Defensible Security

Last updated on July 31, 2024

Defensible Security is a collection of control groups you can use to help support your security program. Defensible Security helps organizations know what they need to be doing at a minimum to achieve a security posture that is defensible.

Control Groups


Defensible Security Introduction

Organizations will be judged not only on their ability to prevent attacks, but also to detect and respond to them. It is more critical than ever to have a well-established information security program that guides investment of finite resources and helps ensure risk is mitigated to an acceptable level. The role of security is to help the business to make informed decisions around risk. Security is not an IT problem but a business enterprise risk. Through effectively managing risk, security enables the business to achieve its goals.

To assist organizations in understanding where to invest these finite resources, the Province of British Columbia has defined a list of critical security controls in the Defensible Security Framework. The Province is committed to “raising the water level” of security in BC and across Canada.


Defensible Security Control Groups

Defensible Security Tools and Resources

Defensible Security Manual

Provides a high-level overview on the control areas. Use this manual as a reference for each control group and it's corresponding control areas.

Assessment Tool

Provides a quick and easy way for organizations to assess their security posture and view changes over time. It can also be used for executive reporting.

Contact information

Defensible Security logo