This page lists the ACSC’s publications on miscellaneous cyber security topics. Cyber Incident Management Arrangements for Australian Governments The CIMA provides Australian governments with guidance on how they will collaborate in response to, and reduce the harm associated with, national cyber incidents. An Examination of the Redaction Functionality of Adobe Acrobat Pro DC 2017 This publication provides guidance on the efficacy of redaction facilities within Adobe Acrobat Pro DC 2017 and is intended for information technology and information security professionals within organisations looking to redact sensitive or personal information from PDF documents before releasing them into the public domain or to other third parties. Data Spill Management Guide A data spill is the accidental or deliberate exposure of information into an uncontrolled or unauthorised environment, or to persons without a need-to-know. A data spill is sometimes referred to as information disclosure or a data leak. Data spills are considered cyber security incidents and should be reported to the Australian Cyber Security Centre (ACSC). Defending Against the Malicious Use of the Tor Network Blocking traffic from the Tor network will prevent adversaries from using the Tor network to easily conduct anonymous reconnaissance and exploitation of systems and typically has minimal, if any, impact on legitimate users. This publication provides guidance on the prevention and detection of traffic from the Tor network. Domain Name System Security for Domain Owners This publication provides information on Domain Name System (DNS) security for domain owners, as well as mitigation strategies to reduce the risk of misuse of domains and associated resources. Organisations are recommended to implement the mitigation strategies in this publication to improve the security of their DNS infrastructure. Domain Name System Security for Domain Resolvers This publication provides information on Domain Name System (DNS) security for recursive resolution servers, as well as mitigation strategies to reduce the risk of DNS resolver subversion or compromise. Organisations should implement the mitigation strategies in this publication to improve the security of their DNS infrastructure. Mitigating Drive-by Downloads Adversaries are increasingly using drive‐by download techniques to deliver malicious software that compromises computers. This publication explains how drive‐by downloads operate and how compromise from these techniques can be mitigated. Mitigating Java-based Intrusions Java applications are widely deployed by organisations. As such, exploiting security vulnerabilities in the Java platform is particularly attractive to adversaries seeking unauthorised access to organisations’ networks. Mitigating the Use of Stolen Credentials This publication explains the risks posed by the use of stolen credentials and how they can be mitigated. Preparing for and Responding to Denial-of-Service Attacks Although organisations cannot avoid being targeted by denial-of-service attacks, there are a number of measures that organisations can implement to prepare for and potentially reduce the impact if targeted. Preparing for denial-of-service attacks before they occur is by far the best strategy, it is very difficult to respond once they begin and efforts at this stage are unlikely to be effective. Vulnerability Disclosure Programs Explained A vulnerability disclosure program (VDP) is a collection of processes and procedures designed to identify, verify, resolve and report on security vulnerabilities disclosed by people who may be internal or external to organisations. The importance of developing, implementing and maintaining a well thought-out VDP cannot be underestimated. It is an integral part of professional organisations’ business operations.
Cyber Incident Management Arrangements for Australian Governments The CIMA provides Australian governments with guidance on how they will collaborate in response to, and reduce the harm associated with, national cyber incidents.
An Examination of the Redaction Functionality of Adobe Acrobat Pro DC 2017 This publication provides guidance on the efficacy of redaction facilities within Adobe Acrobat Pro DC 2017 and is intended for information technology and information security professionals within organisations looking to redact sensitive or personal information from PDF documents before releasing them into the public domain or to other third parties.
Data Spill Management Guide A data spill is the accidental or deliberate exposure of information into an uncontrolled or unauthorised environment, or to persons without a need-to-know. A data spill is sometimes referred to as information disclosure or a data leak. Data spills are considered cyber security incidents and should be reported to the Australian Cyber Security Centre (ACSC).
Defending Against the Malicious Use of the Tor Network Blocking traffic from the Tor network will prevent adversaries from using the Tor network to easily conduct anonymous reconnaissance and exploitation of systems and typically has minimal, if any, impact on legitimate users. This publication provides guidance on the prevention and detection of traffic from the Tor network.
Domain Name System Security for Domain Owners This publication provides information on Domain Name System (DNS) security for domain owners, as well as mitigation strategies to reduce the risk of misuse of domains and associated resources. Organisations are recommended to implement the mitigation strategies in this publication to improve the security of their DNS infrastructure.
Domain Name System Security for Domain Resolvers This publication provides information on Domain Name System (DNS) security for recursive resolution servers, as well as mitigation strategies to reduce the risk of DNS resolver subversion or compromise. Organisations should implement the mitigation strategies in this publication to improve the security of their DNS infrastructure.
Mitigating Drive-by Downloads Adversaries are increasingly using drive‐by download techniques to deliver malicious software that compromises computers. This publication explains how drive‐by downloads operate and how compromise from these techniques can be mitigated.
Mitigating Java-based Intrusions Java applications are widely deployed by organisations. As such, exploiting security vulnerabilities in the Java platform is particularly attractive to adversaries seeking unauthorised access to organisations’ networks.
Mitigating the Use of Stolen Credentials This publication explains the risks posed by the use of stolen credentials and how they can be mitigated.
Preparing for and Responding to Denial-of-Service Attacks Although organisations cannot avoid being targeted by denial-of-service attacks, there are a number of measures that organisations can implement to prepare for and potentially reduce the impact if targeted. Preparing for denial-of-service attacks before they occur is by far the best strategy, it is very difficult to respond once they begin and efforts at this stage are unlikely to be effective.
Vulnerability Disclosure Programs Explained A vulnerability disclosure program (VDP) is a collection of processes and procedures designed to identify, verify, resolve and report on security vulnerabilities disclosed by people who may be internal or external to organisations. The importance of developing, implementing and maintaining a well thought-out VDP cannot be underestimated. It is an integral part of professional organisations’ business operations.
