Search

Modern defensible architecture   Publication

Feb 10, 2025 - Modern defensible architecture is the first step in Australian Signals Directorate (ASD)’s Australian Cyber Security Centre (ACSC)’s push to ensure that secure architecture and design are being considered and applied by organisations in their cybersecurity and resilience planning.

Small Business Cloud Security Guides: Technical Example - Patch Operating Systems   Publication

Dec 16, 2022 - Patching operating systems is one of the most effective controls an organisation can implement to prevent an adversary from gaining access to their devices and sensitive information. Patches improve the security of operating systems by fixing known vulnerabilities.

ASD's Blueprint for Secure Cloud   Publication

Feb 21, 2024 - The Blueprint provides better practice guidance, configuration guides and templates covering risk management, architecture and standard operating procedures developed as per the controls in ASD’s Information security manual (ISM).

ISM feedback form   Service

Mar 2, 2023 - ISM feedback and enquiries.

IRAP community feedback form  

Mar 1, 2021 - IRAP Community feedback form for the community to comment on a range of topics about the course

Report a vulnerability   Service

Report vulnerabilities that are not publicly known, through the Australian Signals Directorate’s Australian Cyber Security Centre's (ASD’s ACSC) coordinated vulnerability disclosure service.

New domain name changes could leave your business or organisation at risk   Alert

Mar 23, 2022 - The new domain name category, could leave your business or organisation open to fraudulent cyber activity. Register your .au domain name before it becomes available to the general public.

SDBBot targeting health sector   Alert

Nov 12, 2020 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) has observed increased targeting activity against the Australian health sector by actors using the SDBBot Remote Access Tool (RAT).

Netlogon elevation of privilege vulnerability (CVE-2020-1472)   Alert

Sep 22, 2020 - The ACSC is aware of a recently disclosed critical vulnerability in Microsoft Active Directory Domain Controller systems that allows unauthenticated attackers to trivially access administrative credentials.

Active exploitation of vulnerable MobileIron products   Alert

Sep 18, 2020 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) is aware of active exploitation of vulnerabilities in multiple MobileIron products by malicious cyber actors, including sophisticated state-based actors.

Increasing reports of myGov-related SMS and email scams targeting Australians   Alert

Jul 16, 2020 - Be on the lookout for myGov-related SMS and email scams asking you to verify your myGov details.

Processors can be exploited by Meltdown and Spectre vulnerabilities   Alert

Jan 29, 2020 - Security researchers have developed methods involving speculative execution to read kernel memory from user space on a variety of processors from a range of vendors produced in the last decade. These methods have been referred to as Meltdown and Spectre.

Guidelines for enterprise mobility   Advice

Mar 18, 2025 - This chapter of the Information security manual (ISM) provides guidance on enterprise mobility.

IRAP application form   Program page

May 7, 2024 - IRAP application form

How to become an IRAP Assessor   Program page

Aug 15, 2024 - IRAP Assessors are ASD-endorsed ICT professionals from across Australia who have the necessary experience and qualifications in ICT security assessment and risk management, and a detailed knowledge of ASD's Information Security Manual.

New guidance for engaging with artificial intelligence   News

Jan 24, 2024 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) has released a new publication, Engaging with Artificial Intelligence (AI).

Who are ASD's training providers?   Program page

Mar 23, 2021 - ASD endorses ICT training providers to develop and facilitate IRAP New Starter Training.

IRAP Consumer Guide   Program page

Dec 15, 2020 - An IRAP Assessor will assist you by helping you to understand and implement security controls and recommendations to protect your systems and data.

Guidelines for procurement and outsourcing   Advice

Mar 18, 2025 - This chapter of the Information security manual (ISM) provides guidance on procurement and outsourcing activities.

Small Business Cloud Security Guides: Technical Example - Restrict Administrative Privileges   Publication

Dec 16, 2022 - Privileged account credentials are prized by cybercriminals because they provide extensive access to high value assets within a network. Restricting privileged access to only users with a demonstrated business need is essential to protecting your environment.