Jump to content

Cyber Security

26 files

  1. State of Cybersecurity 2020

    More than ever, companies are accepting that digital business is the way of the future.
    Regardless of the industry, offering or customer base, digital tactics are needed to survive in a
    dynamic and unpredictable environment. With this in mind, cybersecurity moves from a piece of
    IT operations into an overarching business concern. From formal policies to specialized teams,
    organizations are adopting the practices that will secure their new digital efforts, ultimately
    moving towards a new framework that defines a modern mindset. This report examines the
    state of cybersecurity as the world fully embraces digital transformation.

    3 downloads

       (0 reviews)

    0 comments

    Submitted

  2. Vendor Assessment Cheat Sheet

    Vendor Assessment Cheat Sheet

    7 downloads

       (0 reviews)

    0 comments

    Submitted

  3. Australian Government Information Security Manual: October 2020 Changes

    Using the Australian Government Information Security Manual Guidelines for Cyber Security Roles Guidelines for Cyber Security Incidents Guidelines for System Hardening

    2 downloads

       (0 reviews)

    0 comments

    Submitted

  4. Australian Government Information Security Manual: November 2020 Changes

    Guidelines for Cyber Security Incidents Guidelines for Enterprise Mobility Guidelines for System Hardening Guidelines for System Management Guidelines for Networking  

    1 download

       (0 reviews)

    0 comments

    Submitted

  5. Australian Government Information Security Manual: February 2021 Changes

    Guidelines for Outsourcing
    Information technology and cloud services

    Further information
    The content was modified to include a reference to the ACSC’s new Identifying Cyber Supply Chain Risks publication.
    Further information on cyber supply chain risk management can be found in the ACSC’s Cyber Supply Chain Risk Management publication at https://www.cyber.gov.au/acsc/view-all-content/publications/cyber-supply-chain-risk-management and the Identifying Cyber Supply Chain Risks publication at https://www.cyber.gov.au/acsc/view-all-content/publications/identifying-cyber-supply-chain-risks.

    Guidelines for Networking
    Network design and configuration

    Further information
    The content was modified to include a reference to the ACSC’s two new publications on Domain Name Systems.
    Further information on Domain Name Systems can be found in the ACSC’s Domain Name System Security for Domain Owners publication at https://www.cyber.gov.au/acsc/view-all-content/publications/domain-name-system-security-domain-owners and the Domain Name System Security for Domain Resolvers publication at https://www.cyber.gov.au/acsc/view-all-content/publications/domain-name-system-security-domain-resolvers.

    Please note: There is no requirement for organisations to be compliant with every monthly update to the Australian Government Information Security Manual (ISM). Instead, organisations are encouraged to review the security risks for their systems (using the latest version of the ISM available at the time) based on a frequency suitable for their business requirements and in accordance with their corporate risk management framework. Further information on applying the ISM can be found in the Using the Australian Government Information Security Manual chapter.

    1 download

       (0 reviews)

    0 comments

    Submitted

  6. Australian Government Information Security Manual: April 2021 Changes

    Applying monthly ISM updates

    Please note: There is no requirement for organisations to immediately implement monthly updates to the Australian Government Information Security Manual (ISM). Instead, organisations are encouraged to review the security risks for their systems (using the latest version of the ISM available at the time) based on a frequency suitable for their business requirements and in accordance with their corporate risk management framework. For example, every month, every three months (quarterly), every six months (semi-annually) or every year (annually).

    3 downloads

       (0 reviews)

    0 comments

    Submitted

  7. Creating a Cyber Ready Culture in Your Remote Workforce: FIVE TIPS

    In response to the COVID-19 pandemic, many small and mid-sized enterprises (SMEs)
    around the world have closed their offices and told people to work from home.

    Many organizations and their employees were not prepared for this sudden shift to
    remote work, nor are they prepared for the possibility that remote work will become
    far more common in the future.

    4 downloads

       (0 reviews)

    0 comments

    Submitted

  8. Categorizing Data Breach Severity with a Breach Level Index

    Data breaches have become a common occurrence, and the reality of the problem is much worse than current perceptions, because the general population is only aware of publicly disclosed breaches. It is not aware of the multitudes of breaches that either are not under any disclosure mandate, or breaches that have not yet been detected. The latter category is a very large number, since most research shows that it can take months or even years before an organization detects a breach.

    4 downloads

       (0 reviews)

    0 comments

    Submitted

  9. Australian Emanation Security Program (ESP)

    Australian Communications-Electronic Security Instruction, ACSI-77 (B) is an Unclassified, Non-Registered publication issued under the authority of the Director, Defence Signals Directorate (DSD). It is effective from the date of issue.

