"With today’s dynamic threat environment and Government of Canada (GC) fiscal constraints, information technology (IT) security can no longer be an afterthought, but rather needs to be a vital component in both departmental and IT project plans.
IT security risks can result in exposure of sensitive government information, a loss in productivity, an inability to meet organizational objectives, or damage to the GC’s reputation, all of which can be costly to the GC.
IT security risk management is the process by which organizations manage IT security risks and is achieved through the management and application of security controls, solutions, tools, and techniques to protect IT assets against compromises.
CSE’s IT security risk management framework can help outline a risk strategy that will align with GC priorities and resource allocation so that departmental objectives can be met."