Open Government Portal
Found 10 records similar to Protecting GC Networks and Information with the Top 10 (ITSE.10.089)
"The Communications Security Establishment (CSE) plays a vital role in detecting and defending against cyber threats to the Government of Canada (GC). These threats are persistent, sophisticated, and continually evolving – as are CSE’s Information Technology (IT) security publications. CSE’s publications are tools that GC departments can use to improve their security posture against cyber threats. CSE’s publications address IT security topics that departments should consider and highlight measures that organizations should implement to bolster their IT security posture.
"With today’s dynamic threat environment and Government of Canada (GC) fiscal constraints, information technology (IT) security can no longer be an afterthought, but rather needs to be a vital component in both departmental and IT project plans.
IT security risks can result in exposure of sensitive government information, a loss in productivity, an inability to meet organizational objectives, or damage to the GC’s reputation, all of which can be costly to the GC.
IT security risk management is the process by which organizations manage IT security risks and is achieved through the management and application of security controls, solutions, tools, and techniques to protect IT assets against compromises.
CSE’s IT security risk management framework can help outline a risk strategy that will align with GC priorities and resource allocation so that departmental objectives can be met."
This list supersedes ITSB-89, the Top 35 Mitigation Measures, and is based on CSE’s analysis of the cyber threat activity trends that impact Government of Canada (GC) Internet-connected networks.
This publication provides an overview of Enterprise Mobility Security and lists some of the threats and risks that mobile devices pose to the GC corporate enterprise. This publication also outlines the potential mitigations and safeguards that a department or agency can put into place to counter these threats and risks. It is important to note that these lists are not comprehensive, and even if all possible mitigations have been properly implemented, a residual risk to the department’s network and information assets remains.
The purpose of this document is to describe CCCS’s Cloud Service Provider (CSP) Information Technology Security (ITS) Assessment Program. The objective of the CSP ITS Assessment Program is to assist Government of Canada (GC) departments and agencies in their evaluation of CSP services being procured for use by the GC. The resulting assessments will show whether the subject CSP’s security processes and controls meet the GC public cloud security requirements for information and services up to Protected B, Medium Integrity, and Medium Availability (PB/M/M) as published by the Treasury Board of Canada Secretariat
o Instant Messaging Security Risks
o Spotting Malicious Emails
o GC CIRT Pointer: Exploit Kits
o Securing your GC SECRET Network
o Sharing Information across Different Security Domains
o VoIP for GC Departments
o TBS Corner: Web 2.0 and the GC
o Application-Based Firewalls
"Several meetings involving an ad-hoc group of federal government departments occurred in April-May 2008 around an emerging national security issue relating to the vulnerability of the supply chain for Government of Canada telecommunications equipment and services. In addition to the threat of cyber attack, there is a growing awareness of the risks posed by potentially vulnerable or shaped technologies that may be entering the Government of Canada (GC) communications networks and information technology infrastructure through the supply chain. One way to reduce these risks is to include specific security clauses in PWGSC contracts that are aimed at protecting the integrity, availability and confidentiality of Canadas data and communications. These clauses were developed based on a ""managed telecommunications services"" scenario, whereby a contractor is given responsibility for selecting, implementing, and operating and maintaining telecommunications infrastructure and services.
"Patching operating systems and applications is one of the Top 10 Security Actions in CSE’s Top 10 IT Security Actions to Protect Government of Canada Internet-Connected Networks and Information (ITSB-89 Version 3). Implementing the Top 10 security actions as a package would prevent the vast majority of intrusions to which CSE currently responds.
Applying patches to operating systems, applications and devices is a critical activity in ensuring the security of systems. This document provides guidance on assessing known vulnerabilities and patches in order to determine the risk posed to an organization, the relative priority for patch deployment, as well as guidelines on how to deploy patches."
The purpose of this Bulletin is to advise Government of Canada (GC) departments and agencies of the security threat posed by modern "keylogger" software with enhanced data capture capabilities which utilize "stealth" techniques to hide from anti-virus and anti-spyware scanners.
This dataset is the result of two surveys, conducted in August and November 2018. Departments and Agencies were asked to indicate whether they were compliant with the Direction on Enabling Access to Web Services. This Policy Implementation Notice instructs departments to enable access to web services on GC electronic networks for unclassified information. The dataset contains a list of departments and their self-assessed compliance with the Direction.