Open Government Portal

"This cyber security playbook guides elections authorities on anticipating, mitigating, and responding to threats that are specific to Canada’s democratic processes. This playbook introduces baseline cyber security measures and best practices that you can implement to improve your organization’s security profile. This playbook also provides a set of standards to reference as elections authorities continue to improve current systems and implement new ones. The guidance in this document is based on information gathered from various sources and is only intended to provide a set of recommendations that you can implement in addition to your organizational policies and practices.

This document is part of a suite of documents that focus on each of the top 10 IT security actions recommended in ITSM.10.189 Top 10 IT Security Actions to Protect Internet Connected Networks and Information [1]. While implementing all 10 of the recommended security actions can reduce your organization’s vulnerability to cyber threats, you should review your current cyber security activities to determine whether additional actions are required.

When you work in the office, you benefit from the security measures that your organization has in place to protect its networks, systems, devices, and information from cyber threats. Working remotely provides flexibility and convenience. However, remote work can weaken your organization’s security efforts and put you at risk if you don’t take precautions. Read through our cyber security tips to ensure that you are practicing good cyber hygiene when working from home, a café, or any other public location.

This document presents the Canadian Centre for Cyber Security baseline cyber security controls wherein we attempt to apply the 80/20 rule (achieve 80% of the benefit from 20% of the effort) to the cyber security practices of small and medium organizations in Canada.

This document is part of a suite of documents developed by the Cyber Centre to help secure cloud-based services and supports the cloud security risk management approach defined in ITSM.50.062 Cloud Security Risk Management.

This document is part of a suite of documents that the Cyber Centre has developed to help secure cloud-based services. Security categorization, the selection of a security control profile, and the selection of a cloud deployment model and a cloud service model are the first three steps of the Cloud Security Risk Management approach. This approach is defined in ITSM.50.062 Cloud Security Risk Management.

"The Canadian Centre for Cyber Security has warned that foreign actors will likely try to interfere in Canadian election processes. If you’re involved in politics – as a political candidate, staffer or volunteer – you are a target. It’s vital that you take steps to protect yourself. The Cyber Centre has advice to help you protect your cyber security and deal with threats to your social media accounts.

"Cloud computing has the potential to provide your organization with flexible, on-demand, scalable and self-service IT services. To benefit from cloud computing, your organization must ensure that security risks are properly managed, cloud specific security considerations are addressed, and security controls of cloud-based services are properly assessed before authorized.

You organization can use the guidance in this document to assist with its security assessment and authorization of cloud-based services. "

Organizations and individuals can benefit from using multi-factor authentication (MFA) to secure devices and accounts. With MFA enabled, two or more different authentication factors are needed to unlock a device or sign in to an account. Whether accessing email, cloud storage, or online banking services, MFA provides an extra layer of security from cyber attacks like credential stuffing. In credential stuffing, hackers use previously stolen credentials from one website, hoping that you have reused these credentials.

Remote work introduces some challenges when trying to balance functionality with security. When working remotely, your employees need to access the same internal services, applications, and information that they would have access to in the office. However, your organization also needs to protect its systems and information, as remote work introduces new vulnerabilities. You need to implement additional security precautions to prevent threat actors from taking advantage of those vulnerabilities.