| layout | title |
|---|---|
default |
Welcome to the ESDC Security Knowledge Portal! |
Important Security Note: This site was created via the Github platform and is therefore hosted outside the department. Please ensure that you never provide personal and / or sensitive information on this site or in any section that allows you to provide feedback.
This knowledge portal provides a number of helpful resources for developers and Security Champions in order to help them implement security best practices while they develop their product which would result in a product secure by design.
Security by Design is an approach to software and hardware development that seeks to make systems as free of vulnerabilities and impervious to attack as possible. It is the process that integrates security in the system development lifecycle process (SDLC).
Currently when solutions are developed, security assurance is performed at the end of the project resulting in ineffective mitigation. Given today’s dynamic threat environment IT Security can no longer be an afterthought.
The goal is to foster a culture of Security by Design whereby IT Security is introduced at the beginning of the project/solution regardless whether the solution is cloud based or not.
This will align the department with with the guidance in ITSG-33 and in conformance with the updated Treasury Board Directive on Security Management and the Policy on Government Security, which took effect on July 1, 2019.
IITB is integrating Security by Design within ESDC’s SDLC process.