Baseline cyber security controls for small and medium organizations

This national standard underpins the Innovation, Science and Economic Development Canada Cybersecure Canada certification program. The program promotes the adoption of a Canadian cyber security certification by supporting the development of this practical standard which is low-burden, easily accessible, affordable, effective, national in scope, and sector neutral. The repercussions of cyberattacks are far-reaching and costly. Ideally, organizations invest in cyber security to balance their individual cyber security risks and business objectives. However, smaller sized organizations often lack the knowledge, technical expertise and resources to develop customized cyber security regimes, or do not have the awareness of the vulnerabilities that are present in their systems. This standard outlines security controls which can serve as a cyber security baseline for these organizations. By using this standard, small and medium organizations can - improve their cyber security posture and limit the impacts of cyber incidents - enhance their competitive advantage and attract new business - reassure their customers and investors that their information is protected - improve their cybersecurity knowledge