You can view all our publications from this page. Use the filters below to filter by audience type, title and summary and the sort options to sort for the most recently updated or published content.
14 Sep 2020
Security Tips for Social Media and Social Networking Apps
Social media, and social networking or messaging apps, can pose a number of security and privacy risks to both organisations and individuals when used in an inappropriate or unsafe manner.
26 Jun 2020
Assessing Security Vulnerabilities and Applying Patches
Applying patches to operating systems, applications and devices is critical to ensuring the security of systems. As such, patching forms part of the Essential Eight from the Strategies to Mitigate Cyber Security Incidents.
Mitigating the Use of Stolen Credentials
This document explains the risks posed by the use of stolen credentials and how they can be mitigated.
Detecting Socially Engineered Messages
Socially engineered messages present a significant threat to individuals and organisations due to their ability to assist an adversary with compromising accounts, devices, systems or sensitive information. This document offers guidance on identifying socially engineered messages delivered by email, SMS, instant messaging or other direct messaging services offered by social media applications.
10 Jul 2020
Security Tips for Personal Devices
There are a lot of things to think about when it comes to the use of personal devices (e.g. smartphones, tablets, computers and laptops). For example, compromises of personal devices and the information they store can have significant productivity, financial and emotional impacts. This document has been written to provide security tips to secure personal devices and protect your information.
Bring Your Own Device for Executives
Bring Your Own Device (BYOD) scenarios enable organisations to take advantage of new technologies faster. It also has the potential to reduce hardware costs and improve organisational productivity and flexibility. However, BYOD also introduces new risks to an organisation’s business and the security of its information, which need to be carefully considered before implementation.
Restricting Administrative Privileges
This publication provides guidance on restricting the use of administrative privileges. Restricting the use of administrative privileges is one of the eight essential mitigation strategies from the Strategies to Mitigate Cyber Security Incidents.
Mitigating Java-based Intrusions
Java applications are widely deployed by organisations. As such, exploiting security vulnerabilities in the Java platform is particularly attractive to adversaries seeking unauthorised access to organisations’ networks.
Implementing Network Segmentation and Segregation
This document intends to assist staff responsible for an organisation’s network architecture and design to increase the security posture of their networks by applying network segmentation and segregation strategies.
Protecting Web Applications and Users
This document provides advice for web developers and security professionals on how they can protect their existing web applications by implementing low cost and effective security controls which do not require changes to a web application’s code. These security controls when applied to new web applications in development, whether in the application’s code or server configuration, form part of the defence-in-depth strategy.
Implementing Application Control
Application control is one of the most effective mitigation strategies in ensuring the security of systems. As such, application control forms part of the Essential Eight from the Strategies to Mitigate Cyber Security Incidents. This document provides guidance on what application control is, what application control is not, and how to implement application control.
Risk Management of Enterprise Mobility Including Bring Your Own Device
This document has been developed to provide senior business representatives with a list of enterprise mobility considerations. These include business cases, regulatory obligations and legislation, available budget and personnel resources, and risk tolerance. Additionally, risk management controls are provided for cyber security practitioners.
Preparing for and Responding to Cyber Security Incidents
The Australian Cyber Security Centre (ACSC) is responsible for monitoring and responding to cyber threats targeting Australian interests. The ACSC can help organisations respond to cyber security incidents. Reporting cyber security incidents ensures that the ACSC can provide timely assistance.
Mitigating Drive-by Downloads
Adversaries are increasingly using drive‐by download techniques to deliver malicious software that compromises computers. This document explains how drive‐by downloads operate and how compromise from these techniques can be mitigated.
Using Remote Desktop Clients
Remote access solutions are increasingly being used to access organisations’ systems. One common method of enabling remote access is to use a remote desktop client. This document provides guidance on security risks associated with the use of remote desktop clients.
Privileged access allows administrators to perform their duties such as establishing and making changes to key servers, networking devices, user workstations and user accounts. Privileged access or credentials are often seen as the ‘keys to the kingdom’ as they allow the bearers to have access and control over many different assets within a network. This publication provides guidance on how to implement secure administration techniques.
Preparing for and Responding to Denial-of-Service Attacks
Although organisations cannot avoid being targeted by denial-of-service attacks, there are a number of measures that organisations can implement to prepare for and potentially reduce the impact if targeted. Preparing for denial-of-service attacks before they occur is by far the best strategy, it is very difficult to respond once they begin and efforts at this stage are unlikely to be effective.
Essential Eight Explained
The Strategies to Mitigate Cyber Security Incidents is a prioritised list of mitigation strategies to assist organisations in protecting their systems against a range of adversaries. The mitigation strategies can be customised based on each organisation’s risk profile and the adversaries they are most concerned about.
Using Virtual Private Networks
Virtual Private Network (VPN) connections can be an effective means of providing remote access to a network; however, VPN connections can be abused by an adversary to gain access to a network without relying on malware and covert communication channels. This document identifies security controls that should be considered when implementing VPN connections.
Implementing Multi-Factor Authentication
Multi-factor authentication is one of the most effective controls an organisation can implement to prevent an adversary from gaining access to a device or network and accessing sensitive information. When implemented correctly, multi-factor authentication can make it significantly more difficult for an adversary to steal legitimate credentials to facilitate further malicious activities on a network. Due to its effectiveness, multi-factor authentication is one of the Essential Eight from the Strategies to Mitigate Cyber Security Incidents.
