You can search for keywords to find pages that can help you e.g. scam
Contact us
Portal login
back to main menu
Learn about who we are and what we do.
Interactive tools and advice to boost your online safety.
Advice and information about how to protect yourself online.
Common online security risks and advice on what you can do to protect yourself.
Respond to cyber threats and take steps to protect yourself from further harm.
Resources for business and government agencies on cyber security.
Displaying search results for Displaying 91 - 120 of 623 results.
Threat update: COVID-19 malicious cyber activity 27 March 2020 Advisory
Mar 27, 2020 - This update is designed to raise awareness of increasing COVID-19 themed malicious cyber activity, and provide practical cyber security advice that organisations and individuals can follow to reduce the risk of being impacted.
Guidelines for cybersecurity documentation Advice
Mar 18, 2025 - This chapter of the Information security manual (ISM) provides guidance on cybersecurity documentation.
Sextortion email campaign impacting Australians Alert
Apr 16, 2020 - A large number of Australians are being impacted by an email ‘sextortion’ campaign in which the cyber scammers responsible have threatened to release personal and sensitive information to the recipients’ contacts unless the scammer is paid in cash or bitcoin.
Guidelines for system hardening Advice
Mar 18, 2025 - This chapter of the Information security manual (ISM) provides guidance on system hardening.
Risk management of enterprise mobility (including Bring Your Own Device) Publication
Oct 6, 2021 - This publication has been developed to provide senior business representatives with a list of enterprise mobility considerations. These include business cases, regulatory obligations and legislation, available budget and personnel resources, and risk tolerance. Additionally, risk management controls are provided for cybersecurity practitioners.
ASD’s role in cybersecurity: For legal practitioners Guidance
Dec 11, 2024 - During a cybersecurity incident, or suspected cybersecurity incident, our goal is to work with impacted organisations, their legal representation, and any external vendors engaged to investigate an incident on behalf of the organisation.
Log4j: What Boards and Directors Need to Know Advisory
Jan 7, 2022 - Log4j is a software library used as a building block found in a wide variety of Java applications. The Log4j vulnerability – otherwise known as Log4Shell – is trivial to exploit, and represents a significant business continuity risk. This publication outlines what Boards and Directors need to know in order to protect their businesses.
Guidelines for procurement and outsourcing Advice
Mar 18, 2025 - This chapter of the Information security manual (ISM) provides guidance on procurement and outsourcing activities.
Deploying AI Systems Securely Publication
Apr 16, 2024 - AI security is a rapidly evolving area of research. As agencies, industry, and academia discover potential weaknesses in AI technology and techniques to exploit them, organizations will need to update their AI systems to address the changing risks, in addition to applying traditional IT best practices to AI systems.
Threat update: COVID-19 malicious cyber activity 20 April 2020 Advisory
Apr 20, 2020 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) continues to receive reports from individuals, businesses and government departments about a range of different COVID-19 themed scams, online frauds and phishing campaigns. This threat update is about raising awareness of the evolving nature of COVID-19 related malicious cyber activity impacting Australians.
Cyber Incident Management Arrangements for Australian Governments Publication
Sep 18, 2023 - The CIMA provides Australian governments with guidance on how they will collaborate in response to, and reduce the harm associated with, national cyber incidents.
Marketing and filtering email service providers Publication
Oct 6, 2021 - This publication provides high level guidance on how to use email service providers (ESPs) in particular deployment scenarios. The considerations and controls described in that publication also apply to ESPs sending email on other organisations’ behalf.
Iranian cyber actors’ brute force and credential access activity compromises critical infrastructure Advisory
Oct 17, 2024 - The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the National Security Agency (NSA) are releasing this joint Cybersecurity Advisory to warn network defenders on Iranian cyber actors’ compromising, frequently using brute force attacks, organizations across multiple critical infrastructure sectors, including the healthcare and public health (HPH), government, information technology, engineering, and energy sectors. The actors likely aim to obtain credentials and information describing the victim’s network that can then be sold to enable access to cybercriminals.
