802
edits
Changes
Created page with "<div class="center"><div style="float: right; z-index: 10; position: absolute; right: 0; top: 1;">File:JoinusonGCconnex.png|link=http://gcconnex.gc.ca/groups/profile/2785549..."
<div class="center"><div style="float: right; z-index: 10; position: absolute; right: 0; top: 1;">[[File:JoinusonGCconnex.png|link=http://gcconnex.gc.ca/groups/profile/2785549/gc-enterprise-security-architecture-gc-esa]]<br />[[File:ESAcontactus.png|link=mailto:ZZTBSCYBERS@tbs-sct.gc.ca]]</div> [[File:GOC ESA.jpg|center|link=http://www.gcpedia.gc.ca/wiki/Government_of_Canada_Enterprise_Security_Architecture_(ESA)_Program]] <div class="center">
{| style="border: 2px solid #000000; border-image: none;" width="1000px"
|-
! style="background: #e1caf7; color: black" width="20%" scope="col" " width="175px" | [[Government of Canada Enterprise Security Architecture (ESA) Program|ESA Program Overview]]
! style="background: #C495F0; color: black" width="20%" scope="col" " width="125px" | [[ESA Backgrounder (Strategy)|ESA Foundation]]
! style="background: #e1caf7; color: black" width="20%" scope="col" " width="125px" | [[ESA Requirements|ESA Artifacts]]
! style="background: #e1caf7; color: black" width="20%" scope="col" " width="125px" | [[ESA Initiatives|ESA Initiatives]]
! style="background: #e1caf7; color: black" width="20%" scope="col" " width="125px" | [[ ESA Tools and Templates]]
! style="background: #e1caf7; color: black" width="20%" scope="col" " width="125px" | [[GC ESA Artifact Repository|ESA Reference Materials]]
! style="background: #e1caf7; color: black" width="20%" scope="col" " width="100px" | [[ESA Glossary| Glossary]]
|}
{| style="border-bottom: #000000 2px solid; border-left: #000000 2px solid; border-right: #000000 2px solid" width="1000px"
|-
! style="background: #c2c2fa; color: black" width="25%" scope="col" " width="225px" | [[ESA Backgrounder (Strategy)| ESA Backgrounder]]
! style="background: #c2c2fa; color: black" width="25%" scope="col" " width="225px" | [[ESA Program Charter| ESA Program Charter]]
! style="background: #9a9af8; color: black" width="25%" scope="col" " width="325px" | [[ESA Program Implementation Framework| ESA Program Implementation Framework]]
! style="background: #c2c2fa; color: black" width="25%" scope="col" " width="225px" | [[ESA Framework| ESA Framework]]
|}
{| style="border-bottom: #000000 2px solid; border-left: #000000 2px solid; border-right: #000000 2px solid" width="1000px"
|-
! style="background: #d7d7d7; color: black" width="14%" scope="col" " width="225px" | [[ESA Program Processes]]
! style="background: #d7d7d7; color: black" width="14%" scope="col" " width="325px" | [[ESA Program Life Cycle Integration]]
! style="background: #969696; color: black" width="14%" scope="col" " width="225px" | [[Operational Scenarios]]
! style="background: #d7d7d7; color: black" width="14%" scope="col" " width="225px" | [[Foundational Disciplines]]
|}
</div></div>
{{TOCright}}
== Operational Scenarios ==
This section of the [http://www.gcpedia.gc.ca/gcwiki/images/2/20/GC_ESA_Program_Implementation_Framework.pdf GC ESA Program Implementation Framework] provides a brief description of the operational scenarios and key processes and activities required to support the delivery of the ESA Program activities. To learn more about them, please read the [http://www.gcpedia.gc.ca/gcwiki/images/2/20/GC_ESA_Program_Implementation_Framework.pdf GC ESA Program Implementation Framework]. A detailed description of the stakeholders and their roles and responsibilities are further outlined in the [http://www.gcpedia.gc.ca/gcwiki/images/8/81/GC_ESA_Program_Charter.pdf GC ESA Program Charter].
