Cybersecurity Templates
Our CAN CIOSC 104:2021 (CyberSecure Canada) templates are meticulously designed to align with the CAN CIOSC 104:2021 requirements.
Our CyberSecure Canada templates offer a collection of policy templates, each tailored to address specific sub-controls outlined by the CyberSecure Canada program. These templates are comprehensive and cover various critical areas, including antimalware, firewalls, incident response plans, and more. By utilizing our templates, organizations can establish a strong foundation for their cybersecurity policies, ensuring alignment with the CyberSecure Canada framework.
Alignment with Standard Requirements
Our templates have been developed to meet the specific guidelines and requirements set forth by the CAN CIOSC 104:2021 standard. This ensures that organizations can create policies that align with industry best practices and regulatory standards.
Policy Templates for Each Sub-Control
Our templates include policy documents for each sub-control identified by CAN CIOSC 104:2021. This approach enables organizations to create policies that address all necessary areas, fostering a holistic cybersecurity approach.
Comprehensive Coverage
The CAN CIOSC 104:2021 templates cover a wide range of cybersecurity domains, including but not limited to antimalware measures, firewalls, incident response plans, employee awareness training, access control, data backup and recovery, etc.
Personalized and Scalable
Our templates are personalized with your business name and logo, and allow organizations to tailor the policies to their specific needs and organizational structure.
Time-Saving Solution
By utilizing our CyberSecure Canada templates, organizations can save valuable time and effort in developing cybersecurity policies from scratch. The templates serve as a great starting point, enabling businesses to expedite the policy creation process.
Why use the templates?
Our templates provide organizations with a convenient and comprehensive solution for establishing robust cybersecurity policies aligned with the CyberSecure Canada program. By leveraging these templates, businesses can enhance their cybersecurity posture, mitigate risks, and demonstrate their commitment to safeguarding sensitive data and digital assets. Start your journey towards CAN CIOSC 104:2021 compliance today with our ready-to-use templates!
What polices are included?
OC 4.1.2.1 Leadership
OC 4.2.3.1 Accountability
OC 4.3.2.1 Cyber Security Training
OC 4.3.3.1 Ongoing awareness training
OC 4.4.2.1 Cyber Security Risk Assessment
OC 4.4.3.1 Cyber Security Risk Assessment Policy
OC 4.4.3.2 List of information systems and assets
OC 4.4.3.3 Accepted cyber security risks
OC 4.4.3.4 IT Security-Spending Levels-Raw
OC 4.4.3.5 IT security staffing
OC 4.4.3.6 Commitment to Cyber Security
OC 4.4.3.7 When to update an existing risk assessment
OC 4.4.3.8 Implementing baseline controls
OC 4.4.3.9 Reviewing controls to ensure effectiveness
BC 5.1.2.1 & 5.1.2.2 Incident Response Plan
BC 5.1.2.3 Cybersecurity insurance
BC 5.2.2.1 Security patches
BC 5.2.2.2 Automatic Patching
BC 5.2.2.3 Replacing systems incapable of automatic patching
BC 5.3.2.1 Enable security software
BC 5.4.2.1 Changing default passwords
BC 5.4.3.1 Secure configurations for devices
BC 5.5.2.1 Multi-factor authentication
BC 5.5.2.2 Changing password on suspicion of compromise
BC 5.5.2.3 Password length-reuse-writing down
BC 5.5.3.1 Password managers
BC 5.6.2.1 Essential business information
BC 5.6.2.2 Frequency of backups
BC 5.6.2.3 System backups
BC 5.6.2.4 Storing backups
BC 5.6.2.5 Encrypting backups
BC 5.6.3.1 Sampling backup data
BC 5.7.3.1 Firewalls
BC 5.7.3.2 DNS Firewall
BC 5.7.3.3 Software firewalls
BC 5.7.3.4 Encrypted Connectivity and VPN Access with MFA
BC 5.7.3.5 Corporate Wi-Fi
BC 5.7.3.6 Segmenting corporate and public networks
BC 5.7.3.7 DMARC
BC 5.7.3.8 Email filtering
BC 5.8.3.1 Provision accounts with minimum functionality necessary
BC 5.8.3.2 Removing accounts or functionality when no longer required
BC 5.8.3.3 Admin accounts only perform administrative activities
BC 5.8.3.4 Centralized authorization control system
BC 6.1.3.1 Ownership model for mobile devices
BC 6.1.3.2 Securing mobile devices
BC 6.2.2.1 Evaluating risk tolerance for outsourced IT or cloud apps
BC 6.2.3.1 AICPA SSAE 18 or equivalent reports
BC 6.3.3.1 OWASP Top 10
BC 6.3.3.2 ASVS Levels
BC 6.4.2.1 Company owned portable media
BC 6.4.3.1 Using portable media
BC 6.5.2.1 POS Terminals and Financial Systems
BC 6.6.3.1 Log management