Open Government Portal
Found 10 records similar to Java Vulnerability Mitigation - Guidance for the Government of Canada (ITSB-98)
The information in this publication identifies and describes approved cryptographic algorithms and appropriate methods of use to protect the confidentiality of PROTECTED A and PROTECTED B information and the integrity of information to the medium injury level as defined in CSE’s ITSG-33 IT Security Risk Management: A Lifecycle Approach .
The Information Technology Security Guidance for Purchasing CSEC-Approved Cryptographic Equipment from the United States Government (ITSG-26) provides instructions and guidance on the purchase of Communications Security Establishment Canada (CSEC)-approved cryptographic equipment available from the United States (U.S.) via Foreign Military Sales (FMS) and Direct Sales (DS).
Mobile devices have spread rapidly across the Government of Canada (GC) corporate enterprise and while they boost productivity and efficiency, they significantly increase the risk of a compromise to sensitive information. To help mitigate this threat, Communications Security Establishment Security Canada (CSEC) recommends departments utilize a Mobile Device Management (MDM) solution.
"With today’s dynamic threat environment and Government of Canada (GC) fiscal constraints, information technology (IT) security can no longer be an afterthought, but rather needs to be a vital component in both departmental and IT project plans.
IT security risks can result in exposure of sensitive government information, a loss in productivity, an inability to meet organizational objectives, or damage to the GC’s reputation, all of which can be costly to the GC.
IT security risk management is the process by which organizations manage IT security risks and is achieved through the management and application of security controls, solutions, tools, and techniques to protect IT assets against compromises.
CSE’s IT security risk management framework can help outline a risk strategy that will align with GC priorities and resource allocation so that departmental objectives can be met."
With today’s dynamic threat environment and Government of Canada (GC) fiscal constraints, information technology (IT) security can no longer be an afterthought, but rather needs to be a vital component in both your departmental and IT project plans. With that in mind, the ITSG-33 publication has been developed to help government departments ensure security is considered right from the start. By following the principles within this publication, you not only help ensure predictability and cost-effectiveness, you also help ensure that there are no hidden surprises preventing you from obtaining authority to operate and maintaining continued authorization.
This document is part of a suite of documents developed by the Cyber Centre to help secure cloud-based services and supports the cloud security risk management approach defined in ITSM.50.062 Cloud Security Risk Management.
This document is part of a suite of documents that the Cyber Centre has developed to help secure cloud-based services. Security categorization, the selection of a security control profile, and the selection of a cloud deployment model and a cloud service model are the first three steps of the Cloud Security Risk Management approach. This approach is defined in ITSM.50.062 Cloud Security Risk Management.
This bulletin aims to describe the risks posed by, and possible mitigations for, the exposure of classified IT systems to wireless signals and mobile devices that are not authorized to connect to those systems. The intended audience for this bulletin includes those responsible for IT security risk management activities as well as information system security practitioners.
"The COMSEC Installation Planning – Guidance and Criteria (ITSG-11) has been superseded by Emission Security (EMSEC) Guidance (ITSG-11A) February 2016 which is a Protected publication, issued under the authority of the Chief, Communications Security Establishment (CSE).
To access, or obtain, a copy of the publication, please visit the COMSEC User Portal (CUP) at: https://comsecportal.cse-cst.gc.ca, or contact your departmental COMSEC Custodian."
This Guidance document is intended to outline the baseline security requirements for achieving Network Security within the Government of Canada, in accordance with the Government Security Policy (February, 2004) and the Operational Security Standard: Management of Information Technology Security (April, 2004).