Cyber Security Awareness Month 2024
Sep 30, 2024 - October is Cyber Security Awareness Month and an annual reminder for all Australians to stay secure online.
Advisory 2020-008: Copy-paste compromises - tactics, techniques and procedures used to target multiple Australian networks Advisory
Sep 16, 2020 - This advisory details the tactics, techniques and procedures (TTPs) identified during the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) investigation of a cyber campaign targeting Australian networks. These TTPs are captured in the frame of tactics and techniques outlined in the MITRE ATT&CK framework.
An introduction to artificial intelligence Publication
Nov 24, 2023 - Artificial intelligence (AI) is an emerging technology that will play an increasingly influential role in the everyday life of Australians.
How to secure your devices
Nov 29, 2024 - Protect your sensitive data and accounts. Learn how to secure your devices such as your computer, mobile phone and Internet of Things devices.
Guidelines for gateways Advice
Mar 18, 2025 - This chapter of the Information security manual (ISM) provides guidance on gateways.
Malicious insiders Threat
Jun 23, 2020 - Malicious insiders can be employees, former employees, contractors or business associates who have legitimate access to your systems and data, but use that access to destroy data, steal data or sabotage your systems. It does not include well-meaning staff who accidentally put your cyber security at risk or spill data.
Guidelines for communications infrastructure Advice
Mar 18, 2025 - This chapter of the Information security manual (ISM) provides guidance on communications infrastructure.
Protect yourself
Jul 30, 2024 - Advice and information about how to protect yourself online.
Limited Use Guidance
Dec 3, 2024 - The limited use obligation for the Australian Signals Directorate (ASD) has been legislated to add additional protections to the information organisations voluntarily provide to ASD, and to the information acquired or prepared by ASD with the consent of an organisation.
Critical vulnerabilities present in certain versions of Apple iOS, macOS and Safari Alert
Sep 14, 2021 - Vulnerabilities have been identified in certain versions of Apple iOS, macOS and Safari which could allow an actor to install malware or perform other actions on a vulnerable device or computer.
Preventing business email compromise Guidance
Apr 11, 2023 - There are many easy steps and actions you can take now to protect your business. Learn about the simple, cost-effective and immediately beneficial protective measures you can implement.
Engaging with artificial intelligence Publication
Jan 24, 2024 - The purpose of this paper is to provide organisations with guidance on how to use artificial intelligence (AI) systems securely. The paper summarises some important threats related to AI systems and includes cybersecurity mitigation strategies to aid organisations in engaging with AI while managing risk. It provides mitigations to assist both organisations that maintain their own AI systems and organisations that use third-party AI systems.
The Commonwealth Cyber Security Posture in 2022 Reports and statistics
Dec 16, 2022 - The Commonwealth Cyber Security Posture in 2022 (the report) informs Parliament on the implementation of cybersecurity measures across the Commonwealth government, for the period January 2021 to June 2022. As of June 2022, the Commonwealth comprised 97 non-corporate Commonwealth entities (NCCEs), 71 corporate Commonwealth entities (CCEs) and 17 Commonwealth companies (CCs).
Cloud assessment and authorisation Publication
Jan 18, 2024 - This publication is co-designed with industry to support the secure adoption of cloud services across government and industry.
Guidelines for system monitoring Advice
Mar 18, 2025 - This chapter of the Information security manual (ISM) provides guidance on system monitoring.
Fast Flux: A national security threat Advisory
Apr 4, 2025 - This advisory is for network defenders and explains how Bulletproof Hosting Providers are using ‘fast flux’ to cycle quickly through bots and DNS records to bypass detection. It highlights the importance of using a reputable Protective DNS (PDNS) provider that detects and blocks fast flux.
Critical vulnerability present in certain versions of Microsoft Excel Alert
Nov 11, 2021 - Microsoft has identified active exploitation of a vulnerability in Microsoft Excel. Affected Australian organisations should apply the available security update as soon as possible.
