The updated Australian Government Information Security Manual (ISM) was released by the Australian Cyber Security Centre (ACSC) at the end of 2018. The manual represents the ACSC and ASD’s knowledge of best practice cyber security measures based on their experience in responding to cyber security incidents within Australia.
Read MoreThere are plenty of stories about cyber crime affecting companies and individuals in the security industry and mainstream media – companies having data stolen, personal data being used for fraud, phishing scams, identity theft/fraud and ransomware being used to extort money.
The question is how can you and your business learn from these past cases and reduce your own exposure to the same sorts of attacks?
Read MoreThe Australian Cyber Security Centre (ACSC) maintains a guideline called ‘The Essential Eight: Strategies to Mitigate Cyber Security Incidents’. Government departments’ cyber resilience is measured against these controls. Research shows that successful implementation of the Essential Eight fends off 85% of targeted cyber-attacks, so it’s a very sound security strategy to follow.
Let’s explore the ACSC’s Cyber Maturity Model[1] for Essential Eight compliance to understand how it works, what to look out for and why you should apply it within your organisation.
Read MoreCritical infrastructure (CI) systems are prime targets for cyber-attack from overseas adversaries as the mass disruption from a successful attack could seriously cripple a country’s economy and national security. How prepared is your critical infrastructure to defend against international hackers and what can you do to build effective security controls?
Read MoreWhether an attacker is breaking into your organisation or a malicious insider is trying to exfiltrate data using legitimate access, there is little argument that both attacks require a level of system identity to act on the target. Modern enterprise ICT systems leverage a variety of technologies to attest to the identity of users, but understanding the when and how is equally important.
Read MorePrivileged user accounts, such as those used by administrators, application developers and even the security team themselves are prime targets for attackers. Typically, once an attacker has the credentials for a privileged account, they are free to move around the business as they please. For this reason, constructing a secure privileged account management capability is a critical building block in your enterprise security architecture.
Read MoreThe adoption of cloud services is core to the Australian Government’s digital transformation strategy. Cloud services yield faster service delivery for agencies and ensure organisations only pay for what they consume. Yet, this shift to cloud introduces a degree of risk and uncertainty that needs addressing, so let’s look at this risk in terms of merging the Government’s foremost cyber security advice with the Digital Transformation Agency’s cloud-first strategy. Read more to understand how the ASD’s Essential Eight supports the Australian Government’s move to Cloud.
Read MoreThe imminent changes to the Australian Privacy Act (22 Feb 2018) requires businesses report eligible data breaches. Consequently, executives are asking how they can determine their preparedness and ensure they reduce the risk of potential fines. The Australian Signals Directorate’s (ASD) Essential Eight has received considerable airtime, and for good reason, as it provides a no-nonsense approach for organisations to improve their security posture by focusing on eight cyber security controls.
Read MoreThe Australian Signals Directorate (ASD) recommends the use of multi-factor authentication (MFA) within their general security control guidance known as the Essential Eight. They claim, “it is one of the most effective cyber security controls an organisation can implement,” yet, not all implementations of MFA are equally effective, so choosing which one is right for your organisation is essential. Furthermore, adversaries know about inherent weaknesses and have begun targeting organisations that use particularly weak implementations. This blog looks at some of the issues and pitfalls with modern MFA solutions and offers some guidance that supports ASD’s claim that it’s one control not to overlook.
Read MoreOne of the most important preventative cyber mitigation strategies for security managers to make sure organisations adopt is a timely approach to Application Patching. Let’s look at why application patching is so important and how this fits into your overall vulnerability management process.
Read More