2014/06/13 – 2014/06/13
141 Catherine St.
The Ottawa Chapter of the HTCIA is sponsoring a one day ITSG-33 Familiarization and Usage Overview training session presented by John Clayton. A number of government agencies are in the process of implementing an ITSG-33 program and this is an opportunity to get up to speed on the process.
Special: If you register by May 28, 2014 you will receive a free t-shirt
Description
ITSG-33, IT Security Risk Management: A Life Cycle Approach, was issued by the Communications Security Establishment Canada (CSEC) on 1 November 2012. The stated purpose of this important guideline is “to help government departments ensure security is considered right from the start’ and to “help ensure predictability and cost-effectiveness”. To promote a better understanding of ITSG-33 and help members make better use of the document, the HTCIA Training Day will address several important questions:
- What is ITSG-33 and how does it relate to other security policy instruments?
- How is ITSG-33 structured and what information does it contain?
- How can ITSG-33 be used to:
- Establish a more effective IT security program?
- Develop more secure IT systems?
- Improve threat and risk assessments (TRA)?
- Support IT security investigations?
Presenter Bio
John Clayton joined the Royal Canadian Air Force in 1963. After graduating from the Royal Military College, he trained as a computer programmer and systems analyst.
Four years later, he transferred to the Security Branch of the Canadian Forces, where he served in a variety of security, counterintelligence and policing positions across Canada. In his last assignment, he was the Departmental Automated Data Processing (ADP) Security Authority at National Defence Headquarters.
Since leaving the Canadian Forces in 1989, he has worked with five departments or agencies in the Public Service: the Ministry of the Solicitor General, the Department of Foreign Affairs and International Trade, Public Works and Government Services Canada, the Treasury Board Secretariat and the Communications Security Establishment (CSE). During this time, he has performed varied functions as a Senior Policy Analyst, Project Security Director, Departmental COMSEC Authority and Departmental Security Officer. In his last position he co-chaired the joint CSE-Royal Canadian Mounted Police working group that developed the Harmonized Threat and Risk Assessment Methodology.
After his retirement from the Public Service in January 2007, he accepted a position as a Senior Security Analyst with the Risk Management Consulting practice at Bell Canada. In this capacity he has applied the Harmonized TRA Methodology extensively. Most recently, he has integrated ITSG-33, IT Security Risk Management: A Lifecycle Approach, and the Harmonized TRA Methodology to produce more comprehensive vulnerability assessments and, therefore, more focused recommendations.