Open Government Portal

o Top 10 For Everyone
o Put Your Money Where Your Data Is – Invest In Cyber Security
o CSE’s Assessment On Cyber Threats To Canada’s Democratic Process
o The Forecast On Cloud Computing
o Cyber Hygiene Series: Social Media
o CSE In The Community

o CSE’s Top 10 Security Actions
o The Dangers of Free Dynamic DNS
o Using a Blackberry as a Hotspot
o Cyber Security Considerations for Management
o Hardware Security Modules
o Windows 7 Hardening Guide
o Measures to Protect Your Network

o The Canadian Centre for Cyber Security
o Meltdown and Spectre
o Trending Topic: Cloud Benefits
o COMSEC Update
o Assemblyline
o CSE in the Community: Hackergal
o ITSLC News

This list supersedes ITSB-89, the Top 35 Mitigation Measures, and is based on CSE’s analysis of the cyber threat activity trends that impact Government of Canada (GC) Internet-connected networks.

"The Communications Security Establishment (CSE) plays a vital role in detecting and defending against cyber threats to the Government of Canada (GC). These threats are persistent, sophisticated, and continually evolving – as are CSE’s Information Technology (IT) security publications. CSE’s publications are tools that GC departments can use to improve their security posture against cyber threats. CSE’s publications address IT security topics that departments should consider and highlight measures that organizations should implement to bolster their IT security posture.

"The Communications Security Establishment (CSE) released its first unclassified, public Annual Report. This past year has been a notable one for CSE, highlighted by the CSE Act coming into effect, setting out CSE’s lead role as the national authority for foreign intelligence and as the national technical authority for cyber security and information assurance. The CSE Act also reinforced the crucial elements of openness, transparency and accountability that are essential to CSE’s work. This Annual Report is one of those elements.

"Patching operating systems and applications is one of the Top 10 Security Actions in CSE’s Top 10 IT Security Actions to Protect Government of Canada Internet-Connected Networks and Information (ITSB-89 Version 3). Implementing the Top 10 security actions as a package would prevent the vast majority of intrusions to which CSE currently responds.

Applying patches to operating systems, applications and devices is a critical activity in ensuring the security of systems. This document provides guidance on assessing known vulnerabilities and patches in order to determine the risk posed to an organization, the relative priority for patch deployment, as well as guidelines on how to deploy patches."

CSE's unclassified, public Annual Report 2020-2021

The purpose of this Information Note is to draw attention to the top 10 IT security actions as recommended by CSE.

o Instant Messaging Security Risks
o Spotting Malicious Emails
o GC CIRT Pointer: Exploit Kits
o Securing your GC SECRET Network
o Sharing Information across Different Security Domains
o VoIP for GC Departments
o TBS Corner: Web 2.0 and the GC
o Application-Based Firewalls