Open Government Portal

The purpose of this Information Note is to draw attention to the top 10 IT security actions as recommended by CSE.

o Canadian Medium Assurance Solutions
o Shared Services Canada’s Security Operations Centre
o CSE’s Top 10 and Shared Services Canada
o CSE’s Top 10 in the Mobile Environment

o CSE’s Top 10 Security Actions
o The Dangers of Free Dynamic DNS
o Using a Blackberry as a Hotspot
o Cyber Security Considerations for Management
o Hardware Security Modules
o Windows 7 Hardening Guide
o Measures to Protect Your Network

o Top 10 For Everyone
o Put Your Money Where Your Data Is – Invest In Cyber Security
o CSE’s Assessment On Cyber Threats To Canada’s Democratic Process
o The Forecast On Cloud Computing
o Cyber Hygiene Series: Social Media
o CSE In The Community

Updating software addresses vulnerabilities and protects your device. When a software issue or vulnerability is identified, the vendor releases patches to fix bugs, address known vulnerabilities, and improve usability or performance. Although all patches are updates, not all updates are patches. For example, an update may be issued to upgrade software features whereas a patch may be issued to resolve a flaw that would leave you and your organization vulnerable to a data breach.

"The Communications Security Establishment (CSE) plays a vital role in detecting and defending against cyber threats to the Government of Canada (GC). These threats are persistent, sophisticated, and continually evolving – as are CSE’s Information Technology (IT) security publications. CSE’s publications are tools that GC departments can use to improve their security posture against cyber threats. CSE’s publications address IT security topics that departments should consider and highlight measures that organizations should implement to bolster their IT security posture.

"The Communications Security Establishment (CSE) released its first unclassified, public Annual Report. This past year has been a notable one for CSE, highlighted by the CSE Act coming into effect, setting out CSE’s lead role as the national authority for foreign intelligence and as the national technical authority for cyber security and information assurance. The CSE Act also reinforced the crucial elements of openness, transparency and accountability that are essential to CSE’s work. This Annual Report is one of those elements.

Risk Management
Cyber Mitigation – Patching
Best Practices – Passwords
Securing WLANs
Procuring Assured Products for Protected B Networks

This list supersedes ITSB-89, the Top 35 Mitigation Measures, and is based on CSE’s analysis of the cyber threat activity trends that impact Government of Canada (GC) Internet-connected networks.

"With today’s dynamic threat environment and Government of Canada (GC) fiscal constraints, information technology (IT) security can no longer be an afterthought, but rather needs to be a vital component in both departmental and IT project plans.

IT security risks can result in exposure of sensitive government information, a loss in productivity, an inability to meet organizational objectives, or damage to the GC’s reputation, all of which can be costly to the GC.

IT security risk management is the process by which organizations manage IT security risks and is achieved through the management and application of security controls, solutions, tools, and techniques to protect IT assets against compromises.

CSE’s IT security risk management framework can help outline a risk strategy that will align with GC priorities and resource allocation so that departmental objectives can be met."