Risk Management Using ITSG-33
Security Standards
The Smarter Everyday project is owned and operated by CTE Solutions Inc.
...
ITSG-33 Overview

Copyright 2014 Intrinsec Security

2
ITSG Contents

Copyright 2014 Intrinsec Security

3
GC Risk Management

Copyright 2014 Intrinsec Security

4
System Lifecycle

Copyright 2014 Intrinsec Security

5
System Development
Lifecycle

When does Risk Management get introduced in your department?
Copyright 2014 Intrinsec Securi...
ITSG-33 Lifecycle Approach

Copyright 2014 Intrinsec Security

7
ITSG-33 Objectives

Copyright 2014 Intrinsec Security

8
Depar tmental IT Security Risk

Copyright 2014 Intrinsec Security

9
Information System Security Risk

Copyright 2014 Intrinsec Security

10
Establishing Depar tmental
Security

Copyright 2014 Intrinsec Security

11
Defining Scope

Copyright 2014 Intrinsec Security

12
Identifying Security Needs

Copyright 2014 Intrinsec Security

13
Categorize the security

Copyright 2014 Intrinsec Security

14
TRA Methodology

Copyright 2014 Intrinsec Security

15
IT security threat assessment

Copyright 2014 Intrinsec Security

16
ITSG Deliberate Threat
Categories

Copyright 2014 Intrinsec Security

17
A note about Threat Assessments

Copyright 2014 Intrinsec Security

18
Specify security control objectives

Copyright 2014 Intrinsec Security

19
Develop departmental security control

Copyright 2014 Intrinsec Security

20
Departmental security control profiles

Copyright 2014 Intrinsec Security

21
Define business domains

Copyright 2014 Intrinsec Security

22
Define IT security approaches

Copyright 2014 Intrinsec Security

23
Depar tmental security control
profiles

Copyright 2014 Intrinsec Security

24
Approve the security control
profiles

Copyright 2014 Intrinsec Security

25
Security Controls

Copyright 2014 Intrinsec Security

26
Continuous Assessment Activities

Copyright 2014 Intrinsec Security

27
Continuous Assessment Note
•

•

Special Note regarding Continuous Assessment.
Although some activities can be performed i...
Security Categorization Process

Copyright 2014 Intrinsec Security

29
Categorization Levels

Copyright 2014 Intrinsec Security

30
Security Categorization Steps

Copyright 2014 Intrinsec Security

31
Categorization Step One

Copyright 2014 Intrinsec Security

32
Categorization Step Two

Copyright 2014 Intrinsec Security

33
Categorization Step Three

Copyright 2014 Intrinsec Security

34
Categorization Step Four

Copyright 2014 Intrinsec Security

35
Conclusion
•

We have spent just one hour on the ITSG-33 Security
Guidance Documentation.

• To access the ITSG-33 documen...
TECHNICAL

Training with impact

Microsoft
VMware
Cloud Computing
IT and Cyber Security
CompTIA
Java ProgrammingLanguages
...
CTE Solutions Inc. - Ottawa
11 Holland Avenue, Suite 100
Ottawa, Ontario, K1Y 4S1
 
Tel: (613) 798-5353
Toll Free: 1 (866)...
Upcoming SlideShare
Loading in...5
×

Risk Management using ITSG-33

496

Published on

This presentation addresses managing risk within a department or company by leveraging Federal Government security standards as found in Communication Security Establishment Canada publication Information Technology Security Guidance (ITSG-33). Specifically, this session discusses ITSG-33 at a high level and industry risk management principles and GC approaches to risk management; including Integrated Risk Management as promoted by GC. The session discusses security in the various phases found throughout the system and system development lifecycles.

