ITSG33.CA > Blogs > What Is In The Box
Back to all blogs

What Is In The Box

Thank-you for reviewing our website.

The ITSG33.CA website provides you with a secure and reliable means to tailor your security requirements specifically for your organization or project.

We base your requirements on ITSG-33 IT Security Risk Management: A Lifecycle Approach published by Communications Security Establishment Canada.

That document provides (in Annex4a) over 800 proposed guidelines that may be relevent to your organization. Thankfully, only about half are likely to be applicable.

We include a default proposed requirement statement for each of the guidelines. Most likely you will need to review and change these.

Still, that is a lot of work. We provide a language-model based assistant to help you produce effective system-level requirements about as fast as you can click and type.

The outcome of this is a Microsoft Excel compatible spreadsheet that identifies each of your tailored system-level requirements together with a trace to the original guideline.

In summary, what you get is:

  • A secure web-based interface to review and revise your security requirements.
  • Multiple projects so you can work on more than one at a time.
  • Proposed security requirements for each security control.
  • A language-model driven approach to revise or recompute each requirement.
  • Complete history of each proposed and accepted requirement statement.
  • Selection of applicability and delegation for each control.
  • A Microsoft-Excel output file showing all resulting requirements and the applicability or delegation status of each.

      For a review of how this works, see this page:

      Usage