Communications Security Establishment Canada

This document presents the Canadian Centre for Cyber Security baseline cyber security controls wherein we attempt to apply the 80/20 rule (achieve 80% of the benefit from 20% of the effort) to the cyber security practices of small and medium organizations in Canada.

Securing your network is an important step to having a cyber safe holiday seasaon.

Multi-factor authentication (MFA) adds an extra step to the login process and an extra layer of security to your accounts and devices.

Mobile devices have spread rapidly across the Government of Canada (GC) corporate enterprise and while they boost productivity and efficiency, they significantly increase the risk of a compromise to sensitive information. To help mitigate this threat, Communications Security Establishment...

If you’re someone who is in a high-profile position, such as a politician or a senior executive, you need to protect the security of your mobile devices when you travel. Mobile devices contain sensitive information and they are high-value targets for cyber threat actors. If your device or the...

Learn how to protect them, and your information, from being compromised.

This bulletin aims to describe the risks posed by, and possible mitigations for, the exposure of classified IT systems to wireless signals and mobile devices that are not authorized to connect to those systems. The intended audience for this bulletin includes those responsible for IT security...

Telework is a flexible and convenient work arrangement that allows you to work outside of the traditional office environment. By remotely connecting to your organization’s network, you can continue to use applications and access information as though you were in the office.

The ITSP.40.006 v2 IT Media Sanitization publication contains guidance for IT Security for Practitioners and other IT security authorities to help reduce the risk of exploitation of residual data on IT equipment with electronic memory and/or data storage media. This guidance applies to data at...

Information Technology Security Guidance for Practitioners ITSP.30.031 V3 supersedes ITSP.30.031 V2 User Authentication Guidance for IT Systems and provides guidance on user authentication in IT systems. ITSP.30.031 V3 is also part of a suite of documents developed by CSE to help secure GC...

This dataset represents the employment equity for the Communications Security Establishment

"This document is intended for elections authorities. It introduces common threats to Canada’s electoral processes and provides guidance on protecting the systems and the people involved in these processes. The guidance in this document is based on information gathered from various sources and is...

"This cyber security playbook guides elections authorities on anticipating, mitigating, and responding to threats that are specific to Canada’s democratic processes. This playbook introduces baseline cyber security measures and best practices that you can implement to improve your organization’s...

The recent cyber threat activity against the democratic process in the United States and Europe has raised concerns about similar threats to Canada. In this assessment, we consider the cyber threats to Canada’s democratic process at the federal, provincial/territorial, and municipal levels of...

This document describes common concepts relevant to discussions about cyber threat activity in the Canadian context and acts as a point of reference for Canadian Centre for Cyber Security (Cyber Centre) publications. This introductory document provides baseline knowledge about the cyber threat...

o Canadian Medium Assurance Solutions o Shared Services Canada’s Security Operations Centre o CSE’s Top 10 and Shared Services Canada o CSE’s Top 10 in the Mobile Environment

o Social Media Security Pitfalls o Success of your Departmental Mission o Anatomy of a Cyber Intrusion o Securing BlackBerry Devices o Using Wi-Fi While Travelling

o Interview: Why the Top 10? o Denial of Service o Mobility Security o Cyber Security Awareness Month o Zero-Day Exploits o Disposition of Windows XP o Cross Domain Solutions

o Web 2.0 Security Risks o Data Diodes in a Cross-Domain Solution o The Importance of a Departmental TA o Two-Factor Authentication o Cloud Computing

o Instant Messaging Security Risks o Spotting Malicious Emails o GC CIRT Pointer: Exploit Kits o Securing your GC SECRET Network o Sharing Information across Different Security Domains o VoIP for GC Departments o TBS Corner: Web 2.0 and the GC o...