Which baseline controls are right for your organization?

Small and Medium Organizations: Which baseline controls are right for your organization?

Small and medium organizations are those with fewer than 500 employees. However, our baseline controls are not limited to businesses. All small and medium organizations can benefit by using these controls.

As an initial step, it is helpful to determine which information systems and assets are at risk. Your organization can determine this risk by assessing the potential injury InjuryThe damage to the national interests and non-national interests that business activities serve resulting from the compromise of IT assets. that would result if a cyber actor publicly released or corrupted sensitive organizational information or took systems and assets offline.

Our baseline controls address the threat level typically posed by cybercrime. Your organization should assess if threats come from commercial espionage and if threats put public and national security at risk. We recommend consulting our National Cyber Threat Assessment when conducting this assessment. Your organization may also want to consult our recommendations on other options or paths to better enterprise security.

 

Long description

Adopting even basic cyber security Cyber securityThe protection of digital information, as well as the integrity of the infrastructure housing and transmitting digital information. More specifically, cyber security includes the body of technologies, processes, practices and response and mitigation measures designed to protect networks, computers, programs and data from attack, damage or unauthorized access so as to ensure confidentiality, integrity and availability. practices can help thwart cyber threat Cyber threatA threat actor, using the internet, who takes advantage of a known vulnerability in a product for the purposes of exploiting a network and the information the network carries. actors and reduce the threats to Canadians and Canadian businesses.

Additional recommendations for your organization include:

• Assessing whether the baseline controls make sense for your environments
• Implementing the baseline controls for all your information systems and assets

For more information:

• Baseline Cyber Security Controls for Small and Medium Organizations
• ITSM.10.189: Top 10 IT Security Actions to Protect Internet Connected Networks and Information
• ITSG 33: IT Security Risk Management: A Lifecycle Approach

Other options for cyber security:

We are not the only providers of cyber security advice and guidance, and we recognize that some smaller organizations require more comprehensive cyber security advice. Although we hope organizations will benefit from the baseline controls, there are other sources of information that may be helpful.

Many of the links provided here come from our partners. We encourage visitors to also check out their material on cyber security:

• Global Cyber Alliance Small Business Toolkit
• UK National Cyber Security Centre - Cyber Security: Small Business Guide
• US National Institute of Standards and Technology - Small Business Information Security: The Fundamentals (PDF)
• US National Institute of Standards and Technology Cyber Security Framework
• Center for Internet Security Controls
• ISO/IEC 27001:2013 Information technology – Security techniques – Information security management systems – Requirements