Top 10 IT Security Actions

 

The Government of Canada has a critical role to play in protecting the information of Canadians. Without proper IT security measures, your department is vulnerable and at risk of compromise. Stolen information, damaged reputations, and lost resources are scenarios that no department wants to face.

CSE’s advice and guidance will help you build a strong IT infrastructure and protect your networks. Our Top 10 IT Security Actions were selected and prioritized based on our analysis of cyber threat trends affecting Government of Canada Internet-connected networks. When implemented as a set, the Top 10 help minimize intrusions or the impacts to a network if a successful cyber intrusion occurs.

"As a community, we work together to secure and protect Government of Canada networks. By being proactive and adopting the Top 10, we can all benefit from the proven security measures."

Ron Parker, President of SSC


"CSE’s Top 10 are smart, practical actions that any department can implement. They work, and provide a lasting impact. There’s just too much at stake not to do them."

Yaprak Baltacioglu, Secretary of TBS

Implementation of the Top 10 will result in eliminating the vast majority of cyber threats currently seen active in GC networks.

  1. Use Shared Services Canada (SSC) Internet gateways
  2. Patch operating systems (OSs) and applications
  3. Enforce the management of administrative privileges
  4. Harden Operating Systems (OSs)
  5. Segment and separate information
  6. Provide tailored awareness and training
  7. Manage devices at the enterprise level
  8. Apply protection at the host level
  9. Isolate web-facing applications
  10. Implement application whitelisting

Want to know more?

Read the full list of the Top 10 IT Security Actions here.

 

View our Top 10 video series

Top 10 IT Security Actions

Top 10 Overview

Want to know more about the benefits of the Top 10? We’ve got you covered.

 
Use SSC Internet Gateways

Use SSC Internet Gateways

Make your internet connection work for you, not threat actors. Learn more about the benefits.

 
Patch Operating Systems and Applications

Patch Operating Systems and Applications

Do you have an automated patch management framework in place? Learn more about why this is critical to your operations.

 
Enforce the Management of Administrative Privileges

Enforce the Management of Administrative Privileges

Do you regularly review who has administrative privileges on your networks? Learn more about why you should.

Segment and Separate Information

Segment and Separate Information

Do you know where and how your information is stored on your networks? Learn more about why this is important.

 
 
 

Resources

  • ITSB-89 v.3: The Top 10 IT Security Actions to Protect Government of Canada Internet-Connected Networks and Information
  • ITSB-94: Managing and Controlling Administrative Privileges
  • ITSB-95: Application Whitelisting Explained
  • ITSB-96: Security Vulnerabilities and Patches Explained
  • ITSB-66: Cyber Security Risks of Using Social Media
  • ITSAP-00-100: Spotting Malicious E-mail Messages
  • Cyber Journal 8
  • Cyber Journal 9
 

Questions?

Please contact the ITS Client Services Team.

 
We are Cyber Security

We are Cyber Security