ACSC programs and advice are being migrated to (see sidebar)


ACSC publications:

ACSC agencies' key documents:

Information security references

Strategies to Mitigate Cyber Security Incidents

  • Mitigation strategies
  • Essential eight explained
  • Essential eight maturity model
  • Implementation guides
  • Mandatory Top 4 requirement explained

Australian Government Information Security Manual

  • Executive Companion
  • Principles
  • Controls

Evaluated Products List and emanation security

Cloud computing and BYOD

Title Audience Published
Catch, Patch, Match educational video Everyone 15/01/2014
CyberSense educational video Everyone 13/05/2010
Detecting Socially-Engineered Messages Everyone 29/01/2018
Security and Safety Tips for Social Media UPDATED Everyone 11/10/2018
Top Security Tips for Personal Device Use Everyone 24/03/2017
Travelling Overseas with Electronic Devices Everyone 20/12/2012
Using Consumer-Grade Email Services Everyone 19/01/2018
Essential Eight Explained Senior managers 20/03/2018
What Executives Should Know About Cyber Security Senior managers 24/04/2018
An Examination of the Redaction Functionality of Adobe Acrobat Pro DC 2017 (PDF) Security practitioners 23/07/2018
Antivirus Software using Reputation Rating Checking Security practitioners 29/01/2018
Apple iOS Hardening Configuration Guide for iPod Touch, iPhones and iPads running iOS version 9 or higher Security practitioners 01/09/2016
Assessing Security Vulnerabilities and Applying Patches Security practitioners 18/01/2018
Cyber Security for Contractors Security practitioners 20/03/2018
Data Spill Management Guide Security practitioners 20/08/2012
Data Spill Sanitisation Guide Security practitioners 20/08/2012
DNS Security Security practitioners 20/08/2012
Drive-by Downloads Security practitioners 20/12/2012
Essential Eight in Linux Environments Security practitioners 20/03/2018
Essential Eight Maturity Model Security practitioners 11/04/2018
Hardening Microsoft Office 2013 Security practitioners 01/05/2018
Hardening Microsoft Office 2016 Security practitioners 01/05/2018
Hardening Microsoft Windows 7 SP1 Workstations Security practitioners 01/05/2018
Hardening Microsoft Windows 8.1 Update Workstations Security practitioners 01/05/2018
Hardening Microsoft Windows 10 Workstations Security practitioners 01/05/2018
Implementing Application Whitelisting Security practitioners 18/01/2018
Introduction to Cross-Domain Solutions (CDS) Security practitioners 18/01/2018
Malicious Email Mitigation Strategies Security practitioners 01/08/2016
Microsoft Office Macro Security Security practitioners 08/08/2018
Minimising the Threat from Java-based Intrusions Security practitioners 24/06/2014
Mitigating Spoofed Emails – Sender Policy Framework (SPF) Explained Security practitioners 20/12/2012
Mitigating the Use of Stolen Credentials to Access Agency Information Security practitioners 20/08/2012
Multi-factor Authentication Security practitioners 22/09/2017
Network Segmentation and Segregation Security practitioners 06/07/2018
Passphrase Requirements Security practitioners 02/11/2017
Preparing for and Responding to Cyber Security Incidents Security practitioners 10/07/2018
Preparing for and Responding to Denial-of-Service Attacks Security practitioners 23/05/2018
Protecting Web Applications and Users – Technical guidance for improving web application security through implementing web browser-based mitigations Security practitioners 28/02/2012
Questions to ask Managed Service Providers Security practitioners 20/03/2018
Restricting Administrative Privileges Security practitioners 18/01/2018
Secure Administration Security practitioners 29/09/2015
Securing Content Management Systems (CMS) Security practitioners 29/07/2015
Securing PowerShell in the Enterprise Security practitioners 15/03/2016
Technical Guidance for Windows Event Logging Security practitioners 04/07/2018
Travelling Overseas with Electronic Devices – Technical Advice Security practitioners 20/12/2012
Using Remote Desktop Clients Security practitioners 14/12/2011
Using Virtual Private Networks (VPNs) Security practitioners 09/07/2018

In August 2018 ACSC launched a new website,, to reflect its new organisation.

Cyber security programs and advice are being migrated to Information and advice on this site remains current.

Reports help the ACSC to develop a better understanding of the threat environment and will assist other organisations who are also at risk.

Cyber security incident reports are also used in aggregate for developing new defensive policies, procedures, techniques and training measures to help prevent future incidents.

Information for Australian businesses
Information for individual Australian citizens
Information for Federal, State and Local government agencies