Operational Security Standard: Management of Information Technology Security (MITS)

Defines baseline security requirements that federal departments and agencies must fulfill to ensure the security of information and information technology assets under their control.
Date modified: 2004-05-31

More information





Print-friendly XML


availability (disponibilité)
The state of being accessible and usable in a timely and reliable manner.
business continuity planning (planification de la continuité des opérations)
The development and timely execution of plans, measures, procedures and arrangements to ensure minimal or no interruption to the availability of critical services and assets.
communications intelligence (COMINT)
Technical information or intelligence derived from the exploitation of communications systems, information technology systems and networks, and any data or technical information carried on, contained in or relating to those systems or networks by other than the intended recipient.
Communications Security (COMSEC) (sécurité des communications (COMSEC))
The application of cryptographic security, transmission and emission security, physical security measures, operational practices and controls to deny unauthorized access to information derived from telecommunications and that ensure the authenticity of such telecommunications.
compromise (compromission)
The unauthorized access to, disclosure, destruction, removal, modification, use or interruption of assets or information.
confidentiality (confidentialité)
A characteristic applied to information to signify that it can only be disclosed to authorized individuals to prevent injury to national or other interests.
critical service (service essentiel)
A service whose compromise in terms of availability or integrity would result in a high degree of injury to the health, safety, security or economic well-being of Canadians or to the effective functioning of the Government of Canada (GC).
department (ministère)
All departments named in Schedule I, divisions or branches of the federal public administration set out in column I of Schedule I.1, corporations named in Schedule II, and portions of the federal public administration named in schedules IV and V of the Financial Administration Act (FAA), unless excluded by specific acts, regulations or Orders in Council.
Deputy Head (Administrateur général)
Deputy Head as defined in section 11 of the Financial Administrtion Act, and in the case of the Canadian Forces the Chief of the Defence Staff.
electronic intelligence (ELINT)
Technical information or intelligence derived from the collection, processing and analysis of electromagnetic non-communications emissions.
emergency (urgence)
A present or imminent event, including IT incidents, that requires prompt coordination of actions to protect the health, safety or welfare of people, or to limit damage to assets or the environment.
emergency management (gestion des urgences)
The prevention and mitigation of, preparedness for, response to and recovery from emergencies.
executive (cadre supérieure)
An employee appointed to the executive group (EX-01 to EX-05 levels), i.e., director, director general, assistant deputy minister or equivalent.
for cause (pour un motif valable)
A determination that there is sufficient reason to review, revoke, suspend or downgrade a reliability status, a security clearance or site access.
foreign instrumentation signals intelligence (FISINT)
Technical information or intelligence derived from the collection, processing and analysis of foreign instrumentation signals by other than the intended recipient.
identity (identité)
A reference or designation used to distinguish a unique and particular individual, organization or device.
identity management (gestion de l'identité)
The set of principles, practices, processes and procedures used to realize an organization's mandate and its objectives related to identity.
integrity (intégrité)
The state of being accurate, complete, authentic and intact.
interoperability (interopérabilité)
The ability of federal government departments to operate synergistically through consistent security and identity management practices.
managers at all levels (gestionnaires à tous les niveaux)
Includes supervisors, managers and executives.
national interest (intérêt national)
The security and the social, political and economic stability of Canada.
protected asset or information (renseignement ou bien protégé)
An asset or information that may qualify for an exemption or exclusion under the Access to Information Act or the Privacy Act because its disclosure would reasonably be expected to compromise the non-national interest.
reliability status (cote de fiabilité)
Indicates the successful completion of reliability checks; allows regular access to government assets and with a need to know to PROTECTED information.
residual risk (risque résiduel)
Level of risk remaining after security measures have been applied
risk (risque)
The uncertainty that can create exposure to undesired future events and outcomes. It is the expression of the likelihood and impact of an event with the potential to impede the achievement of an organization's objectives.
security clearance (cote de sécurité)
indicates successful completion of a security assessment; with a need to know, allows access to classified information. There are three Security Clearance levels: Confidential, Secret and Top Secret.
security control (mesure de sécurité)
An administrative, operational, technical, physical or legal measure for managing security risk. This term is synonymous with safeguard.
security incident (incident de sécurité)
Any workplace violence toward an employee or any act, event or omission that could result in the compromise of information, assets or services.
securityprogram (programme de sécurité)
A group of security-related resource inputs and activities that are managed to address a specific need or needs and to achieve intended results.
signals intelligence (SIGINT) (renseignement électromagnétique – SIGINT)
Technical information or intelligence composed of (individually or in combination) communications intelligence (COMINT), electronic intelligence (ELINT) and foreign instrumentation signals intelligence (FISINT).
situational awareness (connaissance de la situation)
Having insight into one's environment and circumstances to understand how events and actions will affect business objectives, both now and in the near future. Having complete, accurate, and current SA is essential in any domain where technological complexity, decision making, and the well-being of the public interact. Because incident management involves predictions and forecasts, SA in the area of IT requires an understanding of the interrelationships between critical services and information, safeguards supporting IT infrastructure and processes, and evolving threats.
sophisticated IT security incident (incident complexe de sécurité des TI)
An event, usually initiated by sophisticated threat actors, that is complicated to detect and recover from, causes harm to GC networks and systems, and affects the confidentiality, integrity and availability of information.
sophisticated IT security threat (menace complexe à la sécurité des TI)
An entity or entities that make use of advanced technologies and tradecraft to penetrate or bypass protective systems and security technologies without being detected.
threat (menace)
An event or act, deliberate or accidental, that could cause injury to people, information, assets or services.
vulnerability (vulnérabilité)
An inadequacy related to security that could increase susceptibility to compromise or injury.
workplace violence (violence dans le lieu de travail)
An action, conduct, threat or gesture that can reasonably be expected to cause harm, injury or illness to an employee in the workplace.
Date modified: