Course 625: Cyber Security for Small and Medium Organizations


This course was designed and developed in collaboration with Innovation, Science and Economic Development Canada (ISED). It describes a series of security controls that small and medium sized organizations should implement to meaningfully improve their cyber security posture. Each module includes:

  • an explanation of the importance of a particular set of security controls
  • a case study, highlighting what can go wrong without proper measures in place
  • knowledge checks and quizzes to test understanding


  • Define the primary components of an Incident Response Plan
  • Recall the importance of automatically patching operating systems and applications
  • Recall the importance of security software in safeguarding Windows and Apple operating systems
  • Recall the importance of securely configuring devices to mitigate security risks
  • Recognize the significance of strong user authentication
  • Recognize the importance of ongoing cyber security training in promoting awareness and best practices
  • Identify the best practices of data backup and encryption
  • Recognize the strategies to ensure secure mobile device connectivity
  • Recall how to establish perimeter defences for network security
  • List the advantages and disadvantages of outsourced IT and cloud-based services
  • Recognize the necessary measures to secure websites
  • Recall how to implement access control and authorization
  • Recall how to secure portable media
  • Recognize the significance of leadership and accountability in conducting cyber security risk assessments

Target audience

Eligible participants at all levels who wish to become more familiar with the cyber security landscape and become knowledgeable on how to protect classified and sensitive information on GC networks


  1. Incident Response Plan
  2. Automatically Patch Operating Systems & Applications
  3. Enable Security Software
  4. Securely Configure Devices
  5. Use Strong User Authentication
  6. Cyber Security Training
  7. Backup and Encrypt Data
  8. Secure Mobility
  9. Establish Basic Perimeter Defences
  10. Secure Cloud and Outsourced IT Services
  11. Secure Websites
  12. Implement Access Control and Authorization
  13. Secure Portable Media
  14. Leadership Accountability Cyber Security Risk Assessment
  15. Computer Security Log Management
Report a problem on this page

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Please select all that apply:

Thank you for your help!

You will not receive a reply. For enquiries, please contact us.

Date modified: