Search

Connecting with others online   

Jul 30, 2024 - It is easier than ever to stay in contact with people online. However, using popular online apps and tools can make you more susceptible to cybercriminals.

Content Credentials: Strengthening Multimedia Integrity in the Generative AI Era   Publication

Jan 30, 2025 - This cybersecurity information sheet discusses how Content Credentials (especially Durable ones) can be valuable to protect the provenance of media, raises awareness of the state of this solution, provides recommended practices to ensure the preservation of provenance, and discusses the importance of widespread adoption across the information ecosystem.

TMUI remote code execution vulnerability - CVE-2020-5902   Alert

Jul 6, 2020 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) advises users of F5’s enterprise and data centre BIG-IP products to ensure their systems are promptly patched after the recent disclosure of new remote code execution vulnerability.

Implementing SIEM and SOAR platforms: Practitioner guidance   Publication

May 27, 2025 - This publication provides high-level guidance for cyber security practitioners on Security Information and Event Management (SIEM) and Security Orchestration, Automation, and Response (SOAR) platforms.

Guidelines for secure AI system development   Publication

Nov 27, 2023 - This document recommends guidelines for providers of any systems that use artificial intelligence (AI), whether those systems have been created from scratch or built on top of tools and services provided by others. This document is aimed primarily at providers of AI systems who are using models hosted by an organisation, or are using external application programming interfaces (APIs).

BADBAZAAR and MOONSHINE: Technical analysis and mitigations   Advisory

Apr 9, 2025 - This guidance has been jointly produced by government agencies from the UK, Australia, Canada, Germany, New Zealand, and the US and is supported by members of the NCSC Cyber League. Its provides new and collated threat intelligence on two spywares known as MOONSHINE and BADBAZAAR with guidance for how App store operators, developers and social media companies can keep their users safe.

Priority logs for SIEM ingestion: Practitioner guidance   Publication

May 27, 2025 - This document is again intended for cyber security practitioners and provides detailed, technical guidance on the logs that should be prioritised for SIEM ingestion. It covers log sources including Endpoint Detection and Response tools, Windows/Linux operating systems, and Cloud and Network Devices.

Guidelines for software development   Advice

Jul 3, 2025 - This chapter of the Information security manual (ISM) provides guidance on software development.

Cybersecurity guidelines  

Jun 13, 2024 - Practical guidance on how an organisation can protect their information technology and operational technology systems, applications and data from cyberthreats.

Guidelines for email   Advice

Jul 3, 2025 - This chapter of the Information security manual (ISM) provides guidance on email.

Guidelines for communications infrastructure   Advice

Jul 3, 2025 - This chapter of the Information security manual (ISM) provides guidance on communications infrastructure.

Guidelines for cybersecurity documentation   Advice

Jul 3, 2025 - This chapter of the Information security manual (ISM) provides guidance on cybersecurity documentation.

Guidelines for physical security   Advice

Jul 3, 2025 - This chapter of the Information security manual (ISM) provides guidance on physical security.

Guidelines for enterprise mobility   Advice

Jul 3, 2025 - This chapter of the Information security manual (ISM) provides guidance on enterprise mobility.

Guidelines for system management   Advice

Jul 3, 2025 - This chapter of the Information security manual (ISM) provides guidance on system management.

Guidelines for system monitoring   Advice

Jul 3, 2025 - This chapter of the Information security manual (ISM) provides guidance on system monitoring.

Guidelines for data transfers   Advice

Jul 3, 2025 - This chapter of the Information security manual (ISM) provides guidance on data transfers.

Guidelines for information technology equipment   Advice

Jul 3, 2025 - This chapter of the Information security manual (ISM) provides guidance on information technology equipment.

Small business cloud security guides  

Apr 2, 2024 - ASD's ACSC has released a series of guides designed to help small businesses secure their cloud environment.

The Commonwealth Cyber Security Posture in 2024   Reports and statistics

Dec 5, 2024 - The Commonwealth Cyber Security Posture in 2024 informs the Australian Parliament on cyber security measures implemented across the Australian Government for the 2023–24 financial year.

Cyber resources for small businesses   News

Feb 11, 2022 - Last December, the Council of Small Business Organisations Australia (COSBOA) co-hosted an Act Now, Stay Secure breakfast at the National Portrait Gallery, along with the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) and the Department of Home Affairs.

Protecting your business and employees  

Apr 11, 2023 - Cybercriminals can attack your business and employees at any time. Follow these resources to find out how to make your business and employees cyber secure.

Small Business Google Chromebook and ChromeOS Security Guide   Guidance

Nov 12, 2024 - This publication was developed by the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) with technical input from Chrome Engineering.

Securing Customer Personal Data for Small to Medium Businesses   News

Nov 17, 2023 - As data breaches increasingly impact Australian businesses and their customers, it’s crucial for businesses to improve their data security practices and ensure their customers’ personal data is handled appropriately.

IRAP training partnership   News

Feb 23, 2021 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) is partnering with organisations in South Australia and the ACT to deliver cyber security assessment training services for Australian business and organisations.

Domain Name System security for domain owners   Publication

Oct 6, 2021 - This publication provides information on DNS security for domain owners. It also shared helpful strategies to reduce the risk of domain misuse.

Cybersecurity incident response planning: Practitioner guidance   Publication

Dec 12, 2024 - ASD defines a cybersecurity incident as an unwanted or unexpected cybersecurity event, or a series of such events, that has either compromised business operations or has a significant probability of compromising business operations.

Update your small business cyber security   News

Jun 12, 2024 - Resources to help protect small businesses from cyber threats.

Using Content Credentials to help mitigate cyber threats associated with generative AI   News

Jan 30, 2025 - With advanced AI tools, digital media can be created or modified convincingly with minimal effort and cost. Learn more about media provenance solutions to help end users verify the integrity of your organisation’s content.

The Commonwealth Cyber Security Posture in 2023   Reports and statistics

Nov 16, 2023 - The Commonwealth Cyber Security Posture in 2023 informs Parliament on the implementation of cyber security measures across the Australian Government for the 2022–23 financial year. According to the Flipchart of PGPA Act Commonwealth entities and companies, as of 30 June 2023 the Australian Government comprised 100 non-corporate Commonwealth entities (NCEs), 72 corporate Commonwealth entities (CCEs) and 17 Commonwealth companies (CCs); totalling 189 Australian government entities.