LOGIN
You can view all our publications from this page. Use the filters below to filter by audience type, title and summary and the sort options to sort for the most recently updated or published content.
01 Feb 2017
Strategies to Mitigate Cyber Security Incidents
The Australian Cyber Security Centre (ACSC) has developed prioritised mitigation strategies to help cyber security professionals in all organisations mitigate cyber security incidents caused by various cyber threats. This guidance addresses targeted cyber intrusions (i.e. those executed by advanced persistent threats such as foreign intelligence services), ransomware and external adversaries with destructive intent, malicious insiders, ‘business email compromise’, and industrial control systems.
05 Feb 2017
Strategies to Mitigate Cyber Security Incidents – Mitigation Details
01 Dec 2017
My Guide
For most of us, the internet opens up new opportunities. We can shop, bank, research, work and connect when and where we want to.
01 Jul 2018
Protecting Industrial Control Systems
Industrial control systems are essential to our daily life. They control the water we drink, the electricity we rely on and the transport that moves us all. It is critical that cyber threats to industrial control systems are understood and mitigated appropriately to ensure essential services continue to provide for everyone.
29 Apr 2019
Easy steps to secure your online information
The Australian Cyber Security Centre (ACSC) has developed an Easy Steps Guide to help Australians protect themselves from cyber criminals. Lottery and grant scams, identity theft, investment scams, hacking, phishing, dating and romance scams, online abuse and sextortion are just some of the threats people face.
09 Oct 2019
Quick Wins for your Portable Devices
Mobile technology is an essential part of modern business. While these devices may be small, the cyber threats when transporting them outside of the office are huge. This guide helps small businesses understand what is a portable device, why it is important to manage their use and how to keep the data on portable devices secure.
Small Business Cyber Security Guide
This guide has been developed to help small businesses protect themselves from the most common cyber security incidents.
31 Oct 2019
Quick Wins for your End of Support
Every software product has a lifecycle. Knowing key dates in a program’s lifecycle can help you make informed decisions about the products your small business relies on every day. This guide helps small businesses understand what end of support is, why it is important to be prepared and when to update, upgrade or make other changes.
06 Apr 2020
COVID-19 Protecting Your Small Business
This guide has been developed to help small and micro businesses adapt to working during the COVID-19 pandemic. It will help businesses with simple and actionable advice in order to both identify common and emerging cyber threats and develop resilient business practices to protect themselves.
22 May 2020
COVID-19 – Remote access to Operational Technology Environments
This cyber security advice is for critical infrastructure providers who are deploying business continuity plans for Operational Technology Environments (OTE)/Industrial Control Systems (ICS) during the COVID-19 pandemic.
26 Jun 2020
What Executives Should Know About Cyber Security
This publication discusses high-level topics that executives should know about cyber security within their organisations.
Risk Management of Enterprise Mobility Including Bring Your Own Device
This document has been developed to provide senior business representatives with a list of enterprise mobility considerations. These include business cases, regulatory obligations and legislation, available budget and personnel resources, and risk tolerance. Additionally, risk management controls are provided for cyber security practitioners.
Data Spill Management Guide
A data spill is the accidental or deliberate exposure of information into an uncontrolled or unauthorised environment, or to persons without a need-to-know. A data spill is sometimes referred to as information disclosure or a data leak. Data spills are considered cyber security incidents and should be reported to the Australian Cyber Security Centre (ACSC).
Hardening Microsoft Windows 8.1 Workstations
Workstations are often targeted by an adversary using malicious websites, emails or removable media in an attempt to extract sensitive information. Hardening workstations is an important part of reducing this risk. This document provides recommendations on hardening workstations using Enterprise editions of Microsoft Windows 8.1. Before implementing recommendations in this document, thorough testing should be undertaken to ensure the potential for unintended negative impacts on business processes is reduced as much as possible.
Essential Eight Explained
The Strategies to Mitigate Cyber Security Incidents is a prioritised list of mitigation strategies to assist organisations in protecting their systems against a range of adversaries. The mitigation strategies can be customised based on each organisation’s risk profile and the adversaries they are most concerned about.
Security Configuration Guide - Apple iOS 12 Devices
This publication provides guidance on hardening the security configuration of iOS 12 devices.
Bring Your Own Device for Executives
Bring Your Own Device (BYOD) scenarios enable organisations to take advantage of new technologies faster. It also has the potential to reduce hardware costs and improve organisational productivity and flexibility. However, BYOD also introduces new risks to an organisation’s business and the security of its information, which need to be carefully considered before implementation.
