Difference between revisions of "ESA Tools and Templates"

From wiki
Jump to navigation Jump to search
(Created page with "<div class="center"><div style="float: right; z-index: 10; position: absolute; right: 0; top: 1;">File:JoinusonGCconnex.png|link=http://gcconnex.gc.ca/groups/profile/2785549...")
Line 16: Line 16:
{{Delete|reason=Expired Content}}
== Introduction ==
The ESA Program has created a set of tools and templates in order to support GC security practitioners, architects and project managers (see chart below). On this page and its sub-pages you will find information related to how the ESA program fits into both the Project Lifecycle, the System Lifecycle, and the Systems Development Lifecycle (SDLC). In addition, the ESA Program tools provided are linked where appropriate. You can also learn more about each tool by exploring the linked sub-pages in the navigation bar above. Each sub-page provides a description of the tools and documents the ESA Program has created so far. On these sub-pages you will also find direct download links for the tools themselves to help you get started with making your IT system secure!
These tools and templates can be used as part of the following activities:
<div class="toccolours mw-collapsible mw-collapsed" style="width:100%">
'''Project Lifecycle''' <div class="mw-collapsible-content">
---- {{:ESA and the Project Lifecycle}} </div></div>
<div class="toccolours mw-collapsible mw-collapsed" style="width:100%">
'''System Lifecycle''' <div class="mw-collapsible-content">
---- {{:ESA and the System Lifecycle}} </div></div>
The Government of Canada (GC) Chief Information Officer (CIO) also plays a key role in these activities, in ensuring the efficient and effective governance and oversight of GC enterprise services. As per the Section 4.4 of the [https://www.tbs-sct.gc.ca/pol/doc-eng.aspx?id=32603 Policy on Service and Digital], “the CIO of Canada is responsible for Cyber-Security and Identity including executing decisions on the management of cyber security risks on behalf of the Government of Canada and directing a deputy head to implement a specific response to cyber security events, including assessing whether there has been a privacy breach, implementing security controls, and ensuring that systems that put the Government of Canada at risk are disconnected or removed, when warranted.” The GC CIO plays an advisory role to Deputy Heads for conducting governance, risk and compliance activities for the delivery of GC services.
Authorization of enterprise GC-wide systems and ensuring that they maintain their authorization state is a key activity required as part of the IT security risk management process. Please refer to the Guideline for Authorization of Enterprise Systems link provided below for the authorization of GC enterprise IT services offered by one or more enterprise service provider organizations.
* [[Media: Guideline for Authorization of Enterprise Systems.pdf| Guideline for Authorization of Enterprise Systems]]
== References ==
* [[Media:ITSG-33 Primer for IT Projects.pdf|ITSG-33 Primer for IT Projects]]
* [https://www.cse-cst.gc.ca/en/node/265/html/22839 Annex 2 in ITSG-33 - IT Security Risk Management: A Lifecycle Approach]
[[Category:Government of Canada Enterprise Security Architecture (ESA) Program]]
[[Category:Enterprise Security Architecture]]

Latest revision as of 12:39, 20 April 2021