    The Australian Emanation Security Program sets out the requirements for government and industry agencies to be formally recognised by the National Authority, DSD as attaining the necessary qualifications to conduct Emanation Security (EMSEC) practices to National TEMPEST Standards.

    2 downloads

       (0 reviews)

    0 comments

    Submitted

  10. Data Protection Basics for Remote Workers

    In response to COVID-19, there was a rapid shift to remote work. Now, as the pandemic enters a new
    phase, we are seeing another shift to a hybrid work environment, in which some employees will be
    working from home, some from the office, and some from both home and office. This new reality will
    likely last through the year, at least, raising new challenges in protecting data.

    Protecting your organization’s data is important to the security and sustainability of your organization and you,
    as an employee, play a critical role in this protection. If each person is conscientious, the organization can build
    a culture of cyber readiness that spans from the home to the of fice.

    For many remote workers, the data you will be accessing are documents (word processing, spreadsheets,
    or presentations), files (accounting), or databases (customer ma nagement or order tracking). Your company’s most
    critical asset is data and strong cybersecurity protects your data. To adhere to basic rules for data protection,
    you will likely need to change certain aspects of your behavior.

    To start, always be aware of what device (e.g. phone, laptop) you are using (company or personal), how you connect
    to the Internet (e.g. home WiFi, café, library) and your company’s network (e.g. do you use a VPN or not),
    and how you access, work on, transfer, and store data (e.g. email, apps, etc.).

    2 downloads

       (0 reviews)

    0 comments

    Submitted

  11. Ransomware Playbook

    How to prepare for, respond to, and recover from a ransomware attack
    To Pay or Not to Pay? This question is often the first one many organizations consider
    after they are hit with a ransomware attack.

    Unfortunately, the choice is not simple. Many organizations simply don’t know how to
    protect against ransomware. This guide is intended to provide a roadmap for organizations
    (e.g., small and medium-sized businesses, state and local governments) to secure
    themselves against this growing threat.

    6 downloads

       (0 reviews)

    0 comments

    Submitted

  12. Making Your Remote Workforce Cyber Ready

    Although technology enables people to work remotely, it also opens the door to new cybersecurity and data
    protection risks.

    Now more than ever, every organization needs to have a designated Cyber Readiness Leader – someone who
    will guide your workforce. To learn more about our free Cyber Readiness Program and the role of the Cyber
    Leader, please check out our website (www.cyberreadinessinstitute.org).

    3 downloads

       (0 reviews)

    0 comments

    Submitted

  13. Keeping Educators and Students Safe

    Our nation’s educators and students are in uncharted territory as remote learning becomes the norm for school
    systems across the country. Remote learning brings tremendous opportunities that we could not have imagined
    30-40 years ago.

    For teachers, it means that their mission can continue. For students (and parents), it means the classroom has
    no boundaries and an adjusted sense of normalcy can exist in these uncertain times.
    We are fortunate that today’s advanced technologies will enable teachers and students to continue to work
    together. It also means we need to take precautions to ensure that we are all protected.

    There are some easy steps that teachers can take to protect their online safety and security and that
    of their students.

    2 downloads

       (0 reviews)

    0 comments

    Submitted

  14. Top Three Dos & Don’ts for Remote Workers

    Cyber criminals are using the COVID-19 pandemic to take advantage of remote workers by
    stealing their personal and professional information. To protect yourself in this growing threat
    environment and new security reality, outlined below are simple dos and don’ts to be more cyber ready.

    Since the start of the pandemic, everybody has learned to take three simple actions to stay healthy.
    Wash your hands for 20 seconds. Don’t touch your face. Stay six feet apart. Sure, it took some behavioral
    change, but you’re probably used to it after a few weeks. You need to take the same “can-do” attitude
    in changing simple behaviors regarding how you use your computer, tablet and smartphone.

    Cybersecurity takes a collaborative community effort, similar to what is required to fight the coronavirus.
    So, please share this guide with your co-workers, family and friends.
     

    2 downloads

       (0 reviews)

    0 comments

    Submitted

  15. Australian Government Information Security Manual

    Guidelines for communications infrastructure

    2 downloads

       (0 reviews)

    0 comments

    Submitted

  16. OAIC Notifiable Data Breaches Report July to December 2020

    About this report
    The Office of the Australian Information Commissioner (OAIC) periodically publishes statistical information about notifications received under the Notifiable Data Breaches (NDB) scheme to assist entities and the public to understand the operation of the scheme. This report captures notifications made under the NDB scheme for the period from 1 July to 31 December 2020.

    Where data breaches affect multiple entities, the OAIC may receive multiple notifications relating to the same breach. Notifications relating to the same incident are counted as a single notification in this report.

