ESA Program Charter

From wiki
Revision as of 08:14, 23 September 2020 by Greggory.elton (talk | contribs)
Jump to navigation Jump to search

Overview of the GC ESA Program Charter

The GC ESA Program Charter describes the ESA initiative and provides a framework to support the delivery of the program and its objectives. The program charter will guide the execution and control of the GC ESA program. It also documents the program's definition and characteristics, as well as provides an overview of the program governance, roles and responsibilities, and high level plans. Its key points are summarized on this page, but for more detail, please read the GC ESA Program Charter.


Context for the Program Charter

The program charter identifies two documents that provide context for and support the development of the GC ESA Program.

Canada's Cyber Security Strategy

Canada's Cyber Security Strategy (CCSS), which was published in 2018, demonstrates the GC's commitment to protecting Canada's cyberspace. CCSS is national in scope and comprises of three fundamental pillars:

  1. Securing Government Systems
  2. Partnering to Secure Vital Cyber Systems Outside the Federal Government
  3. Helping Canada to be Secure Online

CCSS has identified several areas that need to be addressed in terms of securing government systems, including keeping pace with evolving cyber threats, enhancing the security of the GC cyber architecture, addressing global supply chain issues, and improving cyber security education and awareness. The ESA program is focused on dealing with these Pillar 1 activities.

For more information, please read Canada's Cyber Security Strategy.

Strengthening the Security of Federal Cyber Systems: A Backgrounder

As outlined in the Strengthening the Security of Federal Cyber Systems: A Backgrounder (aka the "GC ESA Backgrounder"), enhancing the security posture of GC systems and networks requires a comprehensive IT security strategy that includes developing IT security architecture designs, implementing defence-in-depth IT security capabilities based on these designs, and detecting and effectively responding to cyber threats. It also means ensuring that GC users understand and adhere to applicable security policies and know-how to identify and respond to cyber threats directed at end users. Finally, enhancing the security posture of GC systems requires that the GC understand how the IT landscape is evolving and that it continues to align its IT security strategy with its overall IT strategy.

The Backgrounder describes three fundamental themes:

  1. Improve our understanding of the cyber threat landscape
  2. Strengthen defensive capabilities
  3. Establish incident recover capabilities