Search

Educational pack for seniors   Guidance

Jun 23, 2023 - This educational pack provides engaging content to help seniors learn how to stay cyber secure. Practical steps and topics range from a basic to advanced level.

Preparing for and responding to denial-of-service attacks   Publication

Mar 17, 2025 - Although organisations cannot avoid being targeted by denial-of-service attacks, there are a number of measures that organisations can implement to prepare for and potentially reduce the impact if targeted. Preparing for denial-of-service attacks before they occur is by far the best strategy, it is very difficult to respond once they begin and efforts at this stage are unlikely to be effective.

Cyber supply chain risk management   Publication

May 22, 2023 - All organisations should consider cyber supply chain risk management. If a supplier, manufacturer, distributor or retailer (i.e. businesses that constitute a cyber supply chain) are involved in products or services used by an organisation, there will be a cyber supply chain risk originating from those businesses. Likewise, an organisation will transfer any cyber supply chain risk they hold to their customers.

Secure your user account   Guidance

Jan 24, 2024 - A user account is the account you use to sign in on your computer at home, school or work. Cybercriminals will target unsecure accounts and take advantage of poor security habits within the home and businesses. Their goal is to get access to your computer and steal your information. There are many ways to improve your account security, keep your accounts safe and avoid being the victim of a cyberattack.

Guidelines for networking   Advice

Mar 18, 2025 - This chapter of the Information security manual (ISM) provides guidance on networking.

Small business cybersecurity  

Jul 18, 2023 - How to protect your small business from common cyberthreats.

Account compromise   Threat

Nov 10, 2023 - Account compromise is when criminals get unauthorised access to your email, banking, or other accounts.

Network hardening  

Apr 11, 2023 - This page lists publications on the hardening of network infrastructure.

Cyber supply chains  

Dec 3, 2020 - This page lists publications on cyber supply chain risk management.

Artificial intelligence  

Apr 12, 2024 - This page lists publications on the governance and use of artificial intelligence.

Iranian cyber actors’ brute force and credential access activity compromises critical infrastructure   Advisory

Oct 17, 2024 - The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the National Security Agency (NSA) are releasing this joint Cybersecurity Advisory to warn network defenders on Iranian cyber actors’ compromising, frequently using brute force attacks, organizations across multiple critical infrastructure sectors, including the healthcare and public health (HPH), government, information technology, engineering, and energy sectors. The actors likely aim to obtain credentials and information describing the victim’s network that can then be sold to enable access to cybercriminals.

Hardening Microsoft 365, Office 2021, Office 2019 and Office 2016   Publication

Jul 24, 2023 - Workstations are often targeted by malicious actors using malicious websites, emails or removable media in an attempt to extract sensitive information. Hardening applications on workstations is an important part of reducing this risk.

Summary of Tactics, Techniques and Procedures Used to Target Australian Networks   Advisory

May 20, 2020 - This advisory provides information on methods to detect many of the TTPs listed. Partners are strongly encouraged to review their environments for the presence of the exploited vulnerabilities and provided TTPs.

Exercise in a Box  

Nov 17, 2022 - This service provides an all-in-one platform that organisations can use to assess and improve their cybersecurity practices, in a controlled environment, and as many times as they want.

Principles of operational technology cybersecurity   Publication

Oct 2, 2024 - Critical infrastructure organisations provide vital services, including supplying clean water, energy, and transportation, to the public. These organisations rely on operational technology (OT) to control and manage the physical equipment and processes that provide these critical services. As such, the continuity of vital services relies on critical infrastructure organisations ensuring the cybersecurity and safety of their OT.

Small Business Google Chromebook and ChromeOS Security Guide   Guidance

Nov 12, 2024 - This publication was developed by the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) with technical input from Chrome Engineering.

Industrial control systems: Remote access protocol   Publication

Oct 6, 2021 - External parties may need to connect remotely to critical infrastructure control networks. This access is to allow the manufacturers of equipment used in Australia’s critical infrastructure the ability to maintain the equipment, when a fault is experienced that cannot be fixed in the required timeframe any other method.

Mergers, acquisitions and Machinery of Government changes   Publication

Jun 10, 2022 - This publication provides guidance on strategies that organisations can apply during mergers, acquisitions and Machinery of Government changes.

Implementing network segmentation and segregation   Publication

Oct 6, 2021 - Learn about practical strategies to make it harder for malicious actors to access sensitive data. This guidance is for those responsible for an organisation’s network architecture and design.

Defending against the malicious use of the Tor network   Publication

Oct 6, 2021 - The Tor network is a system that conceals a user’s IP address. It allows anonymous – and often malicious – communication. This guidance shares advice on how to detect and prevent traffic from the Tor network.

News  

Nov 3, 2022 - Find the latest in cyber security news

Small business cloud security guides  

Apr 2, 2024 - ASD's ACSC has released a series of guides designed to help small businesses secure their cloud environment.

IoT Secure by Design guidance for manufacturers   Publication

Sep 21, 2023 - This guidance has been produced for manufacturers in order to help them implement thirteen Secure by Design principles.

Ransomware   Threat

Read through the following case studies and learn from other Australians about how ransomware has affected them.

Publications  

Nov 3, 2022 - Find the latest cybersecurity publications.

Critical vulnerabilities in Ivanti Connect Secure (ICS) and Ivanti Policy Secure (IPS)   Alert

Feb 1, 2024 - The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) is aware of critical vulnerabilities affecting Ivanti Connect Secure (ICS), formerly known as Pulse Connect Secure, and Ivanti Policy Secure (IPS) gateways. The vulnerabilities affect all supported versions and configurations of the products. Customers should apply the mitigations made available by Ivanti and implement patches as they become available.

Hunting Russian Intelligence “Snake” Malware   Advisory

May 10, 2023 - This Cybersecurity Advisory (CSA) provides background on Snake’s attribution to the FSB and detailed technical descriptions of the implant’s host architecture and network communications.

Guidelines for system management   Advice

Mar 18, 2025 - This chapter of the Information security manual (ISM) provides guidance on system management.

Essential Eight maturity model FAQ   Publication

Oct 28, 2024 - This publication provides answers to frequency asked questions on how to implement the Essential Eight.

Guidelines for gateways   Advice

Mar 18, 2025 - This chapter of the Information security manual (ISM) provides guidance on gateways.