Information and physical security: Information technology security

Information technology security - Competencies

Key activities

  • Ensure departmental plans, processes and procedures are in place for responding to cyber security events and reporting of incidents to the appropriate authorities and affected stakeholders, in accordance with the Government of Canada Cyber Security Event Management Plan.
  • Provide cyber security advice and guidance related to security of information, data, and information technology, including cyber security threats and operating experience.
  • Monitor, assess and/or regulate access to information management and information technology systems.
  • Develop, monitor, assess, and/or update processes for the operations and life cycle maintenance and replacement of security networks and systems; identify operational weaknesses, new requirements, etc. as per the Government of Canada Cyber Security Management Guidelines.
  • Conduct technical inspections and compliance activities related to cyber security.
  • Procure, operate, control, and audit secure communication equipment to ensure compliance with the Communications Security Establishment requirements and in accordance with secure communication legislation, regulations, policies, programs, and activities.
  • Plan and coordinate IT security-related projects such as developing inspection procedures and guides in technical areas of specialization and in accordance with security policies and guidelines.
  • Support the development, implementation, interpretation, and/or application of government and departmental security policies, standards and guidelines, and the Departmental Security Plan and the Departmental Plan on Service and Digital.
  • Work with Lead Security Agencies and other government departments to exchange best practices and lessons learned; and participate in national and international technical/scientific events and fora.

Note:

  1. The Competency Profile for the Information Technology Security sub-group of the Information and physical security career path should be used in conjunction with the Canadian Cyber Security Skills Framework.
  2. Distinction between ‘IT security’ and ‘Cyber Security’:

    IT security is the discipline of applying security controls, security solutions, tools and techniques to protect IT assets against threats from compromises throughout their lifecycle. IT security focuses on the security of both electronic data assets and physical IT assets.

    Cyber security refers to the security of the transmission of electronic data and information across cyberspace. It covers the technology, processes, practices, and response and mitigation measures designed to protect electronic information, data and information infrastructure from mischief, unauthorized use or disruption in cyberspace. Cyber security complements IT security, and operationalizes the IT security controls set out in subsection B.2.3 of Appendix B of the Directive on Security Management.

    Ultimately, the goal of both cyber security and IT security is to preserve the confidentiality, integrity, availability, intended use, and value of electronically stored, processed, or transmitted data and information.

Page details

Date modified: