Communications Security Establishment Canada

This document outlines common risks faced by volunteer-based organizations and recommends how to address these risks by adapting how people, processes, information, and technologies are managed. This document is intended for cyber security program owners, managers, and cyber security practitioners.

Your organization uses the Internet to carry out business activities, provide employees with remote work capabilities, and offer services to clients. As your employees and partners carry out activities on different online platforms and applications, consider the digital footprint they leave...

This document provides guidance to system owners on implementing technical security measures to protect their domains from email spoofing. In this document, we describe technical measures that system owners can implement to prevent the delivery of certain malicious messages that are abusing the...

An industrial control system (ICS) automates and controls industrial processes (e.g. manufacturing, product handling, production, and distribution) and mechanical functions to keep processes and machinery running smoothly. An ICS may support critical infrastructure (e.g. energy and utilities,...

Your incident response plan includes the processes, procedures, and documentation related to how your organization detects, responds to, and recovers from incidents. Cyber threats, natural disasters, and unplanned outages are examples of incidents that will impact your network, systems, and...

Encryption technologies are used to secure many applications and websites that you use daily. For example, online banking or shopping, email applications, and secure instant messaging use encryption. Encryption technologies secure information while it is in transit (e.g. connecting to a website)...

This plan supports our goal of building a skilled and diverse workforce reflective of Canadian society. It showcases the work that has already started at CSE towards identifying and removing barriers for persons with disabilities and acknowledges that we have much more work to do.

This is the ninth annual report prepared by the Communications Security Establishment (CSE) and tabled in Parliament in accordance with section 94 of the Access to Information Act and section 20 of the Service Fees Act. It presents an overview of the agency’s activities and describes how the...

A quick overview of the most common types of phishing campaigns that cyber criminals use to steal your information.

The Internet of Things (IoT) refers to the network of everyday web-enabled objects that can connect and exchange information. These “smart” objects include more than your computer, smartphone, or tablet. They include items like personal fitness trackers, TVs, thermostats, or cars. This list of...

"The Communications Security Establishment (CSE) released its first unclassified, public Annual Report. This past year has been a notable one for CSE, highlighted by the CSE Act coming into effect, setting out CSE’s lead role as the national authority for foreign intelligence and as the national...

" TRA-1 - Tool TRA-1 - A-5: Sample Statement of Work for TRA Consulting Services TRA-1 - A-6: Sample TRA Work Plan TRA-1 - B-2: Asset Listing TRA-1 - B-5: Asset Valuation Table / Statement of Sensitivity TRA-1 - C-2: Threat Listing TRA-1 - C-4: Threat Assessment Table...

This Guidance document is intended to outlines network security zone models and architectures and provides technical guidance on implementing network security zones.

" Introduction: Why this guide is important to your campaign planning Before we start… Something for everyone Step 1: Assess what cyber security means for your campaign Step 2: Understand where your data lives Step 3: Secure your data and technology Step 4: Provide cyber...

Canadians are targets of cybercrime in many different forms. Here are five practical measures you can take right now on any device to protect yourself against cyber-security breaches. Visit www.cyber.gc.ca for more on any of these steps.

As a kickstart to your cyber security planning, here are five practical measures you can take right now to make your campaign more secure. Visit www.cyber.gc.ca for more on any of these steps.

The results of an account compromise can be devastating. If one of your social media accounts are compromised, do the following things: take action, assess and contain, and protect.

All members of a campaign team should know how to identify malicious messages and how to handle them.

"The Canadian Centre for Cyber Security has warned that foreign actors will likely try to interfere in Canadian election processes. If you’re involved in politics – as a political candidate, staffer or volunteer – you are a target. It’s vital that you take steps to protect yourself. The Cyber...

Assessing possible risk before using social media platforms and apps