Communications Security Establishment Canada

This document introduces cyber security best practices that your organization should integrate into the design and maintenance of its website. In Section 2, we include a checklist of key measures that your IT decision makers and web development team managers can implement to improve the security...

This document provides guidance on cyber security considerations required to securely design, deploy, and operate electronic poll book systems. The document highlights traditional poll book functions and discusses new services that can be integrated to support modern elections. It also provides...

This cyber threat bulletin provides an update to Canadians about the threat from ransomware in Canada and how we expect that threat to evolve over the next year.

Table of contents Introduction The digital dransformation of OT OT cybersecurity vs. IT cybersecurity OT exposure in Canada: A snapshot The OT of the future: Cyber-physical systems The role of OT in critical infrastructure The cyber threat to OT Direct vs indirect...

The information provided in this document is intended to inform and assist organizations with drawing down the risks, reducing impacts, and taking preventative actions associated with ransomware attacks. You can use the considerations below to articulate your business and security requirements...

The intent of this guide is not to recommend any schools or programs, but to provide a listing of available programs that may help advance an individual’s career in the field of cyber security.

This document provides web application and system administrators with security recommendations to protect web application systems against credential stuffing attacks.

This document highlights the cyber threats facing individuals and organizations in Canada. It provides an update to the National Cyber Threat Assessment 2018 (NCTA 2018) and the National Cyber Threat Assessment 2020 (NCTA 2020), with analysis of the interim years and forecasts until 2024. We...

This document provides an update to the 2017 Cyber threats to Canada’s democratic process reports and 2019 Cyber threats to Canada’s democratic process reports released by CSE. Its purpose is to inform Canadians about cyber threats to the democratic process.

This dataset provides an overview of the courses offered by the Canadian Centre for Cyber Security, the duration, course fee, number of sessions offered, and total number of participants for the given fiscal year.

The guide provides information about many of the certifications available for prospective students and cyber security professionals. The intent is not to recommend any certification body or certification in particular, but to provide a listing of some of the different certifications that may help...

On this page Types of careers Who is hiring? Career pathways Cyber security education

This document describes how your organization can use tokenization to reduce the residual risks incurred when using cloud based services to transmit, process, or store sensitive information (i.e. information that requires protection against unauthorized disclosure). When using cloud-based...

The effects of misinformation, disinformation, and malinformation (MDM) cost the global economy billions of dollars each year. Often known colloquially as “fake news”, MDM are damaging to public trust in institutions and, during elections, may even pose a threat to democracy itself. MDM has...

This document outlines common risks faced by volunteer-based organizations and recommends how to address these risks by adapting how people, processes, information, and technologies are managed. This document is intended for cyber security program owners, managers, and cyber security practitioners.

Your organization uses the Internet to carry out business activities, provide employees with remote work capabilities, and offer services to clients. As your employees and partners carry out activities on different online platforms and applications, consider the digital footprint they leave...

This document provides guidance to system owners on implementing technical security measures to protect their domains from email spoofing. In this document, we describe technical measures that system owners can implement to prevent the delivery of certain malicious messages that are abusing the...

An industrial control system (ICS) automates and controls industrial processes (e.g. manufacturing, product handling, production, and distribution) and mechanical functions to keep processes and machinery running smoothly. An ICS may support critical infrastructure (e.g. energy and utilities,...

Your incident response plan includes the processes, procedures, and documentation related to how your organization detects, responds to, and recovers from incidents. Cyber threats, natural disasters, and unplanned outages are examples of incidents that will impact your network, systems, and...

Encryption technologies are used to secure many applications and websites that you use daily. For example, online banking or shopping, email applications, and secure instant messaging use encryption. Encryption technologies secure information while it is in transit (e.g. connecting to a website)...