You can view all our publications from this page. Use the filters below to filter by audience type, title and summary and the sort options to sort for the most recently updated or published content.
26 Jun 2020
Restricting Administrative Privileges
This publication provides guidance on restricting the use of administrative privileges. Restricting the use of administrative privileges is one of the eight essential mitigation strategies from the Strategies to Mitigate Cyber Security Incidents.
Risk Management of Enterprise Mobility Including Bring Your Own Device
This document has been developed to provide senior business representatives with a list of enterprise mobility considerations. These include business cases, regulatory obligations and legislation, available budget and personnel resources, and risk tolerance. Additionally, risk management controls are provided for cyber security practitioners.
Privileged access allows administrators to perform their duties such as establishing and making changes to key servers, networking devices, user workstations and user accounts. Privileged access or credentials are often seen as the ‘keys to the kingdom’ as they allow the bearers to have access and control over many different assets within a network. This publication provides guidance on how to implement secure administration techniques.
Securing Content Management Systems
Security vulnerabilities within content management systems (CMS) installed on web servers of organisations are often exploited by adversaries. Once a CMS has been compromised, the web server can be used as infrastructure to facilitate targeted intrusion attempts.
Securing PowerShell in the Enterprise
This document describes a maturity framework for PowerShell in a way that balances the security and business requirements of organisations. This maturity framework will enable organisations to take incremental steps towards securing PowerShell across their environment.
Security Configuration Guide - Apple iOS 12 Devices
This publication provides guidance on hardening the security configuration of iOS 12 devices.
Security Configuration Guide - Samsung Galaxy S9 and S9+ Devices
This publication provides guidance on hardening the security configuration of Samsung S9 and S9+ devices.
10 Jul 2020
Security Tips for Personal Devices
There are a lot of things to think about when it comes to the use of personal devices (e.g. smartphones, tablets, computers and laptops). For example, compromises of personal devices and the information they store can have significant productivity, financial and emotional impacts. This document has been written to provide security tips to secure personal devices and protect your information.
Security Tips for Social Media and Social Networking Apps
Social media, and social networking or messaging apps, can pose a number of security and privacy risks to both organisations and individuals when used in an inappropriate or unsafe manner.
09 Oct 2019
Small Business Cyber Security Guide
This guide has been developed to help small businesses protect themselves from the most common cyber security incidents.
Step-by-Step Guide – Turning on Automatic Updates (For iMac & MacBook, and iPhone & iPad)
This step-by-step guide shows you how to turn on automatic updates if you use an iMac, MacBook, iPhone or iPad.
Step-by-Step Guide – Turning on Automatic Updates (For Windows 10)
This step-by-step guide shows you how to turn on automatic updates if you use Microsoft Windows 10.
Step-by-Step Guide – Turning on Two-Factor Authentication – Apple ID
This step-by-step guide shows you how to turn on two-factor authentication (2FA) on your desktop and mobile devices for Apple ID.
Step-by-Step Guide – Turning on Two-Factor Authentication – Facebook
This step-by-step guide shows you how to turn on two-factor authentication (2FA) on your desktop and mobile devices for Facebook.
Step-by-Step Guide – Turning on Two-Factor Authentication – Gmail
This step-by-step guide show you how to turn on two-factor authentication (2FA) on your desktop and mobile devices for Gmail.
11 Oct 2019
Step-by-Step Guide – Turning on Two-Factor Authentication – Twitter
This step-by-step guide shows you how to turn on two-factor authentication (2FA) on your desktop and mobile devices for Twitter.
01 Feb 2017
Strategies to Mitigate Cyber Security Incidents
The Australian Cyber Security Centre (ACSC) has developed prioritised mitigation strategies to help cyber security professionals in all organisations mitigate cyber security incidents caused by various cyber threats. This guidance addresses targeted cyber intrusions (i.e. those executed by advanced persistent threats such as foreign intelligence services), ransomware and external adversaries with destructive intent, malicious insiders, ‘business email compromise’, and industrial control systems.
05 Feb 2017
Strategies to Mitigate Cyber Security Incidents – Mitigation Details
Travelling Overseas with Electronic Devices
This publication provides guidance on strategies that individuals can take to secure the use of electronic devices when travelling overseas.
Using Remote Desktop Clients
Remote access solutions are increasingly being used to access organisations’ systems. One common method of enabling remote access is to use a remote desktop client. This document provides guidance on security risks associated with the use of remote desktop clients.
Using Virtual Private Networks
Virtual Private Network (VPN) connections can be an effective means of providing remote access to a network; however, VPN connections can be abused by an adversary to gain access to a network without relying on malware and covert communication channels. This document identifies security controls that should be considered when implementing VPN connections.
Web Conferencing Security
Web conferencing solutions (also commonly referred to as online collaboration tools) often provide audio/video conferencing, real-time chat, desktop sharing and file transfer capabilities. As we increasingly use web conferencing to keep in touch while working from home, it is important to ensure that this is done securely without introducing unnecessary privacy, security and legal risks. This document provides guidance on both how to select a web conferencing solution and how to use it securely.
What Executives Should Know About Cyber Security
This publication discusses high-level topics that executives should know about cyber security within their organisations.
Windows Event Logging and Forwarding
A common theme identified by the Australian Cyber Security Centre (ACSC) while performing investigations is that organisations have insufficient visibility of activity occurring on their workstations and servers. Good visibility of what is happening in an organisation’s environment is essential for conducting an effective investigation. It also aids incident response efforts by providing critical insights into the events relating to a cyber security incident and reduces the overall cost of responding to them.
Australian Cyber Security Hotline
1300 CYBER1(1300 292 371)