Search

Hardening Linux workstations and servers   Publication

Nov 27, 2023 - This publication has been developed to assist organisations in understanding how to harden Linux workstations and servers.

Identifying cyber supply chain risks   Publication

May 22, 2023 - This guidance has been developed to assist organisations in identifying risks associated with their use of suppliers, manufacturers, distributors and retailers (i.e. businesses that constitute their cyber supply chain).

Security tips for social media and messaging apps   Publication

Jul 14, 2022 - This guide covers the risks of using social media and messaging apps and what to look out for. It also covers ways to help keep accounts safe for business and personal use.

Microsoft Releases Security Updates for Microsoft Edge Browser   Alert

Jun 30, 2021 - On June 24 2021, Microsoft released updates for their Edge Browser addressing two vulnerabilities that an attacker could exploit to inject and execute malicious code.

Google Releases Security Updates for Chrome Browser   Alert

Jun 21, 2021 - On June 17 2021, Google released Chrome version 91.0.4472.114 for Windows, Mac, and Linux. The patch notes for this version can be viewed at Chrome Release Note.

Web conferencing security   Publication

Oct 6, 2021 - Web conferencing tools are essential for meeting with colleagues and clients online. This guide provides tips on how to choose a secure web conference provider, and what risks to be aware of.

Revised patch released to disable mitigation against Spectre variant 2   Advisory

Jan 29, 2020 - Intel has confirmed that the microcode updates designed to mitigate Spectre variant 2 (CVE-2017-5715: Branch Target Injection) have introduced an increased risk of system instability, data loss and corruption.

New guidance on detecting and mitigating Active Directory compromises   News

Sep 26, 2024 - Does your organisation use Microsoft’s Active Directory? Read our latest guidance on Active Directory compromises now.

Antivirus software   Guidance

Apr 11, 2023 - The consequences of viruses, spyware and other malicious software can be serious and far reaching. Follow our guidance about using antivirus software.

Ten things to know about data security   Publication

May 16, 2024 - This publication has been developed to assist business owners and information technology managers, particularly those unfamiliar with cybersecurity, with ten things they should know about data security.

Protecting against business email compromise   Publication

Oct 6, 2021 - Business email compromise is when malicious actors use email to abuse trust in business processes to scam organisations out of money or goods. Malicious actors can impersonate business representatives using similar names, domains or fraudulent logos as a legitimate organisation or by using compromised email accounts and pretending to be a trusted co-worker.

Information Security Registered Assessor Program (IRAP)   News

Dec 15, 2022 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) is further enhancing cyber security assessment and training, improving cyber skills, and creating new cyber careers for Australians through the Information Security Registered Assessor Program (IRAP).

Using remote desktop clients   Publication

Oct 6, 2021 - Remote access solutions are increasingly being used to access organisations’ systems and data. One common method of enabling remote access is to use a remote desktop client. This publication provides guidance on security risks associated with the use of remote desktop clients.

Back to school with cyber secure devices   News

Feb 4, 2022 - As children return to school, Australian parents are urged to make devices like mobile phones and laptop computers more cyber secure and to teach their children about cyber security, with 2022 set to be another year of hybrid learning for most families.

Secure administration   Publication

Oct 6, 2021 - Privileged access allows administrators to perform their duties, and is often seen as the ‘keys to the kingdom’. This publication provides guidance on how to implement secure administration techniques as part of the management of privileged access.

Managing the risks of legacy IT: Practitioner guidance   Publication

Jun 12, 2024 - This publication provides guidance for practitioners on managing the risks posed by legacy IT and outlines low-cost mitigations that organisations can draw upon.

Implementing application control   Publication

Nov 27, 2023 - Application control is one of the most effective mitigation strategies in ensuring the security of systems. As such, application control forms part of the Essential Eight from the Strategies to mitigate cybersecurity incidents. This publication provides guidance on what application control is, what application control is not, and how to implement application control.

Vulnerability disclosure programs explained   Publication

Dec 12, 2024 - A vulnerability disclosure program (VDP) is a collection of processes and procedures designed to identify, verify, resolve and report on vulnerabilities disclosed by people who may be internal or external to organisations. The importance of developing, implementing and maintaining a well thought-out VDP cannot be underestimated. It is an integral part of professional organisations’ business operations.

Secure your Wi-Fi and router   Guidance

Oct 29, 2024 - How to make your software, devices and networks harder to access and more resilient to attack.

Cloud computing security for tenants   Publication

Jan 18, 2024 - This publication is designed to assist an organisation’s cyber security team, cloud architects and business representatives to jointly perform a risk assessment and use cloud services securely.