    The source of any given breach is based on information provided by the reporting entity. Where more than one source has been identified or is possible, the dominant or most likely source has been selected. Source of breach categories are defined in the glossary at the end of this report.

    As with previous reports, notifications made under the My Health Records Act 2012 are not included as they are subject to specific notification requirements set out in that Act.

    NDB scheme statistics in this report are current as of 8 January 2021. However, a number of notifications included in these statistics are still under assessment and their status and categorisation are subject to change. This may affect statistics for the period July to December 2020 that are published in future reports. Similarly, there may have been adjustments to statistics in previous NDB reports because of changes to the status or categorisation of individual notifications after publication. As a result, references to statistics from before July 2020 in this report may differ from references in earlier published reports.

    2 downloads

       (0 reviews)

    0 comments

    Submitted

  17. Adopting Encrypted DNS in Enterprise Environments

    Executive summary
    Use of the Internet relies on translating domain names (like “nsa.gov”) to Internet Protocol addresses. This is the job of the Domain Name System (DNS). In the past, DNS lookups were generally unencrypted, since they have to be handled by the network to direct traffic to the right locations. DNS over Hypertext Transfer Protocol over Transport Layer Security (HTTPS), often referred to as DNS over HTTPS (DoH), encrypts DNS requests by using HTTPS to provide privacy, integrity, and “last mile” source authentication with a client’s DNS resolver. It is useful to prevent eavesdropping and manipulation of DNS traffic. While DoH can help protect the privacy of DNS requests and the integrity of responses, enterprises that use DoH will lose some of the control needed to govern DNS usage within their networks unless they allow only their chosen DoH resolver to be used. Enterprise DNS controls can prevent numerous threat techniques used by cyber threat actors for initial access, command and control, and exfiltration.

    Using DoH with external resolvers can be good for home or mobile users and networks that do not use DNS security controls. For enterprise networks, however, NSA recommends using only designated enterprise DNS resolvers in order to properly leverage essential enterprise cybersecurity defenses, facilitate access to local network resources, and protect internal network information. The enterprise DNS resolver may be either an enterprise-operated DNS server or an externally hosted service. Either way, the enterprise resolver should support encrypted DNS requests, such as DoH, for local privacy and integrity protections, but all other encrypted DNS resolvers should be disabled and blocked. However, if the enterprise DNS resolver does not support DoH, the enterprise DNS resolver should still be used and all encrypted DNS should be disabled and blocked until encrypted DNS capabilities can be fully integrated into the enterprise DNS infrastructure.

    This guidance explains the purpose behind the DoH design and the importance of configuring enterprise networks appropriately to add benefits to, but not hinder, their DNS security controls. The following recommendations will assist enterprise network owners and administrators to balance DNS privacy and governance.

    1 download

       (0 reviews)

    0 comments

    Submitted

  18. PRIVACY AND DATA PROTECTION CHECKLIST

    LexisNexis® Regulatory Compliance
    LexisNexis Regulatory Compliance is a legal obligations register and alerting solution that combines regulatory content with technology to
    empower you to take control of your compliance obligations.

    6 downloads

       (0 reviews)

    0 comments

    Submitted

  19. Locked Out: Tackling Australia’s ransomware threat

    As our world becomes more interconnected, the threats related to cyber security continue to increase.
    This was recognised by the Australian Government through the development and launch, in conjunction
    with its Industry Advisory Panel, of Australia’s Cyber Security Strategy 2020 last year.

    Significant initiatives since then have included the consultation and subsequent introduction into
    Parliament of legislation to boost the cyber defences of Australia’s critical infrastructure and systems of national
    significance.

    The Strategy’s initiatives have preempted the malicious cyber activity that continued to grow pre COVID and
    has accelerated as COVID related restrictions forced many to work and study from home and more activities
    have become virtual.

    Against this background ransomware has become one of the most immediate, highest impact cyber threats to
    Australia.

    3 downloads

       (0 reviews)

    0 comments

    Submitted

  20. CompTIA IT Security Community Data Breach Response Planning Guide

    INTRODUCTION
    The same things that make you valuable to your client as a managed service provider make you a target
    for a security breach. Your expertise in storing, accessing and maintaining sensitive information draws the
    attention of cybercriminals. Your connections to multiple platforms, vendors and clients are enticing for
    bad actors looking for one-stop shops for their own black market supplies: credit card information, social
    security numbers, personal information, internal contacts and other sensitive information.

    Unfortunately, far too many managed service providers have found themselves to be not only enticing
    victims, but also fruitful targets. Be it a lack of preparedness, human error or technical insufficiencies,
    information technology companies have struggled to meet the data security challenges we now face.

