Home Security ASD says eight cyber security steps are better

ASD says eight cyber security steps are better

The Australian Signals Directorate (ASD) has developed eight cyber security steps that business, enterprise and government should take to help protect themselves against cyber attacks.

This is up from its previous four — application whitelisting, patching applications, patching operating system vulnerabilities, and restricting administrative privileges — and has been called the “essential eight”. As yet these have not been included in the protective security policy framework (PSPF) mandate and will be available on the ASD website shortly.

It says that while the essential four will prevent 85% of cyber attacks and were mandatory for all Australian Government use since 2013, the extra precautions are a result of developments since then.

ASD says these are the essential eight and there are many more steps that could be taken. A range of publications are available on its website.

The measures organisations should now take are:

  1. Application whitelisting to allow only approved software applications to run on computers.
  2. Patch applications to fix security vulnerabilities in software.
  3. Disable untrusted Microsoft Office macros which could be used to enable the download of malware onto computer systems.
  4. User application hardening that blocks Web browser access to Adobe Flash player, Web advertisements and untrusted Java code.
  5. Restrict administrator privileges for managing systems and installing software and patches to only users who absolutely need them.
  6. Patch operating systems to fix vulnerabilities.
  7. Use multi-factor authentication to make it harder for third parties to access information.
  8. Back-up important data daily so information can be quickly recovered in the event of a cyber security incident.

The ASD states, “Once the essential eight mitigation strategies have been correctly implemented, baseline cyber security posture has been achieved. This baseline makes it much harder for adversaries to compromise systems."

"While no single mitigation strategy is guaranteed to prevent cyber security incidents, ASD recommends organisations implement a package of eight essential strategies as a baseline,” it added.


Did you know: Key business communication services may not work on the NBN?

Would your office survive without a phone, fax or email?

Avoid disruption and despair for your business.

Learn the NBN tricks and traps with your FREE 10-page NBN Business Survival Guide

The NBN Business Survival Guide answers your key questions:

· When can I get NBN?
· Will my business phones work?
· Will fax & EFTPOS be affected?
· How much will NBN cost?
· When should I start preparing?


Ray Shaw

joomla stats

Ray Shaw ray@im.com.au  has a passion for IT ever since building his first computer in 1980. He is a qualified journalist, hosted a consumer IT based radio program on ABC radio for 10 years, has developed world leading software for the events industry and is smart enough to no longer own a retail computer store!