Travelling Overseas with Electronic Devices
This publication provides guidance on strategies that individuals can take to secure the use of electronic devices when travelling overseas.
Implementing Application Control
Application control is one of the most effective mitigation strategies in ensuring the security of systems. As such, application control forms part of the Essential Eight from the Strategies to Mitigate Cyber Security Incidents. This document provides guidance on what application control is, what application control is not, and how to implement application control.
Windows Event Logging and Forwarding
A common theme identified by the Australian Cyber Security Centre (ACSC) while performing investigations is that organisations have insufficient visibility of activity occurring on their workstations and servers. Good visibility of what is happening in an organisation’s environment is essential for conducting an effective investigation. It also aids incident response efforts by providing critical insights into the events relating to a cyber security incident and reduces the overall cost of responding to them.
Microsoft Office Macro Security
Microsoft Office applications can execute macros to automate routine tasks. However, macros can contain malicious code resulting in unauthorised access to sensitive information as part of a targeted cyber intrusion. This document has been developed to discuss approaches that can be applied by organisations to secure systems against malicious macros while balancing both their business and security requirements.
Preparing for and Responding to Denial-of-Service Attacks
Although organisations cannot avoid being targeted by denial-of-service attacks, there are a number of measures that organisations can implement to prepare for and potentially reduce the impact if targeted. Preparing for denial-of-service attacks before they occur is by far the best strategy, it is very difficult to respond once they begin and efforts at this stage are unlikely to be effective.
End of Support for Microsoft Windows 7
On 14 January 2020, Microsoft ended support for Microsoft Windows 7. As such, organisations no longer receive patches for security vulnerabilities identified in this product. Subsequently, adversaries may use these unpatched security vulnerabilities to target Microsoft Windows 7 workstations.
Industrial Control Systems Remote Access Protocol
External parties may need to connect remotely to critical infrastructure control networks. This is to allow manufacturers of equipment the ability to maintain the equipment when a fault is experienced that cannot be fixed in the required timeframe. Such access to external parties will only occur in extraordinary circumstances, and will only be given at critical times where access is required to maintain the quality of everyday life in Australia.
Cyber Supply Chain Risk Management Practitioner Guide
This guidance informs cyber security practitioners, procurement officers, and supply chain decision makers with a more detailed discussion of the key cyber SCRM elements.
Domain Name System Security
This publication provides information on Domain Name System (DNS) security. DNS systems, known as DNS Resolvers, are vulnerable to a number of exploits that can lead to compromises. This publication provides information on protecting DNS integrity and mitigation strategies to reduce the likelihood of DNS Resolver compromises.
Securing Content Management Systems
Security vulnerabilities within content management systems (CMS) installed on web servers of organisations are often exploited by adversaries. Once a CMS has been compromised, the web server can be used as infrastructure to facilitate targeted intrusion attempts.
Questions to ask Managed Service Providers
This document provides simple yet practical questions to ask managed service providers regarding the cyber security of their systems and the services they provide.
Introduction to Cross Domain Solutions
This document introduces technical and non-technical audiences to the concept of a Cross Domain Solution (CDS), a type of security capability that is used to connect discrete systems within separate security domains in an assured manner.
Secure Administration
Privileged access allows administrators to perform their duties such as establishing and making changes to key servers, networking devices, user workstations and user accounts. Privileged access or credentials are often seen as the ‘keys to the kingdom’ as they allow the bearers to have access and control over many different assets within a network. This publication provides guidance on how to implement secure administration techniques.
Detecting Socially Engineered Messages
Socially engineered messages present a significant threat to individuals and organisations due to their ability to assist an adversary with compromising accounts, devices, systems or sensitive information. This document offers guidance on identifying socially engineered messages delivered by email, SMS, instant messaging or other direct messaging services offered by social media applications.
End of Support for Microsoft Windows Server 2008 and Windows Server 2008 R2
On 14 January 2020, Microsoft ended support for Microsoft Windows Server 2008 and Windows Server 2008 R2. As such, organisations no longer receive patches for security vulnerabilities identified in these products. Subsequently, adversaries may use these unpatched security vulnerabilities to target Microsoft Windows Server 2008 and Windows Server 2008 R2 servers.
How to Manage Your Security When Engaging a Managed Service Provider
The compromise of several Managed Service Providers’ (MSPs) was reported in 2017. In response, the Australian Cyber Security Center (ACSC) provided organisations with the information they needed to protect themselves and others from this threat.
