|
|
(11 intermediate revisions by the same user not shown) |
Line 1: |
Line 1: |
− | <div class="center"><div style="float: right; z-index: 10; position: absolute; right: 0; top: 1;">[[File:JoinusonGCconnex.png|link=http://gcconnex.gc.ca/groups/profile/2785549/gc-enterprise-security-architecture-gc-esa]]<br />[[File:ESAcontactus.png|link=mailto:ZZTBSCYBERS@tbs-sct.gc.ca]]</div>
| + | {{Delete|reason=Expired Content}} |
− | [[File:GOC ESA.jpg|center|link=http://www.gcpedia.gc.ca/wiki/Government_of_Canada_Enterprise_Security_Architecture_(ESA)_Program]]
| |
− | <div class="center">
| |
− | {| style="border: 2px solid #000000; border-image: none;" width="1000px" | |
− | |-
| |
− | ! style="background: #C495F0; color: black" width="175px" scope="col" " | [[Government of Canada Enterprise Security Architecture (ESA) Program|ESA Program Overview]]
| |
− | ! style="background: #e1caf7; color: black" width="125px" scope="col" " | [[ESA Backgrounder (Strategy)|ESA Foundation]]
| |
− | ! style="background: #e1caf7; color: black" width="125px" scope="col" " | [[ESA Requirements|ESA Artifacts]]
| |
− | ! style="background: #e1caf7; color: black" width="125px" scope="col" " | [[ESA Initiatives|ESA Initiatives]]
| |
− | ! style="background: #e1caf7; color: black" width="125px" scope="col" " | [[ ESA Tools and Templates]]
| |
− | ! style="background: #e1caf7; color: black" width="125px" scope="col" " | [[GC ESA Artifact Repository|ESA Reference Materials]]
| |
− | ! style="background: #e1caf7; color: black" width="100px" scope="col" " | [[ESA Glossary| Glossary]]
| |
− | |}
| |
− | </div></div>
| |
− | | |
− | | |
− | {{TOCright}}
| |
− | | |
− | == Welcome ==
| |
− | Welcome to the Government of Canada (GC) Enterprise Security Architecture (ESA) Program Portal. This portal is designed to help Government of Canada employees familiarize themselves with the GC ESA program by providing detailed, but concise information about the program, its key stakeholders, guiding principles, scope, and much more. It also includes a page with tools and templates to be used by security practitioners and a page with reference materials that provide details about different aspects of the GC ESA program for those interested in learning more about it. At the top of the screen you will find the navigation bar. You can use this bar to easily navigate between pages within the GC ESA Portal and learn more about the GC ESA program. The rest of this page provides a basic overview of the GC ESA program.
| |
− | | |
− | If you have any questions, suggestions or constructive criticism regarding the GC ESA program portal or its content, please feel free to contact us by clicking on the button in the top right corner, labelled "Contact Us". Also, please join our group on GCconnex by clicking on the other button in the top right corner, labelled "Join us on: GCconnex". By doing so, you will receive all of the latest news regarding the GC ESA Program and other related IT security activities, and you will be the first to know about any new tools or resources we create.
| |
− | | |
− | <br>
| |
− | | |
− | == Overview of the GC ESA Program ==
| |
− | [[File:994px-GC Direction and ESA Program.png|497x497px|thumb|GC Direction and the ESA Program]]
| |
− | The GC ESA program is a government-wide initiative to provide a standardized approach to developing IT security architecture, ensuring that basic security blocks are implemented across the enterprise as the infrastructure is being renewed. The image on the right shows how the GC ESA program supports the direction the GC is taking with regards to GC IT security.
| |
− | | |
− | The GC ESA program aims to:
| |
− | * Ensure more cost-effective, interoperable, resilient and secure IT solutions in support of GC enterprise objectives;
| |
− | * Maintain availability of GC systems and services while complying with relevant GC legislation and policy instruments;
| |
− | * Adopt an architecture methodology and approach to ensure common understanding, alignment, and reduce duplication of effort amongst interdepartmental stakeholders;
| |
− | * Ensure security of information, IT infrastructure and applications with the implementation of consistent security controls which reduces total cost of ownership; and
| |
− | * Keep risk at acceptable levels.
| |
− | | |
− | The GC ESA program will serve as a guide to departments and agencies in planning, implementing, and operating their information systems by offering the necessary framework, tools, and templates to design, evaluate, and build an IT security architecture tailored to their organization, in accordance with Communications Security Establishment’s (CSE) [https://www.cse-cst.gc.ca/en/publication/itsg-33 ITSG-33 – IT Security Risk Management: A Lifecycle Approach] and other security industry best practices in the area of architecture, risk management and compliance.
| |
− | | |
− | For more information about the GC ESA Program, please read the [http://www.gcpedia.gc.ca/gcwiki/images/8/81/GC_ESA_Program_Charter.pdf GC ESA Program Charter]or its [[ESA Program Charter|synopsis]].
| |
− | | |
− | <br>
| |
− | == Scope of GC ESA Program ==
| |
− | [[File:Esa scope picture.png|525x525px|thumb|Scope of the ESA Program|left]]
| |
− | As the image on the left shows, the scope of the GC ESA program is high-level, with a focus on enterprise as a whole, but it can also assist with security activities at all layers, in accordance with the [http://www.gcpedia.gc.ca/gcwiki/images/8/81/GC_ESA_Program_Charter.pdf GC ESA Program Charter].
| |
− | | |
− | The GC may develop IT security architectures that can be categorized into three groups based on level of detail:
| |
− | | |
− | '''High-level view''': Artifacts developed at this layer are high-level with GC Enterprise in scope and have a strategic impact. Examples include an Enterprise Security Concept of Operations or a GC Baseline Threat Assessment.
| |
− | | |
− | '''Context-specific view''': Artifacts developed at this layer provide supplementary details, are common, shared or departmental in scope and have a tactical impact. Examples include a specific focus area Security Requirements Traceability Matrix, or a context-specific architecture (e.g. Business Control Profile for a Human Resources System).
| |
− | | |
− | '''Solution view''': Artifacts developed at this layer are very detailed, system-specific in scope and have an operational impact. Examples include a detailed design documentation or a Standard Operating Procedure for a Data Loss Prevention System.
| |
− | | |
− | For more information about the scope of the ESA program, please read the [http://www.gcpedia.gc.ca/gcwiki/images/8/81/GC_ESA_Program_Charter.pdf GC ESA Program Charter]or its [[ESA Program Charter|synopsis]].
| |
− | | |
− | <br>
| |