Search

Business Continuity in a Box   Guidance

Aug 21, 2024 - Business Continuity in a Box assists organisations to swiftly and securely stand up critical business functions during or following a cybersecurity incident that has affected the availability or trust of existing systems.

2021-010: ASD's ACSC Ransomware Profile - Conti   Advisory

Mar 4, 2022 - Conti is a ransomware variant first observed in early 2020, used by cybercriminals to conduct ransomware attacks against multiple sectors and organisations worldwide, including Australia. Conti is offered as a Ransomware-as-a-Service (RaaS), enabling affiliates to utilise it as desired, provided that a percentage of the ransom payment is shared with the Conti operators as commission. This product provides information related to Conti’s background, threat activity, and mitigation advice.

The Silent Heist: Cybercriminals use information stealer malware to compromise corporate networks   News

Sep 2, 2024 - New advisory released on information stealer malware used in cybercrime attacks.

Security configuration guide: Apple iOS 14 devices   Publication

Oct 6, 2021 - ASD has developed this guide to assist Australians to understand risks when deploying iOS 14 devices and the security requirements that need to be met to allow them to handle classified data.

Australian organisations encouraged to urgently adopt an enhanced cyber security posture   Alert

Mar 28, 2022 - Australian organisations are encouraged to urgently adopt an enhanced cyber security posture. Organisations should act now and follow ACSC’s advice to improve their cyber security resilience in light of the heightened threat environment.

New guidance for critical infrastructure on integrating AI securely into operational technology (OT) environments   News

Dec 4, 2025 - We have released guidance for critical infrastructure owners and operators for integrating AI into operational technology (OT) environments.

Ten things to know about data security   Publication

May 16, 2024 - This publication has been developed to assist business owners and information technology managers, particularly those unfamiliar with cybersecurity, with ten things they should know about data security.

Cloud shared responsibility model: Executive guidance   Publication

Oct 20, 2025 - This publication is for executives with cyber security responsibilities in government entities, critical infrastructure and large organisations that use or plan to use a cloud service. This guidance aims to strengthen your understanding of the shared responsibility model (SRM), and potential impacts to your cyber security posture and your governance obligations.

For business and government  

Resources for business and government on cyber security.

Cloud shared responsibility model: Guidance for individuals and small and medium businesses    Publication

Oct 20, 2025 - This publication is for individuals and small and medium businesses that use or plan to use a cloud service. It explains what the shared responsibility model (SRM) is, and how responsibility for cloud security is shared between you and the cloud service provider (CSP).

Advisory 2020-009: Recommendations to mitigate APT actors targeting health sector and COVID-19 essential services   Advisory

May 8, 2020 - The ACSC recommends that organisations in the health sector implement the following cyber security mitigations:

Exercise Cyber Arrow    News

Nov 14, 2025 - ASD’s delivers national cyber security exercise for the Energy, Communications, and Financial Services and Markets sectors

Marketing and filtering email service providers   Publication

Oct 6, 2021 - This publication provides high level guidance on how to use email service providers (ESPs) in particular deployment scenarios. The considerations and controls described in that publication also apply to ESPs sending email on other organisations’ behalf.

Guidelines for secure AI system development   Publication

Nov 27, 2023 - This document recommends guidelines for providers of any systems that use artificial intelligence (AI), whether those systems have been created from scratch or built on top of tools and services provided by others. This document is aimed primarily at providers of AI systems who are using models hosted by an organisation, or are using external application programming interfaces (APIs).

Quantum technology primer: Overview   Publication

Dec 15, 2025 - Learn about quantum technologies, the principles that enable their unique capabilities, and how organisations can prepare.

2021-006: ASD's ACSC Ransomware Profile - Lockbit 2.0   Advisory

Aug 5, 2021 - The LockBit ransomware restricts access to corporate files and systems by encrypting them into a locked and unusable format. Victims receive instructions on how to engage with the offenders after encryption. LockBit affiliates have successfully deployed ransomware on corporate systems in a variety of countries and sectors, including Australia, where the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) is aware of numerous incidents since 2020. LockBit affiliates are known to implement the ‘double extortion’ technique by uploading stolen and sensitive victim information to their dark web site ‘LockBit 2.0’, and threatening to sell and/or release this information if their ransom demands are not met.

Deploying AI systems securely   Publication

Apr 16, 2024 - AI security is a rapidly evolving area of research. As agencies, industry, and academia discover potential weaknesses in AI technology and techniques to exploit them, organizations will need to update their AI systems to address the changing risks, in addition to applying traditional IT best practices to AI systems.

Safe software deployment: How software manufacturers can ensure reliability for customers   Publication

Oct 25, 2024 - It is critical for all software manufacturers to implement a safe software deployment program supported by verified processes, including robust testing and measurements.

2023-01: ASD's ACSC Ransomware Profile - Royal   Advisory

Jan 24, 2023 - The Australian Signals Directorate's Australian Cyber Security Centre (ASD's ACSC) is aware of a ransomware variant called Royal, which is being used by cybercriminals to conduct ransomware attacks against multiple sectors and organisations worldwide, including Australia. Once gaining access to a victim’s environment, cybercriminals use this ransomware for similar purposes to other variants such as encrypting their data and extorting a ransom to return access to the sensitive files.

Cyber security for charities and not-for-profits   Guidance

Sep 30, 2025 - How to avoid common cyber threats and protect your mission .