Blog / CYBERSECURE CANADA Part I – A Look into this New Certification Program.
The Federal Government recently come out with something to help organizations secure their computers. As a bonus, it comes with a nice logo that you can include in your Marketing & such.
It’s called “CYBERSECURE CANADA” and you can find information about it on the Government of Canada Website. I try to avoid putting links in newsletters, because we distribute these by email and one of the common-sense practices I push is to “Never, ever, click a link in an email”, but this time, I’ll make an exception:
To obtain this certification, you need to have an Authorized Certification Body to asses you and confirm that you have the 13 Security Controls they have listed operational within your network.
I’ve been through their requirements and in a rather surprising turn of events, the list they have come up with seems to be both modern and effective. Sometimes governments can be slow, and regulations can spend years in bureaucratic limbo. Then, by the time they get released, the recommendations are antiquated. This is especially true when it comes to something that changes quickly, like computers.
Over the next few newsletters, I’m going to do a deep dive into the various aspects of this new certification. So, without further ado:
CYBERSECURE CANADA Certification for Businesses – Part One
I) So, the first question to ask would be: Who is this certification aimed at?
It’s aimed at Small and Medium Businesses. Specifically, any organization with less then 500 employees. This is because organizations that small tend to have very limited IT resources; especially when it comes to IT Security.
II) Why should my business bother with this?
As I mentioned, the Certification comes with permission to use their logo in your Advertising and such. The idea here is that this logo will become something that members of the public will recognize. This will create a positive impact on your business, as it will give them a sense of trust that your organization is committed to Cyber Security. That’s enough to make any Marketing department drool.
Another reason would simply be that the requirements they have are good. One problem in a lot of organizations is that people WANT to improve their Cyber Security, but they don’t know HOW. A Certification like this helps provide a road-map.
III) How do I obtain this Certification?
You need to have your organization audited by a Certification body. The website contains a list of organizations that can do it, but it does not contain contact information for them yet.
This is a new Certification (a few weeks’ old), so hopefully more detailed information will be posted on the website in the future. It’s either that or the organizations that provide this Certification have not yet set-up methods of contacting them directly regarding this. For example, Bell Canada is supposed to be one of the outfits that can perform the audit required, but try as I might, my Google-Fu was unable to find a method of contacting them about it. I couldn’t find any mention of this Certification anywhere on Bell Canada’s website.
IV) What does it take to become certified?
You will need to have an auditor confirm that your organization is acting within the rules set-down in the regulations. There is a list of 13 different Security Controls that your organization needs to have in place. You can find the list on the website. Those Controls are:
– Have an Incident Response Plan
– Automatic patching of Operating Systems and Applications
– Enable Security Software
– Secure Device Configurations
– Strong User Authentication
– Employee Awareness Training
– Backup and Encrypted Data
– Secure Mobile Devices
– Basic Perimeter Defenses
– Secure Cloud and Outsourced IT Services
– Secure Websites
– Implement Access Control and Authorization
– Secure Portable Media
Some of these items you may be doing already. Others you may recognize from a few of my previous newsletters. In any case, that is enough for one day. Next time, I will start going into each item in more detail and talk about what they mean.
If you have questions about CYBERSECURE CANADA Certification, you can reach out to your TRINUS Account Manager for stress-free IT.
By Kind Courtesy of Your Friendly Neighbourhood Cyberman.