Search

Cybercriminals targeting construction companies to conduct email scams   Alert

Jul 6, 2021 - Cybercriminals are targeting construction companies to conduct business email compromise scams. All parties to construction projects should be vigilant when emailing about invoices and bank details.

Mitigation strategies for edge devices: Practitioner guidance   Publication

Feb 4, 2025 - This publication expands on Mitigation strategies for edge devices: executive guidance. It provides IT practitioners with a list of mitigation strategies for the most common types of edge devices and appliances across enterprise networks and large organisations.

Property-related business email compromise scams rising in Australia   Alert

Aug 30, 2021 - Cybercriminals are targeting the property and real estate sector to conduct business email compromise scams. All parties involved in the buying, selling and leasing of property should be vigilant when communicating via email, particularly during settlement periods.

Consider your cyber hygiene in light of global events   News

Jul 1, 2025 - Around the world, geopolitical tensions remain complex as nations navigate diplomatic, economic, and military challenges. ASD’s ACSC recommends that organisations continue to review their current cyber security posture and maintain sufficient monitoring for cyber threats.

Essential Eight maturity model changes   Publication

Nov 27, 2023 - This publication provides an overview of the changes for the November 2023 release.

Guidelines for software development   Advice

Sep 22, 2025 - This chapter of the Information security manual (ISM) provides guidance on software development.

Security considerations for edge devices   Publication

Feb 5, 2025 - Edge devices are an important part of many enterprise computing systems. They allow connection across various devices that aid in productivity. However, just like with all technology they are not without their vulnerabilities. Edge devices require attention and diligence to keep data safe and secure.

New guidance on detecting and mitigating Active Directory compromises   News

Sep 26, 2024 - Does your organisation use Microsoft’s Active Directory? Read our latest guidance on Active Directory compromises now.

Essential Eight maturity model FAQ   Publication

Oct 28, 2024 - This publication provides answers to frequency asked questions on how to implement the Essential Eight.

Shifting the balance of cybersecurity risk   Publication

Oct 17, 2023 - The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI), the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) and the following international partners provide the recommendations in this guide as a roadmap for technology manufacturers to ensure security of their products.

Essential Eight maturity model   Publication

Nov 27, 2023 - This publication provides advice on how to implement the Essential Eight.

Guidelines for communications systems   Advice

Sep 4, 2025 - This chapter of the Information security manual (ISM) provides guidance on communications systems.

Gateway security guidance package: Gateway technology guides   Publication

Jul 29, 2025 - This guidance is one part of a package of documents that forms the gateway security guidance package. When designing, procuring, operating, maintaining or disposing of a gateway, it is important to consider all the documents from the gateway security guidance package at different stages of governance, design and implementation, and not to consume this guidance in isolation.

Implementing application control   Publication

Nov 27, 2023 - Application control is one of the most effective mitigation strategies in ensuring the security of systems. As such, application control forms part of the Essential Eight from the Strategies to mitigate cybersecurity incidents. This publication provides guidance on what application control is, what application control is not, and how to implement application control.

Essential Eight maturity model and ISM mapping   Publication

Oct 2, 2024 - This publication provides a mapping between the Essential Eight and the controls within the Information security manual (ISM).

Essential Eight assessment process guide   Publication

Oct 2, 2024 - This publication provides advice on how to assess the implementation of the Essential Eight.

Cyber security is essential when preparing for COVID-19   Advisory

Mar 13, 2020 - In light of the COVID-19 pandemic, organisations are developing strategies to protect staff and vulnerable members of our community.

Domain Name System security for domain owners   Publication

Oct 6, 2021 - This publication provides information on DNS security for domain owners. It also shared helpful strategies to reduce the risk of domain misuse.

Information stealer malware   Guidance

Jul 15, 2025 - Information stealer malware is a type of malware designed to steal sensitive data from devices. This can include user credentials, browser data and more.

Identifying and Mitigating Living Off the Land Techniques   Advisory

Feb 8, 2024 - This Guide, authored by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI), and the following agencies (hereafter referred to as the authoring agencies), provides information on common living off the land (LOTL) techniques and common gaps in cyber defense capabilities.

Strategies to mitigate cybersecurity incidents: Mitigation details   Publication

Feb 1, 2017 - The Australian Signals Directorate (ASD) has developed prioritised mitigation strategies to help cybersecurity professionals in all organisations mitigate cybersecurity incidents caused by various cyberthreats. This guidance addresses targeted cyber intrusions (i.e. those executed by advanced persistent threats such as foreign intelligence services), ransomware and external adversaries with destructive intent, malicious insiders, ‘business email compromise’, and industrial control systems.

The Commonwealth Cyber Security Posture in 2022   Reports and statistics

Dec 16, 2022 - The Commonwealth Cyber Security Posture in 2022 (the report) informs Parliament on the implementation of cybersecurity measures across the Commonwealth government, for the period January 2021 to June 2022. As of June 2022, the Commonwealth comprised 97 non-corporate Commonwealth entities (NCCEs), 71 corporate Commonwealth entities (CCEs) and 17 Commonwealth companies (CCs).

Cyber security best practices for smart cities   Publication

Apr 20, 2023 - This guidance is the result of a collaborative effort from the United States Cybersecurity and Infrastructure Security Agency (CISA), the United States National Security Agency (NSA), the United States Federal Bureau of Investigation (FBI), the United Kingdom National Cyber Security Centre (NCSC-UK), the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC), the Canadian Centre for Cyber Security (CCCS), and the New Zealand National Cyber Security Centre (NCSC-NZ).

Domain Name System security for domain resolvers   Publication

Oct 6, 2021 - This publication explores DNS security for recursive resolution servers. It also shares helpful strategies to reduce the risk of DNS resolver subversion or compromise.

Securing PowerShell in the enterprise   Publication

Oct 6, 2021 - This publication describes a maturity framework for PowerShell, balancing the security and business requirements of organisations. This framework enables organisations to take incremental steps towards securing PowerShell across their environment.

Strategies to mitigate cybersecurity incidents   Publication

Feb 1, 2017 - The Australian Signals Directorate (ASD) has developed prioritised mitigation strategies to help organisations mitigate cybersecurity incidents caused by various cyberthreats. This guidance addresses targeted cyber intrusions (i.e. those executed by advanced persistent threats such as foreign intelligence services), ransomware and external adversaries with destructive intent, malicious insiders, ‘business email compromise’, and industrial control systems.

Safer Internet Day 2021   News

Feb 9, 2021 - Safer Internet Day on 9 February 2021 aims to raise awareness of emerging online issues and share strategies everyone can use for staying secure online.

Critical Infrastructure Uplift Program (CI-UP)   Program page

Apr 16, 2024 - The Critical Infrastructure Uplift Program (CI-UP) offers a range of services that assist critical infrastructure (CI) partners to improve their resilience against cyberattacks.

Windows event logging and forwarding   Publication

Oct 6, 2021 - This publication has been developed as a guide to the setup and configuration of Microsoft Windows event logging and forwarding.

Are you ready for Australian domain name changes?   Alert

Aug 8, 2022 - Australians have until 20 September 2022 to seek priority allocation of an .au direct domain name that matches their existing domain name.