IT Security Foundations

The IT security foundations program is intended to guide initial learning for all IT security roles and is targeted toward those from non-IT security work domains. The program suggested below recognizes that not all IT security practitioners will necessarily have the requisite educational background, but the following formal and informal learning provides core GC concepts, high-level processes and activities in support of IT security. In all cases, individuals, supervisors and managers should consider any prior learning and assessment that might be applicable to the job or function.


Formal Learning Informal Workplace Learning
IT Technical Diploma or equivalent  
ITSLC 606 - Fundamentals of Security for Security Practitioners
  • Experience working within the security domain
  • Identify departmental security authorities, roles and responsibilities - create a contact list
  • Reviewing the Departmental or local threat and risk assessment (TRA)
  • Reading and contributing to the DSP

Cyber Security Essentials or equivalent (vendor-based) to include:

  • Common threats & vulnerabilities
  • Network architecture and security
  • Desktop/Computer security
  • Security tools - types, uses, capabilities and limitations
  • First-Responder Incident Response & Incident Management

ITSLC 107 - Cyber Security in the Government of Canada

  • Review departmental or local legislative and policy context
  • Review departmental or local IT Security plan (or equivalent)
  • Map out departmental or local security architecture
  • Identifying IT Security zones in use
  • Participation in IT Security exercices
  • Experience using local security tools and techniques
ITSLC 601 - Introduction to IT Security Management
  • Read ITSG-33 Annexes 1 and 2
  • Review Departmental IT Security Plan/Guidance
  • Research emerging issues in IT Security
  • Review the CSE Top 10 Mitigations
ITSLC 104 - IT Security Risk Management: A Lifecycle Approach (ITSG-33)
  • Identify and review departmental business needs for security
  • Identify and review departmental security threat context
  • Review departmental security control profiles and controls for which you are responsible

Upon completion please take a look at the ITS Learning Pathways.