 08:34, 14 April 2021

Introduction

The ESA Program has created a set of tools and templates in order to support GC security practitioners, architects and project managers (see chart below). On this page and its sub-pages you will find information related to how the ESA program fits into both the Project Lifecycle, the System Lifecycle, and the Systems Development Lifecycle (SDLC). In addition, the ESA Program tools provided are linked where appropriate. You can also learn more about each tool by exploring the linked sub-pages in the navigation bar above. Each sub-page provides a description of the tools and documents the ESA Program has created so far. On these sub-pages you will also find direct download links for the tools themselves to help you get started with making your IT system secure!

These tools and templates can be used as part of the following activities:

Project Lifecycle
System Lifecycle



The Government of Canada (GC) Chief Information Officer (CIO) also plays a key role in these activities, in ensuring the efficient and effective governance and oversight of GC enterprise services. As per the Section 4.4 of the Policy on Service and Digital, “the CIO of Canada is responsible for Cyber-Security and Identity including executing decisions on the management of cyber security risks on behalf of the Government of Canada and directing a deputy head to implement a specific response to cyber security events, including assessing whether there has been a privacy breach, implementing security controls, and ensuring that systems that put the Government of Canada at risk are disconnected or removed, when warranted.” The GC CIO plays an advisory role to Deputy Heads for conducting governance, risk and compliance activities for the delivery of GC services.

Authorization of enterprise GC-wide systems and ensuring that they maintain their authorization state is a key activity required as part of the IT security risk management process. Please refer to the Guideline for Authorization of Enterprise Systems link provided below for the authorization of GC enterprise IT services offered by one or more enterprise service provider organizations.



References