You can view all our publications from this page. Use the filters below to filter by audience type, title and summary and the sort options to sort for the most recently updated or published content.
26 Jun 2020
Hardening Microsoft Office 365 ProPlus, Office 2019 and Office 2016
Workstations are often targeted by adversaries using malicious websites, emails or removable media in an attempt to extract sensitive information. Hardening applications on workstations is an important part of reducing this risk.
Essential Eight to ISM Mapping
This document provides a mapping between Maturity Level 3 of the Essential Eight Maturity Model and the security controls within the Australian Government Information Security Manual (ISM). This mapping represents the minimum security controls organisations must implement to meet the intent of the Essential Eight.
Implementing Multi-Factor Authentication
Multi-factor authentication is one of the most effective controls an organisation can implement to prevent an adversary from gaining access to a device or network and accessing sensitive information. When implemented correctly, multi-factor authentication can make it significantly more difficult for an adversary to steal legitimate credentials to facilitate further malicious activities on a network. Due to its effectiveness, multi-factor authentication is one of the Essential Eight from the Strategies to Mitigate Cyber Security Incidents.
Mitigating Java-based Intrusions
Java applications are widely deployed by organisations. As such, exploiting security vulnerabilities in the Java platform is particularly attractive to adversaries seeking unauthorised access to organisations’ networks.
Cyber Security for Contractors
This document has been developed to assist contractors with appropriately securing Australian Government information on their systems.
Fundamentals of Cross Domain Solutions
This guidance introduces technical and non-technical audiences to cross domain security principles for securely connecting security domains. It explains the purpose of a Cross Domain Solution (CDS) and promotes a data-centric approach to a CDS system implementation based on architectural principles and risk management. This guidance also covers a broad range of fundamental concepts relating to a CDS, which should be accessible to readers who have some familiarity with the field of cyber security. Organisations with complex information sharing requirements are encouraged to refer to this guidance in the planning, analysis, design and implementation of CDS systems.
Preparing for and Responding to Cyber Security Incidents
The Australian Cyber Security Centre (ACSC) is responsible for monitoring and responding to cyber threats targeting Australian interests. The ACSC can help organisations respond to cyber security incidents. Reporting cyber security incidents ensures that the ACSC can provide timely assistance.
Malicious Email Mitigation Strategies
Socially engineered emails containing malicious attachments and embedded links are routinely used in targeted cyber intrusions against organisations. This document has been developed to provide mitigation strategies for the security risks posed by these malicious emails.
Hardening Microsoft Windows 10 version 1909 Workstations
Workstations are often targeted by an adversary using malicious websites, emails or removable media in an attempt to extract sensitive information. Hardening workstations is an important part of reducing this risk. This document provides recommendations on hardening workstations using Enterprise and Education editions of Microsoft Windows 10 version 1909. Before implementing recommendations in this document, thorough testing should be undertaken to ensure the potential for unintended negative impacts on business processes is reduced as much as possible.
Security Configuration Guide - Samsung Galaxy S9 and S9+ Devices
This publication provides guidance on hardening the security configuration of Samsung S9 and S9+ devices.
Using Virtual Private Networks
Virtual Private Network (VPN) connections can be an effective means of providing remote access to a network; however, VPN connections can be abused by an adversary to gain access to a network without relying on malware and covert communication channels. This document identifies security controls that should be considered when implementing VPN connections.
Restricting Administrative Privileges
This publication provides guidance on restricting the use of administrative privileges. Restricting the use of administrative privileges is one of the eight essential mitigation strategies from the Strategies to Mitigate Cyber Security Incidents.
01 Jul 2020
Quick Wins for your Website
Small business account for over 95% of all businesses in Australia and 72% of them have a website. However, in a world in which websites are increasingly being targeted by cyber criminals, only 36% check for updates every week. For those small businesses with a website, or that are considering one, these three quick wins will help you protect your money, data and reputation.
10 Jul 2020
Security Tips for Personal Devices
There are a lot of things to think about when it comes to the use of personal devices (e.g. smartphones, tablets, computers and laptops). For example, compromises of personal devices and the information they store can have significant productivity, financial and emotional impacts. This document has been written to provide security tips to secure personal devices and protect your information.
27 Jul 2020
Cloud Computing Security for Cloud Service Providers
This document is designed to assist assessors validating the security posture of a cloud service in order to provide organisations with independent assurance of security claims made by Cloud Service Providers (CSPs). This document can also assist CSPs to offer secure cloud services.
Cloud Security Assessment Report Template
The Cloud Security Assessment Report Template is used to assess a cloud service provider (CSP) and its cloud services, improving the consistency of the Cloud Security Assessment Reports.
Cloud Computing Security Considerations
Cloud computing offers potential benefits including cost savings and improved business outcomes for organisations. However, there are a variety of information security risks that need to be carefully considered. Risks will vary depending on the sensitivity of the data to be stored or processed, and how the chosen cloud vendor (also referred to as a cloud service provider) has implemented their specific cloud services.
Cloud Computing Security for Tenants
This document is designed to assist an organisation’s cyber security team, cloud architects and business representatives to jointly perform a risk assessment and use cloud services securely.
Cloud Security Controls Matrix
The Cloud Security Controls Matrix (CSCM) provides additional context to the Australian Government Information Security Manual (ISM) security controls for cloud computing to assist security assessments.
Cloud Assessment and Authorisation – Frequently Asked Questions
This publication provides answers relating to frequently asked questions on the Australian Cyber Security Centre (ACSC)’s new cloud security guidance, future support, government self-assessment and cloud security assessment reports.
Anatomy of a Cloud Assessment and Authorisation
The Anatomy of a Cloud Assessment and Authorisation is co-designed with industry to support the secure adoption of cloud services across government and industry.
10 Sep 2020
ASD Cyber Skills Framework
The ASD Cyber Skills Framework defines the roles, capabilities and skills that are essential to ASD’s cyber missions. The ASD Cyber Skills Framework enables targeted recruitment of cyber specialists, provides a development pathway for current and future cyber staff, and aligns skills, knowledge and attributes with national and international industry standards.
14 Sep 2020
Security Tips for Social Media and Social Networking Apps
Social media, and social networking or messaging apps, can pose a number of security and privacy risks to both organisations and individuals when used in an inappropriate or unsafe manner.
17 Sep 2020
IoT Code of Practice: Guidance for Manufacturers
Internet of Things (IoT) devices need to have effective cyber security provisions to defend against potential threats.
02 Oct 2020
Ransomware in Australia
The Australian Signals Directorate’s (ASD) Australian Cyber Security Centre (ACSC) has observed an increase in the number of ransomware incidents affecting Australian organisations and individuals.
15 Oct 2020
Patching During Change Freezes
This document has been developed to assist organisations in assessing and applying patches during change freezes.
19 Oct 2020
Defending Against the Malicious Use of the Tor Network
Blocking traffic from the Tor network will prevent adversaries from using the Tor network to easily conduct anonymous reconnaissance and exploitation of systems and typically has minimal, if any, impact on legitimate users. This publication provides guidance on the prevention and detection of traffic from the Tor network.
21 Oct 2020
Hardening Linux Workstations and Servers
This document has been developed to assist organisations understand how to harden Linux workstations and servers, including by applying the Essential Eight from the Australian Cyber Security Centre (ACSC)’s Strategies to Mitigate Cyber Security Incidents.
Australian Cyber Security Hotline
1300 CYBER1(1300 292 371)