ASD's cyber security frameworks
Information security manual
The Australian Signals Directorate (ASD) produces the Information security manual (ISM). The purpose of the ISM is to outline a cyber security framework that organisations can apply, using their risk management framework, to protect their systems and data from cyber threats.
Blueprint for Secure Cloud
The Australian Signals Directorate’s (ASD’s) Blueprint for Secure Cloud (the Blueprint) is an online tool to support the design, configuration and deployment of collaborative and secure cloud and hybrid workspaces, with a current focus on Microsoft 365.
Essential Eight
Organisations are recommended to implement eight essential mitigation strategies from the Strategies to mitigate cyber security incidents as a baseline, making it much harder for adversaries to compromise systems.
Gateway security guidance package
This page lists publications on the hardening of gateway services.
Mitigating cyber security incidents
The Australian Signals Directorate (ASD) has developed prioritised mitigation strategies to help cyber security professionals in all organisations mitigate cyber security incidents caused by various cyber threats.
Modern defensible architecture
Modern defensible architecture is the first step in Australian Signals Directorate (ASD)’s Australian Cyber Security Centre (ACSC)’s push to ensure that secure architecture and design are being considered and applied by organisations in their cyber security and resilience planning.
Principles of operational technology cyber security
Critical infrastructure organisations provide vital services, including supplying clean water, energy, and transportation, to the public. These organisations rely on operational technology (OT) to control and manage the physical equipment and processes that provide these critical services.
Artificial intelligence
This page lists publications on the governance and use of artificial intelligence.
Operational technology environments
This page lists publications on critical infrastructure and their supporting operational technology environments.
Planning for post-quantum cryptography
A cryptographically relevant quantum computer (CRQC) will render most contemporary public key cryptography insecure, thus making ubiquitous secure communications based on current public key cryptography technology infeasible.
Secure by Design
Secure by Design is a proactive, security-focused approach to the design, development and deployment of products and services that necessitates a holistic organisational approach to cybersecurity.
Secure design
Assessment and evaluation programs
ASD's ACSC's programs and resources to support the assessment and evaluation of information security and critical infrastructure.
Cloud computing
This page lists publications on securing the use of cloud computing services.
Hardening systems and applications
It is important for all organisations to maintain the cybersecurity of their systems and data.
Remote working and secure mobility
With an increase in remote working, it has never been more important to secure the use of mobile devices.
Legacy IT management
This page lists publications on managing the risks posed by legacy IT.
Securing edge devices
Malicious actors often target internet-facing edge devices to gain unauthorised access to enterprise networks. Learn how to secure edge devices such as routers, firewalls and VPN concentrators.
System administration
This page lists publications on securely administering systems.
Protecting devices and systems
Detecting and responding to threats
Cyber security incident response
This page lists publications on preparing for and responding to cybersecurity incidents.
Detecting and mitigating Active Directory compromises
This publication provides an overview of techniques used to compromise Active Directory, and recommended strategies to mitigate these techniques.
Event logging
This page lists publications on performing effective system monitoring.
Vulnerability planning
Resources to help organisations plan for, and manage, critical vulnerabilities effectively.
Small business hub
How to protect your small business from common cyber threats.
Protecting your staff
An incident response plan can help organisations to respond to cybersecurity incidents while continuing to conduct business operations.
Securing customer personal data
This guide is focused specifically on the protection of customers’ personal data.
Small business cyber security
Protecting business leaders
Cyber security for business leaders
This page lists publications on governance strategies that can be applied to improve cybersecurity within organisations.
Questions for boards to ask about cyber security
The Australian Signals Directorate (ASD) responds to attacks against Australian organisations every day. Understanding and managing cybersecurity risks within your organisation, as with any other business risk, is a key responsibility in protecting your organisation and shareholders.
Security tips for social media and messaging apps
Social media and messaging apps can pose risks to the security and privacy of individuals and organisations. This guidance provides an overview of those risks along with recommendations for business and personal use in order to assist in securing social media accounts as well as social media and messaging apps.