Information and physical security: Information technology security
Information technology security - Competencies
Key activities
- Ensure departmental plans, processes and procedures are in place for responding to cyber security events and reporting of incidents to the appropriate authorities and affected stakeholders, in accordance with the Government of Canada Cyber Security Event Management Plan.
- Provide cyber security advice and guidance related to security of information, data, and information technology, including cyber security threats and operating experience.
- Monitor, assess and/or regulate access to information management and information technology systems.
- Develop, monitor, assess, and/or update processes for the operations and life cycle maintenance and replacement of security networks and systems; identify operational weaknesses, new requirements, etc. as per the Government of Canada Cyber Security Management Guidelines.
- Conduct technical inspections and compliance activities related to cyber security.
- Procure, operate, control, and audit secure communication equipment to ensure compliance with the Communications Security Establishment requirements and in accordance with secure communication legislation, regulations, policies, programs, and activities.
- Plan and coordinate IT security-related projects such as developing inspection procedures and guides in technical areas of specialization and in accordance with security policies and guidelines.
- Support the development, implementation, interpretation, and/or application of government and departmental security policies, standards and guidelines, and the Departmental Security Plan and the Departmental Plan on Service and Digital.
- Work with Lead Security Agencies and other government departments to exchange best practices and lessons learned; and participate in national and international technical/scientific events and fora.
Knowledge
Applies at all levels
- Knowledge of the organizational vision, mandate, programs, policies, operating environment, and structure, including diversity and inclusion considerations
- Knowledge of security fundamentals, and security legislation, regulations, policies, and practices
- Knowledge of computer-based IT and data protection systems and/or communication networks, and new technological developments
Entry-level
- See above
Mid-level
- Knowledge of cyber security standards, programs, application development, database management, IT security, IT architecture, and system administration
- Knowledge of inspection, investigation and audit techniques, procedures, and practices to conduct inspections and/or investigations, including threat and risk assessments
- Knowledge of risk management
- Knowledge of project management
- Knowledge of crisis management
- Knowledge of security intelligence
- Knowledge of the security assessment and authorization process
Management, Executive and Chief Security Officer
- Knowledge of the Government of Canada security governance, including the roles and responsibilities of lead security agencies
- Knowledge and awareness of domestic and international cyber security related trends, risks and their impacts
Skills
Applies at all levels
- Ability to collect, analyze and get acquainted with information from various sources, establish logical links and leverage as required to advance projects and/or files, and to support an informed decision-making process
Entry-level
- See above
Mid-level
- Ability to manage and/or support a project from its conception to close-out phases
- Ability to conduct and report on investigations and inspections
- Ability to conduct and report on threat and risk assessments
- Ability to intervene as appropriate and required during a crisis or a situation
Management, Executive, and Chief Security Officer
- Ability to manage a team and align efforts towards common goals, in line with government and organizational priorities and programs
- Ability to work with other organizations and stakeholders to ensure the collaboration, sharing and leveraging of information and dissemination of best practices and lessons learned
Attributes
Applies at all levels
- Strategic and analytical thinking and creative problem solving
- Engagement, collaboration, and client-focus
- Self-management: reliability, planning and organizing, flexibility and initiative
- Demonstration of integrity and respect
- Sound judgment
- Communication
- Thoroughness
Entry-level
- See above
Mid-level
- See above
Management, Executive, and Chief Security Officer
Note:
- The Competency Profile for the Information Technology Security sub-group of the Information and physical security career path should be used in conjunction with the Canadian Cyber Security Skills Framework.
- Distinction between ‘IT security’ and ‘Cyber Security’:
IT security is the discipline of applying security controls, security solutions, tools and techniques to protect IT assets against threats from compromises throughout their lifecycle. IT security focuses on the security of both electronic data assets and physical IT assets.
Cyber security refers to the security of the transmission of electronic data and information across cyberspace. It covers the technology, processes, practices, and response and mitigation measures designed to protect electronic information, data and information infrastructure from mischief, unauthorized use or disruption in cyberspace. Cyber security complements IT security, and operationalizes the IT security controls set out in subsection B.2.3 of Appendix B of the Directive on Security Management.
Ultimately, the goal of both cyber security and IT security is to preserve the confidentiality, integrity, availability, intended use, and value of electronically stored, processed, or transmitted data and information.
Page details
- Date modified: