Risk Management using ITSG-33
Upcoming SlideShare
Loading in...5
×

Like this? Share it with your network

Share

Risk Management using ITSG-33

  • 706 views
Uploaded on

This presentation addresses managing risk within a department or company by leveraging Federal Government security standards as found in Communication Security Establishment Canada publication......

This presentation addresses managing risk within a department or company by leveraging Federal Government security standards as found in Communication Security Establishment Canada publication Information Technology Security Guidance (ITSG-33). Specifically, this session discusses ITSG-33 at a high level and industry risk management principles and GC approaches to risk management; including Integrated Risk Management as promoted by GC. The session discusses security in the various phases found throughout the system and system development lifecycles.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
706
On Slideshare
697
From Embeds
9
Number of Embeds
1

Actions

Shares
Downloads
6
Comments
0
Likes
0

Embeds 9

http://www.ctesolutions.com 9

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Risk Management Using ITSG-33 Security Standards The Smarter Everyday project is owned and operated by CTE Solutions Inc. 1
  • 2. ITSG-33 Overview Copyright 2014 Intrinsec Security 2
  • 3. ITSG Contents Copyright 2014 Intrinsec Security 3
  • 4. GC Risk Management Copyright 2014 Intrinsec Security 4
  • 5. System Lifecycle Copyright 2014 Intrinsec Security 5
  • 6. System Development Lifecycle When does Risk Management get introduced in your department? Copyright 2014 Intrinsec Security 6
  • 7. ITSG-33 Lifecycle Approach Copyright 2014 Intrinsec Security 7
  • 8. ITSG-33 Objectives Copyright 2014 Intrinsec Security 8
  • 9. Depar tmental IT Security Risk Copyright 2014 Intrinsec Security 9
  • 10. Information System Security Risk Copyright 2014 Intrinsec Security 10
  • 11. Establishing Depar tmental Security Copyright 2014 Intrinsec Security 11
  • 12. Defining Scope Copyright 2014 Intrinsec Security 12
  • 13. Identifying Security Needs Copyright 2014 Intrinsec Security 13
  • 14. Categorize the security Copyright 2014 Intrinsec Security 14
  • 15. TRA Methodology Copyright 2014 Intrinsec Security 15
  • 16. IT security threat assessment Copyright 2014 Intrinsec Security 16
  • 17. ITSG Deliberate Threat Categories Copyright 2014 Intrinsec Security 17
  • 18. A note about Threat Assessments Copyright 2014 Intrinsec Security 18
  • 19. Specify security control objectives Copyright 2014 Intrinsec Security 19
  • 20. Develop departmental security control Copyright 2014 Intrinsec Security 20
  • 21. Departmental security control profiles Copyright 2014 Intrinsec Security 21
  • 22. Define business domains Copyright 2014 Intrinsec Security 22
  • 23. Define IT security approaches Copyright 2014 Intrinsec Security 23
  • 24. Depar tmental security control profiles Copyright 2014 Intrinsec Security 24
  • 25. Approve the security control profiles Copyright 2014 Intrinsec Security 25
  • 26. Security Controls Copyright 2014 Intrinsec Security 26
  • 27. Continuous Assessment Activities Copyright 2014 Intrinsec Security 27
  • 28. Continuous Assessment Note • • Special Note regarding Continuous Assessment. Although some activities can be performed in realtime (e.g. Security Incident and Event Management (SIEM)), not all assessments need to be performed in real-time and can be performed manually (e.g. assessing backup procedures). Further reading? NIST 800-37: ISCM for Federal Information Systems and Organizations Copyright 2014 Intrinsec Security 28
  • 29. Security Categorization Process Copyright 2014 Intrinsec Security 29
  • 30. Categorization Levels Copyright 2014 Intrinsec Security 30
  • 31. Security Categorization Steps Copyright 2014 Intrinsec Security 31
  • 32. Categorization Step One Copyright 2014 Intrinsec Security 32
  • 33. Categorization Step Two Copyright 2014 Intrinsec Security 33
  • 34. Categorization Step Three Copyright 2014 Intrinsec Security 34
  • 35. Categorization Step Four Copyright 2014 Intrinsec Security 35
  • 36. Conclusion • We have spent just one hour on the ITSG-33 Security Guidance Documentation. • To access the ITSG-33 documentation, access: http://www.cse-cst.gc.ca/its-sti/publications/itsgcsti/index-eng.html • Intrinsec Training covers all 5 appendices and has extensive labs. For further ITSG-33 training information, speak with your CTE Solutions representative. Copyright 2014 Intrinsec Security 36
  • 37. TECHNICAL Training with impact Microsoft VMware Cloud Computing IT and Cyber Security CompTIA Java ProgrammingLanguages Novell UNIX MANAGEME BUSINESS Change Management TOGAF NT Enterprise Architecture ITIL COBiT Agile and Scrum Business Analysis Project Management 37 Communication Skills Leadership Skills Negotiation Skills Problem Solving Skills Facilitation Skills and many more…
  • 38. CTE Solutions Inc. - Ottawa 11 Holland Avenue, Suite 100 Ottawa, Ontario, K1Y 4S1   Tel: (613) 798-5353 Toll Free: 1 (866) 635-5353 Fax: (613) 798-5574     CTE Solutions Inc. - Toronto 77 Bloor St. West, Suite 1406 Toronto, Ontario M5S 1M2   Tel: (416) 284-2700 Toll Free: 1 (866) 635-5353 Fax: (416) 284-6797 38