<br>
== IT Security Risk Management Activities ==
The image below details the proposed GC IT security risk management activities and outputs that can help departments with security risk management processes and information system security integration processes outlined in CSE's [https://www.cse-cst.gc.ca/en/publication/itsg-33 ITSG-33: IT Security Risk Management: A Lifecycle Approach]. It includes the following activities:
# Develop GC Enterprise Threat Assessment
# Define GC Enterprise security needs and requirements
# Develop target and transition architectures
# Develop use cases and patterns
# Develop Security Requirements Traceability Matrix (SRTM) and Security Controls Mapping Matrix (SCMM)
# Monitoring and Oversight
For more details about these and other activities, please read the [http://www.gcpedia.gc.ca/gcwiki/images/2/20/GC_ESA_Program_Implementation_Framework.pdf ESA Program Implementation Framework].
[[File:GC IT Security Risk Management Process.PNG|centre|thumb|713x713px|GC IT Security Risk Management Process]]
<br>
== ESA Trade Study Criteria and Process ==
This section identifies suggested criteria for use in trade studies to select products for an initiative. A trade study (aka "options analysis") is developed to identify the most appropriate technical solutions among a set of proposed optional solutions, with the goal of finding a balance between the requirements, constraints, project or program limitations, and the technical functionality that could be adopted. The trade study process would use a tool or spreadsheet, like the one pictured below, for an underlying detailed analysis that would capture the evaluation method, required justifications, and algorithm for calculating the score for each criterion. For more information about the trade study criteria and process for the ESA program, please read the [http://www.gcpedia.gc.ca/gcwiki/images/2/20/GC_ESA_Program_Implementation_Framework.pdf GC ESA Program Implementation Framework].
[[File:Trade Study Results Table.PNG|centre|thumb|694x694px|Trade Study Results Table]]
<br>
== References ==
* [http://www.gcpedia.gc.ca/gcwiki/images/8/81/GC_ESA_Program_Charter.pdf GC ESA Program Charter]
* [http://www.gcpedia.gc.ca/gcwiki/images/2/20/GC_ESA_Program_Implementation_Framework.pdf GC ESA Program Implementation Framework]
* [https://www.cse-cst.gc.ca/en/publication/itsg-33 ITSG-33: IT Security Risk Management: A Lifecycle Approach]
[[Category:Government of Canada Enterprise Security Architecture (ESA) Program]]
[[Category:Enterprise Security Architecture]]
{| style="border: 2px solid #000000; border-image: none;" width="1000px"
|-
! style="background: #e1caf7; color: black" width="20%" scope="col" " width="175px" | [[Government of Canada Enterprise Security Architecture (ESA) Program|ESA Program Overview]]
! style="background: #C495F0; color: black" width="20%" scope="col" " width="125px" | [[ESA Backgrounder (Strategy)|ESA Foundation]]
! style="background: #e1caf7; color: black" width="20%" scope="col" " width="125px" | [[ESA Requirements|ESA Artifacts]]
! style="background: #e1caf7; color: black" width="20%" scope="col" " width="125px" | [[ESA Initiatives|ESA Initiatives]]
! style="background: #e1caf7; color: black" width="20%" scope="col" " width="125px" | [[ ESA Tools and Templates]]
! style="background: #e1caf7; color: black" width="20%" scope="col" " width="125px" | [[GC ESA Artifact Repository|ESA Reference Materials]]
! style="background: #e1caf7; color: black" width="20%" scope="col" " width="100px" | [[ESA Glossary| Glossary]]
|}
{| style="border-bottom: #000000 2px solid; border-left: #000000 2px solid; border-right: #000000 2px solid" width="1000px"
|-
! style="background: #c2c2fa; color: black" width="25%" scope="col" " width="225px" | [[ESA Backgrounder (Strategy)| ESA Backgrounder]]
! style="background: #c2c2fa; color: black" width="25%" scope="col" " width="225px" | [[ESA Program Charter| ESA Program Charter]]
! style="background: #9a9af8; color: black" width="25%" scope="col" " width="325px" | [[ESA Program Implementation Framework| ESA Program Implementation Framework]]
