To facilitate the integration of security into existing business practices and processes, a set of tools and templates have been developed to support practitioners when implementing their IT security risk management activities.
The following tools are currently available:
- Security Categorization Tool
- Business Needs for Security Tool
- Threat Assessment Tool
- GC ESA Enterprise Threat Assessment - This document provides a framework for the balanced consideration of system exposure, threat vectors, GC-wide threat scenarios, and common vocabulary. It provides a baseline of considerations that should be included when conducting departmental Threat and Risk Assessments. These considerations look at all aspects of IT systems security to ensure that information system security controls are not over or underspecified.