Open Government Portal
Found 10 records similar to Security Considerations for Exposure of Classified IT Systems to Mobile Devices and Wireless Signals (ITSB-104)
This bulletin is in support of the Treasury Board of Canada Secretariat (TBS) Information Technology Policy Implementation Notice 2014-01 (ITPIN: 2014-01). The notice, released in May 2014, describes the risks posed by, and the possible mitigations for, removable media devices that are used to temporarily store GC information. The intended audience for this bulletin includes executives, those responsible for IT security risk management activities, and information system security practitioners.
This bulletin is intended for information security practitioners responsible for IT security risk management activities and is structured to be used within the framework of Information Technology Security (ITS) management activities defined within the publication: CSEC - IT Security Risk Management: A Lifecycle Approach (ITSG-33).
This bulletin provides information on the availability of the Secure Communications Interoperability Protocol (SCIP) rekey guides.
The purpose of this bulletin is to advise the Government of Canada (GC) that the Canadian Central Facility (CCF) now has the capability to provide foreign Secure Communications Interoperability Protocol (SCIP) Seed key in electronic form.
The purpose of this bulletin is to inform the Government of Canada (GC) of the Communications Security Establishment Canada's (CSEC) guidance regarding the use of commercial technologies to safeguard the communications of classified information at the level of SECRET within a departmental local enclave.
Government of Canada (GC) departments rely on information systems to support their business activities. These interconnected information systems are often subject to serious threats which can have adverse effects on departmental business activities by compromising the confidentiality, integrity or availability of the systems and their information technology (IT) assets. Senior management support is essential in ensuring the continued protection of business applications, information assets, and IT infrastructures. This bulletin identifies key questions to guide leadership discussions between management and their IT security team to enhance national security, protect sensitive GC information and enable the achievement of departmental mission objectives.
The purpose of this Bulletin is to advise Government of Canada (GC) departments and agencies of the security threat posed by modern "keylogger" software with enhanced data capture capabilities which utilize "stealth" techniques to hide from anti-virus and anti-spyware scanners.
"The iPad’s ease of use, short boot up time and portability makes the device more convenient than traditional laptops. Employees consider the iPad to be a great companion device, and are using it to replace paper, to take notes in meetings, and to read documents while travelling. However, iPads will introduce new risks to an organization’s business and the security of its information. The security risks are numerous, and must be carefully considered, clearly understood and security controls and safeguards put in place before iPads are allowed to remotely access a departmental network.
The information provided in this document is intended to assist in the mitigation of threats associated with a Wireless Local Area Network (WLAN) deployment by offering security advice to be used during the high-level design phase.
"Patching operating systems and applications is one of the Top 10 Security Actions in CSE’s Top 10 IT Security Actions to Protect Government of Canada Internet-Connected Networks and Information (ITSB-89 Version 3). Implementing the Top 10 security actions as a package would prevent the vast majority of intrusions to which CSE currently responds.
Applying patches to operating systems, applications and devices is a critical activity in ensuring the security of systems. This document provides guidance on assessing known vulnerabilities and patches in order to determine the risk posed to an organization, the relative priority for patch deployment, as well as guidelines on how to deploy patches."