Course description
All Government of Canada (GC) departments and agencies transmitting, storing, or processing sensitive government information must be protected by systems that have been developed, acquired, and evaluated according to recognized standards and implemented in accordance with GC policies and directives.
This boot camp will present participants with the general concepts of cyber security risk management for the GC and the foundational knowledge and guidelines needed to contribute to the development of security control profiles. It will also highlight the integration of cyber security risk management within the System Development Life Cycle (SDLC) as described in ITSG-33.
This boot camp consists of 3 parts:
- Part 1 - Course 104 - IT Security Risk Management: A Lifecycle Approach (ITSG-33)
- Part 2 - Information System Security Implementation Process (ISSIP)
- Part 3 - IT Security Risk Management and Security Control Profiles
Note: This boot camp includes material from course 104 - IT Security Risk Management: A Lifecycle Approach (ITSG-33). As a result, you are not required to register for course 104 if you are planning to complete this boot camp.
Course Objectives
- Apply IT security risk management within the GC context
- Identify the initial steps to integrating risk management guidance within your department
- Describe the ISSIP and why it is required
- Situate the ISSIP within the ITSG-33 security risk management process
- Describe all the ISSIP activities
- Complete key ISSIP activities
- Interpret departmental threat & risk assessments
- Identify business domains
- Define IT security approaches
- Identify relevant common criteria
Target audience
Project/Program Managers, IT Security Designers, Architects, Engineers and Managers
Prerequisites
Prior to attending, participants should have a working knowledge of GC Security Risk Management. To satisfy this requirement, we recommend participants take course 601 – Introduction to IT Security Management.