CSE Top 10 IT Security Actions

Number: IN17-005
Date: 04 December 2017


The purpose of this Information Note is to draw attention to the top 10 IT security actions as recommended by CSE.


The Communications Security Establishment (CSE) has released a document which explains the “Top 10” mitigation strategies an organization can undertake to build a strong IT infrastructure and protect their networks.

The Top 10

  1. Consolidate, monitor and defend Internet gateways
  2. Patch operating systems (OS) and applications
  3. Enforce the management of administrative privileges
  4. Harden operating systems (OS) and applications
  5. Segment and separate information
  6. Provide tailored awareness and training
  7. Protect information at the enterprise level
  8. Apply protection at the host-level
  9. Isolate Web-facing applications
  10. Implement application whitelisting

Suggested Action

CCIRC encourages you to visit the CSE website and for network administrators to review the CSE Top 10 IT Security Actions to Protect Internet-Connect Networks and Information (ITSM.10.189). Implementing these actions will reduce the risk; however, IT security activities need to be reviewed and improved continuously to address changes in the cyber threat landscape.


CSE - Top 10 IT Security Actions

CSE - Top 10 IT Security Actions to Protect Internet-Connected Networks and Information

Note to Readers

In support of Public Safety's mission to build a safe and resilient Canada, CCIRC's mandate is to help ensure the security and resilience of the vital non-federal government cyber systems that underpin Canada's national security, public safety and economic prosperity. As Canada's computer security incident response team, CCIRC is Canada's national coordination centre for the prevention and mitigation of, preparedness for, response to, and recovery from cyber incidents on non-federal government systems. It does this by providing authoritative advice and support, and coordinating information sharing and incident response.

Please note, CCIRC PGP key has recently been updated.

For general information, please contact Public Safety Canada's Public Affairs division at:

Telephone: 613-944-4875 or 1-800-830-3118
Fax: 613-998-9589
E-mail: ps.communications-communications.sp@canada.ca

Date modified: