Contact us
Portal login
1300 CYBER1 (1300 292 371)
You can view all our publications from this page. Use the filters below to filter by audience type, title and summary and the sort options to sort for the most recently updated or published content.
06 Oct 2021
Security Configuration Guide – Samsung Galaxy S10, S20 and Note 20 Devices
The ACSC has developed this guide to assist Australian’s to understand the risks when deploying Samsung Galaxy S10 and S20 devices.
Secure Administration
Privileged access allows administrators to perform their duties such as establishing and making changes to key servers, networking devices, user workstations and user accounts. Privileged access or credentials are often seen as the ‘keys to the kingdom’ as they allow the bearers to have access and control over many different assets within a network. This publication provides guidance on how to implement secure administration techniques.
Hardening Microsoft Windows 10 version 21H1 Workstations
Workstations are often targeted by an adversary using malicious websites, emails or removable media in an attempt to extract sensitive information. Hardening workstations is an important part of reducing this risk. This publication provides recommendations on hardening workstations using Enterprise and Education editions of Microsoft Windows 10 version 21H1.
Cloud Computing Security for Tenants
This publication is designed to assist an organisation’s cyber security team, cloud architects and business representatives to jointly perform a risk assessment and use cloud services securely.
Preparing for and Responding to Cyber Security Incidents
The Australian Cyber Security Centre (ACSC) is responsible for monitoring and responding to cyber threats targeting Australian interests. The ACSC can help organisations respond to cyber security incidents. Reporting cyber security incidents ensures that the ACSC can provide timely assistance.
Web Conferencing Security
Web conferencing solutions (also commonly referred to as online collaboration tools) often provide audio/video conferencing, real-time chat, desktop sharing and file transfer capabilities. As we increasingly use web conferencing to keep in touch while working from home, it is important to ensure that this is done securely without introducing unnecessary privacy, security and legal risks. This publication provides guidance on both how to select a web conferencing solution and how to use it securely.
Protecting Web Applications and Users
This publication provides advice for web developers and security professionals on how they can protect their existing web applications by implementing low cost and effective security controls which do not require changes to a web application’s code. These security controls when applied to new web applications in development, whether in the application’s code or server configuration, form part of the defence-in-depth strategy.
Restricting Administrative Privileges
This publication provides guidance on restricting the use of administrative privileges. Restricting the use of administrative privileges is one of the eight essential mitigation strategies from the Strategies to Mitigate Cyber Security Incidents.
Cloud Assessment and Authorisation – Frequently Asked Questions
This publication provides answers relating to frequently asked questions on the Australian Cyber Security Centre (ACSC)’s new cloud security guidance, future support, government self-assessment and cloud security assessment reports.
Detecting Socially Engineered Messages
Socially engineered messages present a significant threat to individuals and organisations due to their ability to assist an adversary with compromising accounts, devices, systems or sensitive information. This publication offers guidance on identifying socially engineered messages delivered by email, SMS, instant messaging or other direct messaging services offered by social media applications.
Security Tips for Social Media and Messaging Apps
Social media and messaging apps can pose a number of security and privacy risks to both organisations and individuals when used in an inappropriate or unsafe manner.
Hardening Linux Workstations and Servers
This publication has been developed to assist organisations understand how to harden Linux workstations and servers, including by applying the Essential Eight from the Australian Cyber Security Centre (ACSC)’s Strategies to Mitigate Cyber Security Incidents.
Questions to ask Managed Service Providers
This publication provides simple yet practical questions to ask managed service providers regarding the cyber security of their systems and the services they provide.
Cyber Security for Contractors
This publication has been developed to assist contractors with appropriately securing Australian Government information on their systems.
End of Support for Microsoft Windows 10
Under Microsoft’s current servicing model, support for Microsoft Windows 10 will end between 18 to 30 months after release depending on the version and edition being used. At such a time, organisations will no longer receive patches for security vulnerabilities identified in these products. Subsequently, adversaries may use these unpatched security vulnerabilities to target workstations running unsupported versions of Microsoft Windows 10.
Essential Eight Maturity Model
The Essential Eight Maturity Model provides advice on how to implement the Essential Eight to mitigate different levels of adversary tradecraft and targeting.
How to Manage Your Security When Engaging a Managed Service Provider
The compromise of several Managed Service Providers’ (MSPs) was reported in 2017. In response, the Australian Cyber Security Centre (ACSC) provided organisations with the information they needed to protect themselves and others from this threat.
