Communications Security Establishment Canada

"The need to securely access or move information between networks with different security classifications is an ongoing operational necessity within the Government of Canada (GC). Accessing or moving data from one network to another enables business operations, information sharing and decision...

A VDC must address the threats, inherent vulnerabilities, and characteristic risks to data centres, as well as those specific to complex virtualized environments. Fortunately, VDCs can be made secure by using several safeguards and best practices. These safeguards and best practices involve...

Phishing is an attack where a scammer calls you, texts or emails you, or uses social media to trick you into clicking a malicious link, downloading malware, or sharing sensitive information. Phishing attempts are often generic mass messages, but the message appears to be legitimate and from a...

A compromise of your social media or email account has serious implications. If you think your email or social media accounts have been breached, you should follow the steps below and contact your IT security officer. Depending on the nature of the suspected compromise, your IT security officer...

"Trying to use different and complex passwords for every website, account, and application can be challenging. If you are experiencing password overload, you may become careless. Maybe you keep all your passwords written down or reuse the same, easy to remember password. You can use a password...

Organizations and individuals can benefit from using multi-factor authentication (MFA) to secure devices and accounts. With MFA enabled, two or more different authentication factors are needed to unlock a device or sign in to an account. Whether accessing email, cloud storage, or online banking...

Remote work introduces some challenges when trying to balance functionality with security. When working remotely, your employees need to access the same internal services, applications, and information that they would have access to in the office. However, your organization also needs to protect...

Organizations and their networks are frequently targeted by a wide variety of threat actors looking to steal information. Cyber intruders are technologically savvy, vulnerability conscious, and aggressively agile; a successful intrusion can quickly lead to the loss of data integrity and...

The Top 10 Information Technology (IT) Security Actions to Protect Internet-Connected Networks and Information (ITSM.10.189) is based on the Canadian Centre for Cyber Security (CCCS) analysis of cyber threat activity trends and their impact on Internet-connected networks. Organizations that...

"Your mobile device provides a convenient and flexible way to work anywhere or at anytime. While mobile devices play a vital role in the day-to-day operations of organizations and agencies, their use can also pose a threat to information and networks. Mobile devices are attractive targets that...

This document is part of a suite of documents that focus on each of the top 10 IT security actions recommended in ITSM.10.189 Top 10 IT Security Actions to Protect Internet Connected Networks and Information [1]. While implementing all 10 of the recommended security actions can reduce your...

The following content was created prior to the creation of the Canadian Centre for Cyber Security by one of the entities that became part of the Cyber Centre. This content remains relevant to current discussions about cyber security.

There is growing awareness of the risks posed by potentially vulnerable or shaped technologies that may be entering the Government of Canada (GC) communications networks and information technology infrastructure through the supply chain.

"Several meetings involving an ad-hoc group of federal government departments occurred in April-May 2008 around an emerging national security issue relating to the vulnerability of the supply chain for Government of Canada telecommunications equipment and services. In addition to the threat of...

The following content was created prior to the creation of the Canadian Centre for Cyber Security by one of the entities that became part of the Cyber Centre. This content remains relevant to current discussions about cyber security.

The information in this publication identifies and describes acceptable security protocols and their appropriate methods of use to ensure continued protection of UNCLASSIFIED, PROTECTED A, and PROTECTED B information.

The information in this publication identifies and describes approved cryptographic algorithms and appropriate methods of use to protect the confidentiality of PROTECTED A and PROTECTED B information and the integrity of information to the medium injury level as defined in CSE’s ITSG-33 IT...

This bulletin is in support of the Treasury Board of Canada Secretariat (TBS) Information Technology Policy Implementation Notice 2014-01 (ITPIN: 2014-01). The notice, released in May 2014, describes the risks posed by, and the possible mitigations for, removable media devices that are used to...

Make sure you know how to use them safely to keep that data secure.

This document is part of a suite of documents developed by the Cyber Centre to help secure cloud-based services and supports the cloud security risk management approach defined in ITSM.50.062 Cloud Security Risk Management.