Essential Eight Maturity Model
The Essential Eight Maturity Model provides advice on how to implement the Essential Eight in a phased approach. It also assists organisations in self-assessing the maturity of their implementation.
Protecting Web Applications and Users
This document provides advice for web developers and security professionals on how they can protect their existing web applications by implementing low cost and effective security controls which do not require changes to a web application’s code. These security controls when applied to new web applications in development, whether in the application’s code or server configuration, form part of the defence-in-depth strategy.
Mergers, Acquisitions and Machinery of Government Changes
This publication provides guidance on strategies that organisations can apply during mergers, acquisitions and Machinery of Government changes.
An Examination of the Redaction Functionality of Adobe Acrobat Pro DC 2017
This document provides guidance on the efficacy of redaction facilities within Adobe Acrobat Pro DC 2017 and is intended for information technology and information security professionals within organisations looking to redact sensitive or personal information from PDF documents before releasing them into the public domain or to other third parties.
End of Support for Microsoft Windows 10
Under Microsoft’s current servicing model, support for Microsoft Windows 10 will end between 18 to 30 months after release depending on the version and edition being used. At such a time, organisations will no longer receive patches for security vulnerabilities identified in these products. Subsequently, adversaries may use these unpatched security vulnerabilities to target workstations running unsupported versions of Microsoft Windows 10.
Using Remote Desktop Clients
Remote access solutions are increasingly being used to access organisations’ systems. One common method of enabling remote access is to use a remote desktop client. This document provides guidance on security risks associated with the use of remote desktop clients.
Implementing Certificates, TLS and HTTPS
Using the TLS and HTTPS configuration guidelines outlined in this document will help strengthen website encryption and authentication.
Mitigating the Use of Stolen Credentials
This document explains the risks posed by the use of stolen credentials and how they can be mitigated.
Hardening Microsoft Office 2013
Workstations are often targeted by adversaries using malicious websites, emails or removable media in an attempt to extract sensitive information. Hardening applications on workstations is an important part of reducing this risk.
Managed Service Providers: How to Manage Risk to Customer Networks
The compromise of several Managed Service Providers (MSPs) was reported in 2017. In response, the Australian Cyber Security Center (ACSC) provided organisations with the information they needed to protect themselves and others from this threat.
How to Combat Fake Emails
Organisations can reduce the likelihood of their domains being used to support fake emails by implementing Sender Policy Framework (SPF) and Domain-based Message Authentication, Reporting and Conformance (DMARC) records in their Domain Name System (DNS) configuration. Using DMARC with DomainKeys Identified Mail (DKIM) to sign emails provides further safety against fake emails.
Implementing Network Segmentation and Segregation
This document intends to assist staff responsible for an organisation’s network architecture and design to increase the security posture of their networks by applying network segmentation and segregation strategies.
Web Conferencing Security
Web conferencing solutions (also commonly referred to as online collaboration tools) often provide audio/video conferencing, real-time chat, desktop sharing and file transfer capabilities. As we increasingly use web conferencing to keep in touch while working from home, it is important to ensure that this is done securely without introducing unnecessary privacy, security and legal risks. This document provides guidance on both how to select a web conferencing solution and how to use it securely.
Securing PowerShell in the Enterprise
This document describes a maturity framework for PowerShell in a way that balances the security and business requirements of organisations. This maturity framework will enable organisations to take incremental steps towards securing PowerShell across their environment.
Cyber Supply Chain Risk Management
All organisations should consider cyber supply chain risk management. If another organisation is involved in the delivery of a product or service to your organisation, there will be a cyber supply chain risk originating from that organisation. Likewise, your organisation will transfer any cyber supply chain risk you hold to your customers. Effective cyber supply chain risk management ensures, as much as possible, the secure supply of products and services for systems throughout their lifetime. For products, this includes their design, manufacture, delivery, maintenance and disposal. As such, cyber supply chain risk management forms a significant component of any organisation’s overall cyber security strategy.
Mitigating Drive-by Downloads
Adversaries are increasingly using drive‐by download techniques to deliver malicious software that compromises computers. This document explains how drive‐by downloads operate and how compromise from these techniques can be mitigated.
Assessing Security Vulnerabilities and Applying Patches
Applying patches to operating systems, applications and devices is critical to ensuring the security of systems. As such, patching forms part of the Essential Eight from the Strategies to Mitigate Cyber Security Incidents.
