You can search for keywords to find pages that can help you e.g. scam
Contact us
Portal login
back to main menu
Learn about who we are and what we do.
Interactive tools and advice to boost your online safety.
Advice and information about how to protect yourself online.
Common online security risks and advice on what you can do to protect yourself.
Respond to cyber threats and take steps to protect yourself from further harm.
Resources for business and government agencies on cyber security.
Displaying search results for Displaying 121 - 140 of 232 results.
Essential Eight explained Publication
Nov 27, 2023 - This publication provides an overview of the Essential Eight.
Cloud computing security for tenants Publication
Jan 18, 2024 - This publication is designed to assist an organisation’s cybersecurity team, cloud architects and business representatives to jointly perform a risk assessment and use cloud services securely.
2022-004: ASD's ACSC Ransomware Profile – ALPHV (aka BlackCat) Advisory
Apr 14, 2022 - ALPHV (aka BlackCat, Noberus) is a ransomware variant first observed in late 2021, used by cybercriminals to conduct ransomware attacks against multiple sectors and organisations worldwide, including Australia.
Gateway security guidance package: Overview Publication
Jul 29, 2025 - This page provides an overview of ASD’s Gateway security guidance package.
Are your organisation’s edge devices secure? News
Feb 5, 2025 - New publication series for executives and IT practitioners on how to secure edge devices.
2023 top routinely exploited vulnerabilities Advisory
Nov 13, 2024 - This advisory provides details, collected and compiled by the authoring agencies, on the Common Vulnerabilities and Exposures (CVEs) routinely and frequently exploited by malicious cyber actors in 2023 and their associated Common Weakness Enumerations (CWEs). Malicious cyber actors exploited more zero-day vulnerabilities to compromise enterprise networks in 2023 compared to 2022, allowing them to conduct operations against high priority targets. The authoring agencies strongly encourage vendors, designers, developers, and end-user organizations to implement the following recommendations, and those found within the Mitigations section of this advisory, to reduce the risk of compromise by malicious cyber actors.
Implementing certificates, TLS, HTTPS and opportunistic TLS Publication
Oct 6, 2021 - Transport Layer Security (TLS) is a widely used encryption protocol which enables parties to communicate securely over the internet. Through the use of certificates and Public Key Infrastructure (PKI), parties can identify each other through a trusted intermediary and establish encrypted tunnels for the secure transfer of information.
Creating and maintaining a definitive view of your operational technology architecture Publication
Oct 28, 2025 - How organisations who deploy or operate operational technology systems should build, maintain and store their systems understanding.
Securing edge devices
Feb 4, 2025 - Malicious actors often target internet-facing edge devices to gain unauthorised access to enterprise networks. Learn how to secure edge devices such as routers, firewalls and VPN concentrators.
Marketing and filtering email service providers Publication
Oct 6, 2021 - This publication provides high level guidance on how to use email service providers (ESPs) in particular deployment scenarios. The considerations and controls described in that publication also apply to ESPs sending email on other organisations’ behalf.
Guidelines for personnel security Advice
Sep 4, 2025 - This chapter of the Information security manual (ISM) provides guidance on personnel security.
Risk management of enterprise mobility (including Bring Your Own Device) Publication
Oct 6, 2021 - This publication has been developed to provide senior business representatives with a list of enterprise mobility considerations. These include business cases, regulatory obligations and legislation, available budget and personnel resources, and risk tolerance. Additionally, risk management controls are provided for cybersecurity practitioners.
Travelling with mobile devices Publication
Mar 26, 2024 - Learn how to keep mobile devices secure when travelling. This guidance provides advice from both an individual and organisational perspective.
Advanced Persistent Threat (APT) actors targeting Australian health sector organisations and COVID-19 essential services Alert
May 8, 2020 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD's ACSC) is aware that Advanced Persistent Threat (APT) actors are actively targeting health sector organisations and medical research facilities.
How to combat fake emails Publication
Oct 6, 2021 - Organisations can reduce the likelihood of their domains being used to support fake emails by implementing Sender Policy Framework (SPF) and Domain-based Message Authentication, Reporting and Conformance (DMARC) records in their Domain Name System (DNS) configuration. Using DMARC with DomainKeys Identified Mail (DKIM) to sign emails provides further safety against fake emails. Likewise, organisations can better protect their users against fake emails by ensuring their email systems use and apply SPF, DKIM and DMARC policies on inbound email.
Antivirus software Guidance
Apr 11, 2023 - The consequences of viruses, spyware and other malicious software can be serious and far reaching. Follow our guidance about using antivirus software.
Remote access to operational technology environments Publication
Mar 28, 2023 - Many critical infrastructure providers are moving to support remote working arrangements. In doing so, modifying cybersecurity defences for operational technology environments (OTE) is not a decision that should be taken lightly.
The case for memory safe roadmaps Publication
Dec 7, 2023 - This guidance provides manufacturers with steps to create memory safe roadmaps and implement changes to eliminate memory safety vulnerabilities from their products.
Malicious email mitigation strategies Publication
Oct 6, 2021 - Socially engineered emails containing malicious attachments and embedded links are routinely used in targeted cyber intrusions against organisations. This publication has been developed to provide mitigation strategies for the security risks posed by these malicious emails.
COVID-19 themed malicious cyber activity Advisory
Mar 27, 2020 - This update is designed to raise awareness of increasing COVID-19 themed malicious cyber activity, and provide practical cyber security advice that organisations and individuals can follow to reduce the risk of being impacted.