Domain Name System Security for Domain Resolvers
This publication provides information on Domain Name System (DNS) security for recursive resolution servers, as well as mitigation strategies to reduce the risk of DNS resolver subversion or compromise. Organisations should implement the mitigation strategies in this publication to improve the security of their DNS infrastructure.
Using Virtual Private Networks
Virtual Private Network (VPN) connections can be an effective means of providing remote access to a network; however, VPN connections can be abused by an adversary to gain access to a network without relying on malware and covert communication channels. This publication identifies security controls that should be considered when implementing VPN connections.
Security Configuration Guide – Viasat Mobile Dynamic Defense
The ACSC has developed this guidance to assist organisations to understand the risks of deploying and provide specific configuration requirements for the Viasat Mobile Dynamic Defense (MDD) system to handle sensitive or classified data.
Malicious Email Mitigation Strategies
Socially engineered emails containing malicious attachments and embedded links are routinely used in targeted cyber intrusions against organisations. This publication has been developed to provide mitigation strategies for the security risks posed by these malicious emails.
Using Remote Desktop Clients
Remote access solutions are increasingly being used to access organisations’ systems. One common method of enabling remote access is to use a remote desktop client. This publication provides guidance on security risks associated with the use of remote desktop clients.
07 Apr 2021
Easy steps to secure your devices and accounts
The Australian Cyber Security Centre (ACSC) has developed an Easy Steps Guide to help Australians reduce their risk of being targeted by cybercriminals.
15 Dec 2020
Cyber Security Research Report
The ACSC commissioned exploratory research to better understand audience awareness of cyber security threats and practices.
02 Oct 2020
Ransomware in Australia
The Australian Signals Directorate’s (ASD) Australian Cyber Security Centre (ACSC) has observed an increase in the number of ransomware incidents affecting Australian organisations and individuals.
10 Sep 2020
ASD Cyber Skills Framework
The ASD Cyber Skills Framework defines the roles, capabilities and skills that are essential to ASD’s cyber missions. The ASD Cyber Skills Framework enables targeted recruitment of cyber specialists, provides a development pathway for current and future cyber staff, and aligns skills, knowledge and attributes with national and international industry standards.
22 May 2020
COVID-19 – Remote access to Operational Technology Environments
This cyber security advice is for critical infrastructure providers who are deploying business continuity plans for Operational Technology Environments (OTE)/Industrial Control Systems (ICS) during the COVID-19 pandemic.
06 Apr 2020
COVID-19 Protecting Your Small Business
This guide has been developed to help small and micro businesses adapt to working during the COVID-19 pandemic. It will help businesses with simple and actionable advice in order to both identify common and emerging cyber threats and develop resilient business practices to protect themselves.
31 Oct 2019
Quick Wins for your End of Support
Every software product has a lifecycle. Knowing key dates in a program’s lifecycle can help you make informed decisions about the products your small business relies on every day. This guide helps small businesses understand what end of support is, why it is important to be prepared and when to update, upgrade or make other changes.
09 Oct 2019
Step-by-Step Guide – Turning on Automatic Updates (For iMac & MacBook, and iPhone & iPad)
This step-by-step guide shows you how to turn on automatic updates if you use an iMac, MacBook, iPhone or iPad.
Step-by-Step Guide – Turning on Automatic Updates (For Windows 10)
This step-by-step guide shows you how to turn on automatic updates if you use Microsoft Windows 10.
01 Jul 2018
Protecting Industrial Control Systems
Industrial control systems are essential to our daily life. They control the water we drink, the electricity we rely on and the transport that moves us all. It is critical that cyber threats to industrial control systems are understood and mitigated appropriately to ensure essential services continue to provide for everyone.
01 Feb 2017
Strategies to Mitigate Cyber Security Incidents – Mitigation Details
The Australian Cyber Security Centre (ACSC) has developed prioritised mitigation strategies to help cyber security professionals in all organisations mitigate cyber security incidents caused by various cyber threats. This guidance addresses targeted cyber intrusions (i.e. those executed by advanced persistent threats such as foreign intelligence services), ransomware and external adversaries with destructive intent, malicious insiders, ‘business email compromise’, and industrial control systems.
Strategies to Mitigate Cyber Security Incidents