    CompTIA’s IT Security Community has created this tool to help guide you as you prepare a data breach
    response plan. The tips you’ll find here range from the big picture (preplanning and testing) to the details
    (keeping related notes of an incident separate from day-to-day business), but are all designed to take
    fear of the unknown out of the equation. Even if you already have robust data security policies and a
    clearly defined data breach response plan, you may find a new idea or recommendation to further
    improve your posture. By sharing this planning guide with team members, you reinforce the idea that
    data security is not a passive, one-and-done activity. It’s every day. It’s a mindset. It must become
    embedded into your culture.

    Luckily, there are some proven methods of training, planning and activating the proper support teams
    that will help you prevent what you can and respond appropriately to limit the impact of a security
    breach. This guide follows the structure of the National Institute of Standards and Technology’s (NIST)
    Cybersecurity Framework (CSF) and highlights where in the CSF you can find more information. Please
    note that the NIST CSF is a framework, not a standard. The recommendations and concepts within the
    framework can be applied globally to any compliance standard or alternate security framework with
    which you may already be familiar. Of course, your plan should cover more than is shared here. Use this
    planning guide to get you started, highlight areas you may have missed and help you through them.

    3 downloads

       (0 reviews)

    0 comments

    Submitted

  21. Center for Internet Security - Controls Version 8

    The CIS Controls® started as a simple grassroots activity to identify the most common
    and important real-world cyber-attacks that affect enterprises every day, translate that
    knowledge and experience into positive, constructive action for defenders, and then
    share that information with a wider audience. The original goals were modest—to help
    people and enterprises focus their attention and get started on the most important
    steps to defend themselves from the attacks that really mattered.

    Led by the Center for Internet Security® (CIS®), the CIS Controls have matured into an
    international community of volunteer individuals and institutions that:

    • Share insights into attacks and attackers, identify root causes, and translate that
    into classes of defensive action
    • Create and share tools, working aids, and stories of adoption and problem-solving
    • Map the CIS Controls to regulatory and compliance frameworks in order to ensure
    alignment and bring collective priority and focus to them
    • Identify common problems and barriers (like initial assessment and implementation
    roadmaps), and solve them as a community

    The CIS Controls reflect the combined knowledge of experts from every part of the
    ecosystem (companies, governments, individuals), with every role (threat responders
    and analysts, technologists, information technology (IT) operators and defenders,
    vulnerability-finders, tool makers, solution providers, users, policy-makers, auditors,
    etc.), and across many sectors (government, power, defense, finance, transportation,
    academia, consulting, security, IT, etc.), who have banded together to create, adopt, and
    support the CIS Controls.

    4 downloads

       (0 reviews)

    0 comments

    Submitted

  22. AUSTRALIA’S CYBER SECURITY STRATEGY 2020

    Ensuring Australians are secure online is a shared responsibility – everyone has a role to play.
    This Strategy sets out our plan to protect Australians online.

    The world has never been more interconnected; our reliance on the internet for our prosperity and
    way of life never greater. Australia’s response to the COVID-19 pandemic has shown the importance
    of secure online connectivity. It has also shown Australians’ resilience and resolve to work together for
    a common goal. That same whole-of-nation partnership between government, businesses and the
    community must also be applied to ensuring Australia is cyber secure.

    1 download

       (0 reviews)

    0 comments

    Submitted

  23. Ransomware in Australia (October 2020)

    The Australian Signals Directorate’s (ASD) Australian Cyber Security Centre (ACSC) has observed an increase in the number of ransomware incidents affecting Australian organisations and individuals.

    This information on risks, impacts and preventative actions associated with ransomware incidents is intended to inform Australian small to medium businesses, industry organisations and Commonwealth entities. The preventative measures outlined below can also be applied to Australian individuals seeking to protect themselves against ransomware incidents.

    1 download

       (0 reviews)

    0 comments

    Submitted

  24. Managed Service Provider Better Practice Principles

    This document specifies the Australian Cyber Security Centre (ACSC) better practice principles for Managed Service Providers (MSPs). MSPs commit to these principles as a requirement of joining the ACSC Managed Service Provider Partner Program (MSP3).

    4 downloads

       (0 reviews)

    0 comments

    Submitted

  25. ACSC Annual Cyber Threat Report July 2019 to June 2020

    This report outlines key cyber threats and statistics over the period 1 July 2019 to 30 June 2020. Over this period, the ACSC responded to 2,266 cyber security incidents and received 59,806 cybercrime reports at an average of 164 cybercrime reports per day, or one report every 10 minutes.

    1 download

       (0 reviews)

    0 comments

    Submitted


×
×
  • Create New...