|
|
| Line 26: |
Line 26: |
| | </div></div> | | </div></div> |
| | | | |
| − | {{TOCright}} | + | {{Delete|reason=Expired Content}} |
| − | | |
| − | == Operational Scenarios ==
| |
| − | This section of the [http://www.gcpedia.gc.ca/gcwiki/images/2/20/GC_ESA_Program_Implementation_Framework.pdf GC ESA Program Implementation Framework] provides a brief description of the operational scenarios and key processes and activities required to support the delivery of the ESA Program activities. To learn more about them, please read the [http://www.gcpedia.gc.ca/gcwiki/images/2/20/GC_ESA_Program_Implementation_Framework.pdf GC ESA Program Implementation Framework]. A detailed description of the stakeholders and their roles and responsibilities are further outlined in the [http://www.gcpedia.gc.ca/gcwiki/images/8/81/GC_ESA_Program_Charter.pdf GC ESA Program Charter].
| |
| − | | |
| − | <br>
| |
| − | | |
| − | == IT Security Risk Management Activities ==
| |
| − | The image below details the proposed GC IT security risk management activities and outputs that can help departments with security risk management processes and information system security integration processes outlined in CSE's [https://www.cse-cst.gc.ca/en/publication/itsg-33 ITSG-33: IT Security Risk Management: A Lifecycle Approach]. It includes the following activities:
| |
| − | # Develop GC Enterprise Threat Assessment
| |
| − | # Define GC Enterprise security needs and requirements
| |
| − | # Develop target and transition architectures
| |
| − | # Develop use cases and patterns
| |
| − | # Develop Security Requirements Traceability Matrix (SRTM) and Security Controls Mapping Matrix (SCMM)
| |
| − | # Monitoring and Oversight
| |
| − | For more details about these and other activities, please read the [http://www.gcpedia.gc.ca/gcwiki/images/2/20/GC_ESA_Program_Implementation_Framework.pdf ESA Program Implementation Framework].
| |
| − | [[File:GC IT Security Risk Management Process.PNG|centre|thumb|713x713px|GC IT Security Risk Management Process]]
| |
| − | | |
| − | <br>
| |
| − | | |
| − | == ESA Trade Study Criteria and Process ==
| |
| − | This section identifies suggested criteria for use in trade studies to select products for an initiative. A trade study (aka "options analysis") is developed to identify the most appropriate technical solutions among a set of proposed optional solutions, with the goal of finding a balance between the requirements, constraints, project or program limitations, and the technical functionality that could be adopted. The trade study process would use a tool or spreadsheet, like the one pictured below, for an underlying detailed analysis that would capture the evaluation method, required justifications, and algorithm for calculating the score for each criterion. For more information about the trade study criteria and process for the ESA program, please read the [http://www.gcpedia.gc.ca/gcwiki/images/2/20/GC_ESA_Program_Implementation_Framework.pdf GC ESA Program Implementation Framework].
| |
| − | [[File:Trade Study Results Table.PNG|centre|thumb|694x694px|Trade Study Results Table]]
| |
| − | | |
| − | <br>
| |
| − | | |
| − | == References ==
| |
| − | * [http://www.gcpedia.gc.ca/gcwiki/images/8/81/GC_ESA_Program_Charter.pdf GC ESA Program Charter]
| |
| − | * [http://www.gcpedia.gc.ca/gcwiki/images/2/20/GC_ESA_Program_Implementation_Framework.pdf GC ESA Program Implementation Framework]
| |
| − | * [https://www.cse-cst.gc.ca/en/publication/itsg-33 ITSG-33: IT Security Risk Management: A Lifecycle Approach]
| |
| − | | |
| − | [[Category:Government of Canada Enterprise Security Architecture (ESA) Program]]
| |
| − | [[Category:Enterprise Security Architecture]]
| |