Published in: Education, Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
496
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
8
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Transcript of "Risk Management using ITSG-33"

  1. 1. Risk Management Using ITSG-33 Security Standards The Smarter Everyday project is owned and operated by CTE Solutions Inc. 1
  2. 2. ITSG-33 Overview Copyright 2014 Intrinsec Security 2
  3. 3. ITSG Contents Copyright 2014 Intrinsec Security 3
  4. 4. GC Risk Management Copyright 2014 Intrinsec Security 4
  5. 5. System Lifecycle Copyright 2014 Intrinsec Security 5
  6. 6. System Development Lifecycle When does Risk Management get introduced in your department? Copyright 2014 Intrinsec Security 6
  7. 7. ITSG-33 Lifecycle Approach Copyright 2014 Intrinsec Security 7
  8. 8. ITSG-33 Objectives Copyright 2014 Intrinsec Security 8
  9. 9. Depar tmental IT Security Risk Copyright 2014 Intrinsec Security 9
  10. 10. Information System Security Risk Copyright 2014 Intrinsec Security 10
  11. 11. Establishing Depar tmental Security Copyright 2014 Intrinsec Security 11
  12. 12. Defining Scope Copyright 2014 Intrinsec Security 12
  13. 13. Identifying Security Needs Copyright 2014 Intrinsec Security 13
  14. 14. Categorize the security Copyright 2014 Intrinsec Security 14
  15. 15. TRA Methodology Copyright 2014 Intrinsec Security 15
  16. 16. IT security threat assessment Copyright 2014 Intrinsec Security 16
  17. 17. ITSG Deliberate Threat Categories Copyright 2014 Intrinsec Security 17
  18. 18. A note about Threat Assessments Copyright 2014 Intrinsec Security 18
  19. 19. Specify security control objectives Copyright 2014 Intrinsec Security 19
  20. 20. Develop departmental security control Copyright 2014 Intrinsec Security 20
  21. 21. Departmental security control profiles Copyright 2014 Intrinsec Security 21
  22. 22. Define business domains Copyright 2014 Intrinsec Security 22
  23. 23. Define IT security approaches Copyright 2014 Intrinsec Security 23
  24. 24. Depar tmental security control profiles Copyright 2014 Intrinsec Security 24
  25. 25. Approve the security control profiles Copyright 2014 Intrinsec Security 25
  26. 26. Security Controls Copyright 2014 Intrinsec Security 26
  27. 27. Continuous Assessment Activities Copyright 2014 Intrinsec Security 27
  28. 28. Continuous Assessment Note • • Special Note regarding Continuous Assessment. Although some activities can be performed in realtime (e.g. Security Incident and Event Management (SIEM)), not all assessments need to be performed in real-time and can be performed manually (e.g. assessing backup procedures). Further reading? NIST 800-37: ISCM for Federal Information Systems and Organizations Copyright 2014 Intrinsec Security 28
  29. 29. Security Categorization Process Copyright 2014 Intrinsec Security 29
  30. 30. Categorization Levels Copyright 2014 Intrinsec Security 30
  31. 31. Security Categorization Steps Copyright 2014 Intrinsec Security 31
  32. 32. Categorization Step One Copyright 2014 Intrinsec Security 32
  33. 33. Categorization Step Two Copyright 2014 Intrinsec Security 33
  34. 34. Categorization Step Three Copyright 2014 Intrinsec Security 34
  35. 35. Categorization Step Four Copyright 2014 Intrinsec Security 35
  36. 36. Conclusion • We have spent just one hour on the ITSG-33 Security Guidance Documentation. • To access the ITSG-33 documentation, access: http://www.cse-cst.gc.ca/its-sti/publications/itsgcsti/index-eng.html • Intrinsec Training covers all 5 appendices and has extensive labs. For further ITSG-33 training information, speak with your CTE Solutions representative. Copyright 2014 Intrinsec Security 36
  37. 37. TECHNICAL Training with impact Microsoft VMware Cloud Computing IT and Cyber Security CompTIA Java ProgrammingLanguages Novell UNIX MANAGEME BUSINESS Change Management TOGAF NT Enterprise Architecture ITIL COBiT Agile and Scrum Business Analysis Project Management 37 Communication Skills Leadership Skills Negotiation Skills Problem Solving Skills Facilitation Skills and many more…
  38. 38. CTE Solutions Inc. - Ottawa 11 Holland Avenue, Suite 100 Ottawa, Ontario, K1Y 4S1   Tel: (613) 798-5353 Toll Free: 1 (866) 635-5353 Fax: (613) 798-5574     CTE Solutions Inc. - Toronto 77 Bloor St. West, Suite 1406 Toronto, Ontario M5S 1M2   Tel: (416) 284-2700 Toll Free: 1 (866) 635-5353 Fax: (416) 284-6797 38
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×