Strategies to Mitigate Cyber Security Incidents
Replaces Strategies to Mitigate Targeted Cyber Intrusions as of February 2017
The Australian Signals Directorate (ASD) has developed prioritised mitigation strategies to help technical cyber security professionals in all organisations mitigate cyber security incidents. This guidance addresses targeted cyber intrusions, ransomware and external adversaries with destructive intent, malicious insiders, 'business email compromise' and industrial control systems.
This guidance is informed by ASD's experience responding to cyber security incidents and performing vulnerability assessments and penetration testing Australian government organisations.
No single mitigation strategy is guaranteed to prevent cyber security incidents. At least 85% of the adversary techniques used in targeted cyber intrusions which ASD has visibility of could be mitigated by implementing the following mitigation strategies, referred to as the 'Top 4':
- use application whitelisting to help prevent malicious software and unapproved programs from running
- patch applications such as Flash, web browsers, Microsoft Office, Java and PDF viewers
- patch operating systems
- restrict administrative privileges to operating systems and applications based on user duties.
These Top 4 mitigation strategies for targeted cyber intrusions are mandatory for Australian Government organisations as of April 2013.
Incorporating the Top 4, the eight mitigation strategies with an 'essential' rating are so effective at mitigating targeted cyber intrusions and ransomware that ASD considers them to be the cyber security baseline for all organisations. Any organisation that has been compromised despite properly implementing these mitigation strategies is encouraged to notify ASD.
ASD's Australian Government Information Security Manual (ISM) provides supporting guidance. ASD also has separate and specific guidance for mitigating denial of service, securely using cloud computing and enterprise mobility, including personally-owned computing devices.
Strategies to Mitigate Cyber Security Incidents
Primary Guidance
- Strategies to Mitigate Cyber Security Incidents (HTML) (PDF)
- Strategies to Mitigate Cyber Security Incidents – Mitigation Details (HTML) (PDF)
Essential Eight Explained
Overview of the Top 4
- Top 4 Mitigation Strategies to Protect Your ICT System
- Top 4 Strategies to Mitigate Targeted Cyber Intrusions: Mandatory Requirement Explained
- The Top 4 in a Linux Environment
- Catch, Patch and Match video and brochure
Additional Guidance
Mitigation strategies to prevent malware delivery and execution
- Application whitelisting
- Patch applications
- Configure Microsoft Office macro settings
- User application hardening
- Email content filtering
- Server application hardening
- Operating system hardening
- Block spoofed emails
- User education
Mitigation strategies to limit the extent of cyber security incidents
- Restrict administrative privileges
- Patch operating systems
- Multi-factor authentication
- Disable local administrator accounts
- Network segmentation
Mitigation strategies to detect cyber security incidents and respond
- Continuous incident detection and response
Contacts
- Australian government customers with questions regarding this advice can contact ASD or request ASD Cyber and Information Security Advice and Assistance on specific issues
- Australian businesses and other private sector organisations seeking further information should contact CERT Australia