! style="background: #c2c2fa; color: black" width="25%" scope="col" " width="225px" | [[ESA Framework| ESA Framework]]
|}
{| style="border-bottom: #000000 2px solid; border-left: #000000 2px solid; border-right: #000000 2px solid" width="1000px"
|-
! style="background: #d7d7d7; color: black" width="14%" scope="col" " width="225px" | [[ESA Program Processes]]
! style="background: #d7d7d7; color: black" width="14%" scope="col" " width="325px" | [[ESA Program Life Cycle Integration]]
! style="background: #969696; color: black" width="14%" scope="col" " width="225px" | [[Operational Scenarios]]
! style="background: #d7d7d7; color: black" width="14%" scope="col" " width="225px" | [[Foundational Disciplines]]
|}
</div></div>
{{TOCright}}
== Operational Scenarios ==
This section of the [http://www.gcpedia.gc.ca/gcwiki/images/2/20/GC_ESA_Program_Implementation_Framework.pdf GC ESA Program Implementation Framework] provides a brief description of the operational scenarios and key processes and activities required to support the delivery of the ESA Program activities. To learn more about them, please read the [http://www.gcpedia.gc.ca/gcwiki/images/2/20/GC_ESA_Program_Implementation_Framework.pdf GC ESA Program Implementation Framework]. A detailed description of the stakeholders and their roles and responsibilities are further outlined in the [http://www.gcpedia.gc.ca/gcwiki/images/8/81/GC_ESA_Program_Charter.pdf GC ESA Program Charter].
<br>
== IT Security Risk Management Activities ==
The image below details the proposed GC IT security risk management activities and outputs that can help departments with security risk management processes and information system security integration processes outlined in CSE's [https://www.cse-cst.gc.ca/en/publication/itsg-33 ITSG-33: IT Security Risk Management: A Lifecycle Approach]. It includes the following activities:
# Develop GC Enterprise Threat Assessment
# Define GC Enterprise security needs and requirements
# Develop target and transition architectures
# Develop use cases and patterns
# Develop Security Requirements Traceability Matrix (SRTM) and Security Controls Mapping Matrix (SCMM)
# Monitoring and Oversight
For more details about these and other activities, please read the [http://www.gcpedia.gc.ca/gcwiki/images/2/20/GC_ESA_Program_Implementation_Framework.pdf ESA Program Implementation Framework].
[[File:GC IT Security Risk Management Process.PNG|centre|thumb|713x713px|GC IT Security Risk Management Process]]
<br>
== ESA Trade Study Criteria and Process ==
This section identifies suggested criteria for use in trade studies to select products for an initiative. A trade study (aka "options analysis") is developed to identify the most appropriate technical solutions among a set of proposed optional solutions, with the goal of finding a balance between the requirements, constraints, project or program limitations, and the technical functionality that could be adopted. The trade study process would use a tool or spreadsheet, like the one pictured below, for an underlying detailed analysis that would capture the evaluation method, required justifications, and algorithm for calculating the score for each criterion. For more information about the trade study criteria and process for the ESA program, please read the [http://www.gcpedia.gc.ca/gcwiki/images/2/20/GC_ESA_Program_Implementation_Framework.pdf GC ESA Program Implementation Framework].
[[File:Trade Study Results Table.PNG|centre|thumb|694x694px|Trade Study Results Table]]
<br>
== References ==
* [http://www.gcpedia.gc.ca/gcwiki/images/8/81/GC_ESA_Program_Charter.pdf GC ESA Program Charter]
* [http://www.gcpedia.gc.ca/gcwiki/images/2/20/GC_ESA_Program_Implementation_Framework.pdf GC ESA Program Implementation Framework]
* [https://www.cse-cst.gc.ca/en/publication/itsg-33 ITSG-33: IT Security Risk Management: A Lifecycle Approach]
[[Category:Government of Canada Enterprise Security Architecture (ESA) Program]]
[[Category:Enterprise Security Architecture]]