Security Controls & Resilience

Identity Management: The Key to SOC Success or Failure

Whether an attacker is breaking into your organisation or a malicious insider is trying to exfiltrate data using legitimate access, there is little argument that both attacks require a level of system identity to act on the target. Modern enterprise ICT systems leverage a variety of technologies to attest to the identity of users, but understanding the when and how is equally important.

Read More

Privileged Account Management: Essential Cyber Security Measures

Privileged user accounts, such as those used by administrators, application developers and even the security team themselves are prime targets for attackers. Typically, once an attacker has the credentials for a privileged account, they are free to move around the business as they please.  For this reason, constructing a secure privileged account management capability is a critical building block in your enterprise security architecture.

Read More

Digital Transformation: The Cyber Security Catalyst

The adoption of cloud services is core to the Australian Government’s digital transformation strategy. Cloud services yield faster service delivery for agencies and ensure organisations only pay for what they consume. Yet, this shift to cloud introduces a degree of risk and uncertainty that needs addressing, so let’s look at this risk in terms of merging the Government’s foremost cyber security advice with the Digital Transformation Agency’s cloud-first strategy.  Read more to understand how the ASD’s Essential Eight supports the Australian Government’s move to Cloud.

Read More

How Mature Are Your Cyber Security Controls?

The changes to the Australian Privacy Act (22 Feb 2018) requires businesses report eligible data breaches.  Consequently, executives are asking how they can determine their preparedness and ensure they reduce the risk of potential fines. The Australian Signals Directorate’s (ASD) Essential Eight has received considerable airtime, and for good reason, as it provides a no-nonsense approach for organisations to improve their security posture by focusing on eight cyber security controls.

Read More

Inequity in Multi-Factor Authentication – choosing the right implementation for your organisation

The Australian Signals Directorate (ASD) recommends the use of multi-factor authentication (MFA) within their general security control guidance known as the Essential Eight. They claim, “it is one of the most effective cyber security controls an organisation can implement,” yet, not all implementations of MFA are equally effective, so choosing which one is right for your organisation is essential. Furthermore, adversaries know about inherent weaknesses and have begun targeting organisations that use particularly weak implementations. This blog looks at some of the issues and pitfalls with modern MFA solutions and offers some guidance that supports ASD’s claim that it’s one control not to overlook.

Read More

ASD Essential Eight – Multi Factor Authentication

The Australian Signals Directorate (ASD) published a list of prioritised cyber mitigation strategies in February 2017 that they claim will protect organisations against as many as 85% of targeted cyber-attacks. Known as the ASD Essential Eight[1], there is no doubt in anyone’s mind that these controls can reduce security incidents. Multi-factor authentication (MFA) is one of these eight controls, where ASD says multiple levels of authentication make it much more difficult for attackers to hijack a user’s account.

Read More

ASD Essential Eight – The Perils of Java

The Australian Signals Directorate (ASD) published a useful list of prioritised cyber mitigation strategies in February 2017, known as the ASD Essential Eight[1].   User Application Security is one of the eight, including locking down and restricting the permissions of user-facing applications.

Read More
1 3 4 5 6