In the Standard on the Management of IT Security [Reference 1], Treasury Board of Canada Secretariat
(TBS) assigns to information technology (IT) security coordinators (ITSCs) the responsibility for
establishing and managing an IT security function as part of a coordinated departmental security program.
The Standard on the Management of IT Security instructs IT security coordinators to:
• Work closely with program and service delivery managers to ensure that their IT security needs
are met;
• Provide advice on security controls and IT security solutions;
• Advise program and service delivery managers of potential impacts of new and existing threats;
and
• Advise program and service delivery managers on the residual risk of their Government of
Canada (GC) programs and departmental services.
The Communication Security Establishment Canada (CSEC) has issued guidelines under the Information
Technology Security Guidance publication number 33 (ITSG-33) that describe an IT security risk
management process to support those objectives.