Managed Service Providers: How to Manage Risk to Customer Networks
The compromise of several Managed Service Providers (MSPs) was reported in 2017. In response, the Australian Cyber Security Center (ACSC) provided organisations with the information they needed to protect themselves and others from this threat.
How to Manage Your Security When Engaging a Managed Service Provider
The compromise of several Managed Service Providers’ (MSPs) was reported in 2017. In response, the Australian Cyber Security Centre (ACSC) provided organisations with the information they needed to protect themselves and others from this threat.
Industrial Control Systems Remote Access Protocol
External parties may need to connect remotely to critical infrastructure control networks. This is to allow manufacturers of equipment the ability to maintain the equipment when a fault is experienced that cannot be fixed in the required timeframe. Such access to external parties will only occur in extraordinary circumstances, and will only be given at critical times where access is required to maintain the quality of everyday life in Australia.
01 Feb 2017
Strategies to Mitigate Cyber Security Incidents – Mitigation Details
The Australian Cyber Security Centre (ACSC) has developed prioritised mitigation strategies to help cyber security professionals in all organisations mitigate cyber security incidents caused by various cyber threats. This guidance addresses targeted cyber intrusions (i.e. those executed by advanced persistent threats such as foreign intelligence services), ransomware and external adversaries with destructive intent, malicious insiders, ‘business email compromise’, and industrial control systems.
Strategies to Mitigate Cyber Security Incidents
Fundamentals of Cross Domain Solutions
This guidance introduces technical and non-technical audiences to cross domain security principles for securely connecting security domains. It explains the purpose of a Cross Domain Solution (CDS) and promotes a data-centric approach to a CDS system implementation based on architectural principles and risk management. This guidance also covers a broad range of fundamental concepts relating to a CDS, which should be accessible to readers who have some familiarity with the field of cyber security. Organisations with complex information sharing requirements are encouraged to refer to this guidance in the planning, analysis, design and implementation of CDS systems.
07 Jan 2021
Cyber Supply Chain Risk Management
All organisations should consider cyber supply chain risk management. If a supplier, manufacturer, distributor or retailer (i.e. businesses that constitute a cyber supply chain) are involved in products or services used by an organisation, there will be a cyber supply chain risk originating from those businesses. Likewise, an organisation will transfer any cyber supply chain risk they hold to their customers.
17 Nov 2020
End of Support for Microsoft Windows 10
Under Microsoft’s current servicing model, support for Microsoft Windows 10 will end between 18 to 30 months after release depending on the version and edition being used. At such a time, organisations will no longer receive patches for security vulnerabilities identified in these products. Subsequently, adversaries may use these unpatched security vulnerabilities to target workstations running unsupported versions of Microsoft Windows 10.
Introduction to Cross Domain Solutions
This document introduces technical and non-technical audiences to the concept of a Cross Domain Solution (CDS), a type of security capability that is used to connect discrete systems within separate security domains in an assured manner.
Microsoft Office Macro Security
Microsoft Office applications can execute macros to automate routine tasks. However, macros can contain malicious code resulting in unauthorised access to sensitive information as part of a targeted cyber intrusion. This document has been developed to discuss approaches that can be applied by organisations to secure systems against malicious macros while balancing both their business and security requirements.
Hardening Microsoft Windows 8.1 Workstations
Workstations are often targeted by an adversary using malicious websites, emails or removable media in an attempt to extract sensitive information. Hardening workstations is an important part of reducing this risk. This document provides recommendations on hardening workstations using Enterprise editions of Microsoft Windows 8.1. Before implementing recommendations in this document, thorough testing should be undertaken to ensure the potential for unintended negative impacts on business processes is reduced as much as possible.
Hardening Microsoft Office 365 ProPlus, Office 2019 and Office 2016
Workstations are often targeted by adversaries using malicious websites, emails or removable media in an attempt to extract sensitive information. Hardening applications on workstations is an important part of reducing this risk.
Hardening Microsoft Office 2013
End of Support for Microsoft Windows Server 2008 and Windows Server 2008 R2
On 14 January 2020, Microsoft ended support for Microsoft Windows Server 2008 and Windows Server 2008 R2. As such, organisations no longer receive patches for security vulnerabilities identified in these products. Subsequently, adversaries may use these unpatched security vulnerabilities to target Microsoft Windows Server 2008 and Windows Server 2008 R2 servers.
Hardening Microsoft Windows 10 version 1909 Workstations
Workstations are often targeted by an adversary using malicious websites, emails or removable media in an attempt to extract sensitive information. Hardening workstations is an important part of reducing this risk. This document provides recommendations on hardening workstations using Enterprise and Education editions of Microsoft Windows 10 version 1909. Before implementing recommendations in this document, thorough testing should be undertaken to ensure the potential for unintended negative impacts on business processes is reduced as much as possible.
End of Support for Microsoft Windows 7
On 14 January 2020, Microsoft ended support for Microsoft Windows 7. As such, organisations no longer receive patches for security vulnerabilities identified in this product. Subsequently, adversaries may use these unpatched security vulnerabilities to target Microsoft Windows 7 workstations.
27 Jul 2020
Cloud Computing Security Considerations
Cloud computing offers potential benefits including cost savings and improved business outcomes for organisations. However, there are a variety of information security risks that need to be carefully considered. Risks will vary depending on the sensitivity of the data to be stored or processed, and how the chosen cloud vendor (also referred to as a cloud service provider) has implemented their specific cloud services.
Australian Cyber Security Hotline
1300 CYBER1(1300 292 371)