Security Controls & Resilience

Inequity in Multi-Factor Authentication – choosing the right implementation for your organisation

The Australian Signals Directorate (ASD) recommends the use of multi-factor authentication (MFA) within their general security control guidance known as the Essential Eight. They claim, “it is one of the most effective cyber security controls an organisation can implement,” yet, not all implementations of MFA are equally effective, so choosing which one is right for your organisation is essential. Furthermore, adversaries know about inherent weaknesses and have begun targeting organisations that use particularly weak implementations. This blog looks at some of the issues and pitfalls with modern MFA solutions and offers some guidance that supports ASD’s claim that it’s one control not to overlook.

Read More

ASD Essential Eight – Multi Factor Authentication

The Australian Signals Directorate (ASD) published a list of prioritised cyber mitigation strategies in February 2017 that they claim will protect organisations against as many as 85% of targeted cyber-attacks. Known as the ASD Essential Eight[1], there is no doubt in anyone’s mind that these controls can reduce security incidents. Multi-factor authentication (MFA) is one of these eight controls, where ASD says multiple levels of authentication make it much more difficult for attackers to hijack a user’s account.

Read More

ASD Essential Eight – The Perils of Java

The Australian Signals Directorate (ASD) published a useful list of prioritised cyber mitigation strategies in February 2017, known as the ASD Essential Eight[1].   User Application Security is one of the eight, including locking down and restricting the permissions of user-facing applications.

Read More

ASD Essential Eight – the importance of restricting Administrative Privileges

The ASD Essential Eight cyber mitigation strategies publication [1] offers up eight of the most critical security controls that can help fend of cyber-attacks. Aside from the cyber hygiene measures of patching application and operating systems, Australian Signals Directorate suggests that restricting the use of administrative privileges can help limiting the extent of incidents since admin accounts provide the keys to the kingdom, and attackers will use these accounts to take control of systems and steal information.

Read More

ASD Essential Eight: Patching and Vulnerability Management – How to get it right

The Australian Signals Directorate’s (ASD) Strategies to Mitigate Cyber Security Incidents was published back in February 2017  – The ASD Essential Eight.  Two of those eight strategies relate to (i) application patching to prevent malware running and; (ii) operating system patching to reduce the damage an incident can cause and help recover data. Both patching strategies fall into the larger field of vulnerability management, although there is some misunderstanding between the meaning of vulnerability management and vulnerability assessment. It’s important to know the difference to ensure any patch deficit is managed as effectively as possible.

Read More
1 5 6 7