Discussion Paper DIS-21-03, Cyber Security and the Protection of Digital Information
Consultation has concluded
Consultation on discussion paper DIS-21-03, Cyber Security and the Protection of Digital Information, is now closed. Thank you to everyone who submitted comments.
Consultation on discussion paper DIS-21-03, Cyber Security and the Protection of Digital Information, is now closed. Thank you to everyone who submitted comments.
-
Question 1
about 1 year ago6 ResponsesDo you agree with the proposed model for managing prescribed information electronically?
-
Question 2
about 1 year agoCould this model be used to manage all sensitive information generated by your organization?
-
Question 3
by andrewneuheimer, about 1 year agoDo you agree with the proposed manner for the identification, classification and marking of sensitive information (including prescribed information) that you manage? Why? Why not?
-
Question 4
by andrewneuheimer, about 1 year agoPlease identify any impacts that would arise if the CNSC would make the suggested practices mandatory.
-
Question 5
by andrewneuheimer, about 1 year agoWhat specific standards or guidance have you implemented to protect the prescribed information and other sensitive information on your information systems?
-
Question 6
by andrewneuheimer, about 1 year agoAre there additional sources of guidance for protecting your information systems that would be suitable to you?
-
Question 7
by andrewneuheimer, about 1 year agoWould your organization be able to implement the example measures listed above?
-
Question 8
by andrewneuheimer, about 1 year agoWhat specific measures have you implemented to protect the prescribed information you are managing while not in use?
-
Question 9
by andrewneuheimer, about 1 year agoWhat are your thoughts concerning the examples of guidance provided?
-
Question 10
by andrewneuheimer, about 1 year agoAre there additional sources of guidance for disposal that would be suitable to reference?
Signup Banner
Key Dates
Table of Contents
1. Information
1.1 Scope
1.2 Pre-consultation activities to date
1.3 Document organization
2. Information Protection for CNSC-Licensed Activities
3. Principles of Information Protection
3.1 Definition of prescribed information
3.2 Sensitive information and sensitive information asset definitions
3.3 Information protection objectives
3.4 Information protection scope
3.5 Proposed lifecycle for information and specific considerations
3.5.1 Create phase
3.5.2 Identifying sensitive information
3.5.3 Classifying and marking sensitive information
Q1. Do you agree with the proposed model for managing prescribed information electronically?
Q2. Could this model be used to manage all sensitive information generated by your organization?
3.5.4 Using sensitive information
Q7. Would your organization be able to implement the example measures listed above?
3.5.5 Storing and disposing of sensitive information
Q9. What are your thoughts concerning the examples of guidance provided?
Q10. Are there additional sources of guidance for disposal that would be suitable to reference?
3.6 Incident response and reporting
Q12. What impacts and challenges do you foresee implementing the suggested measures?
Q13. Are there any other measures that you believe should be included?
3.7 Evaluating effectiveness and continuous improvement
4. Cyber Security for CNSC-Licensed Activities
4.1 Identifying other possible at-risk licensed activities
4.2 Proposed way forward for other possible at-risk licensees
5. Principles: Cyber Security Program, Cyber Security Measures, Graded Approach, Defence in Depth
5.1 Cyber security program
5.2 Cyber security measures
5.3 Risk-informed graded approach
5.4 Defence in depth
6. Potential Cyber Security Requirements for High-Security Sites
7. Potential Cyber Security Requirements and Guidance for Protection of Facilities (Including Research Reactors) Having Category III Nuclear Material, and Class IB Accelerators
8. Potential Cyber Security Requirements and Guidance for Nuclear Substance Licensees
8.1 Potential cyber security requirements and guidance for the protection of physical protection systems
Q19. What measures have you implemented to protect your physical security measures from cyber attack?
8.2 Potential cyber security requirements and guidance for safety, emergency preparedness and safeguards
Q23. What impacts would these potential requirements and guidance have on your licensed activities?
9. Potential Cyber Security Requirements and Guidance for Entities Who Transport or Arrange the Transport of Nuclear Material or Sealed Sources
9.1 Potential cyber security requirements and guidance for entities who transport or arrange the transport of Category I, II and III Nuclear Materials
9.2 Potential cyber security requirements and guidance for entities who transport or arrange the transport of Category 1 and 2 Sealed Sources
Appendix A: Examples of Nuclear Information and Recommended Classification Level
References
Additional Information