For the purposes of this Library, sources are defined as:
Authoritative Source: a privacy or cyber-security organization dedicated to establishing standards and best practices
Informed Source: a news source, blog or information from a commercial vendor that provides informed privacy and data security advice.
Summary of contents
How to create a “call first or act first” checklist
How to create a “get out of bed” checklist and notification matrix
Emergency indicators and associated confidence levels
Suggestions vs. decisions: what is appropriate in a given situation?
Response expectations and approved actions that have been coordinated with key stakeholders
Authoritative Source: Information System Audit and Control Association (ISACA)
A printable template to help document and report a suspected or confirmed privacy breach
Authoritative Source: Office of the Information and Privacy Commissioner BC (OIPC)
A resource guide to help respond to a privacy breach in accordance with BC privacy legislation.
complements the above checklist
designed to be printed and kept on hand as part of emergency preparedness planning
Authoritative Source: Office of the Information and Privacy Commissioner BC (OIPC)
Summary of contents
Short, straight-forward advice onAuthoritative Source: Center for Internet Security
Summary of contents
A brief summary for executives with suggestions on how to address physical, supply chain, and cybersecurity issues that may arise from the spread of Novel Coronavirus, or COVID-19.
Summary of contents
Recommendations from a lawyer specializing in cybersecurity on managing COVID-19 cybersecurity risks from a people, process and technology perspective. Includes an extensive list of best practice guidance documents from authoritative sources in Canada, the United States, UK, Europe and Australia.
Informed Source: BLG (Borden Ladner Gervais LLP)
Summary of contents
Protect against fakesAuthoritative Source: Canadian Centre for Cybersecurity
Summary of contents
Authoritative Source: Australian Cyber Security Centre
Summary of contents
Practical recommendations for staff. Examples:Authoritative Source: US Federal Trade Commission
Summary of contents
Authoritative Source: National Cyber Security Centre
Summary of contents
Authoritative Source: Cyber Readiness Institute
Summary of contents
Practical advice designed to be shared with teleworking home and remote office users.Authoritative Source: National Institute of Standards and Technology (NIST)
Summary of contents
A shareable PDF with practical guidance for working outside of the office.
Authoritative Source: National Cyber Security Alliance
Summary of contents
Authoritative Source: BC Office of the Information and Privacy Protection Commissioner (OIPC)
Summary of contents
Authoritative Source: Canadian Centre for Cybersecurity
Summary of contents
A technical reference for small to medium organizations.Authoritative Source: National Institute of Standards and Technology (NIST)
Summary of contents
Informed Source: Privacy Canada
Summary of contents
Guidance from a lawyer in Vancouver specializing in cybersecurity. Recommendations are based on controls published by the Canadian Centre for Cybersecurity, with specific suggestions on:Informed Source: BLG (Borden Ladner Gervais LLP)
Authoritative Source: BC Office of the Information and Privacy Protection Commissioner (OIPC)
These controls are the ones that are used when evaluating Partner Agencies through the SCsIP Cybersecurity Assessment project.
For a downloadable PDF version of these standards, click here.
Summary of contents
Clear, easy to understand recommendations designed specifically for small and medium sized organizations by the Canadian Government. Systematically reviews an organization’s cyber security profile on the following topics:Authoritative Source: Canadian Centre for Cyber Security
BC.9.2
BC.9.7
Configuring with GSuite systems:
Configuring Microsoft 365
BC.11.2
ASVS levels
https://owasp.org/www-pdf-archive//OWASP_ASVS_Article_-_Getting_Started_Using_ASVS.pdf
ASVS Level 1 is for low assurance levels, and is completely penetration testable
ASVS Level 2 is for applications that contain sensitive data, which requires protection and is the recommended level for most apps
ASVS Level 3 is for the most critical applications - applications that perform high value transactions, contain sensitive medical data, or any application that requires the highest level of trust