Information security advice

For everyone

• Catch, Patch, Match educational video
• CyberSense educational video
• Cyber Adversaries Targeting Defence Contractors
• Detecting Socially-Engineered Emails
• Know and Minimise Your Vulnerabilities Before They Are Used Against You
• Personal Computing and the Implications for Agency Networks
• Preparing for and Responding to Cyber Security Incidents
• Top Security Tips for Home Users
• Travelling Overseas with an Electronic Device

For senior managers

• Bring Your Own Device (BYOD) Considerations for Executives
• Cyber Security Advice for High Profile Events
• Questions Senior Management Need to be Asking about Cyber Security
• Top 4 Mitigation Strategies
• Wireless Network Security

For IT security practitioners

News

• Apr 2013: Top 4 Strategies to Mitigate Targeted Cyber Intrusions mandatory for Australian Government agencies
• Jan 2013: DSD Approval for the Use of Suite B Cryptography for CONFIDENTIAL and above
• Dec 2012: DSD Advice on Patching Evaluated Products
• Nov 2012: DSD Advice Regarding Release of Adobe Reader XI
• Oct 2012: Upcoming End of Support for Microsoft Windows XP SP3 and Microsoft Office 2003
• Sep 2012: DSD Advice on Apple Release of iOS 6
• Jun 2012: WPA2 Now a DSD Approved Cryptographic Protocol
• Dec 2011: SHA-1 Deprecated

Advice

• Application Whitelisting Explained
• Assessing Security Vulnerabilities and Patches
• Data Spill Management Guide
• Data Spill Sanitisation Guide
• Denial of Service Attacks: Strategies for Mitigation
• DNS Security
• Drive-by Downloads
• Malicious Email Mitigation Guide
• Minimising Administrative Privileges Explained
• Mitigating Spoofed Emails – Sender Policy Framework (SPF) Explained
• Mitigating the Use of Stolen Credentials to Access Agency Information
• Multi-factor Authentication
• Network Segmentation and Segregation
• Protecting Web Applications and Users – Technical guidance for improving web application security through implementing web browser based mitigations
• Security Tips for the Use of Social Media Websites
• Strategies to Mitigate Targeted Cyber Intrusions
• Travelling Overseas with an Electronic Device – Technical Advice
• Wireless Network Security – Technical Advice

Information security references

• Information Security Manual (ISM)
• Evaluated Products List (EPL)
• Strategies to Mitigate Targeted Cyber Intrusions
• Cloud Computing Security Considerations
   

• An Examination of the Redaction Functionality in Adobe Acrobat Pro (PDF), November 2011
• Australian Emanation Security Program Manual (ACSI 77 (B)) (PDF), 2006
• BlackBerry Hardening Guide (PDF), 2011
• Email Filtering and Mitigating Circumvention Techniques (PDF), 2004
• HGSDV Hardening Guide (PDF), 2009
• iOS Hardening Configuration Guide for iPod Touch, iPhones and iPads running iOS version 5.1 or higher (PDF), 2012
• Rules to Protect the Privacy of Australians, 2012

AISEP documentation

• AISEP Policy Manual (PDF), 2011
• AISEP Interpretation 8: Qualifications of Principal Certifier (PDF), 2012
• AISEP Interpretation 9: Defence Industry Security Program (DISP) Membership (PDF), 2012
• AISEP Interpretation 10: Periodic Management Review (PDF), 2012
• AISEP Interpretation 11: Evaluation Scope (PDF), 2012
• AISEP Interpretation 12: Re-use of Development Environment Assessment (DEA) Evidence (PDF), 2012
• AISEP Interpretation 13: Evaluators' Experience (PDF), 2012
• EAL7 Common Evaluation Methodology (3.2Mb Zipped PDFs), 2005

Common Criteria documentation

• Common Criteria Recognition Arrangement (PDF), 2000
• DSD Policy for Adopting Protection Profiles in the Common Criteria (PDF), 2011
• Part 1: Introduction and General Model, version 3.1, revision 4 (590K PDF)
• Part 2: Security Functional Requirements, version 3.1, revision 4 (1Mb PDF)
• Part 3: Security Assurance Requirements, version 3.1, revision 4 (1Mb PDF)
• CEM: Evaluation Methodology, version 3.1, revision 4 (1.3Mb PDF)

IRAP documentation

• FedLink Gateway Self-Review Guide, version 3 (PDF), 2007
• Gatekeeper Guidelines and Checklist, version 3.0.1 (PDF) (Word version), 2008
• Policy and Procedures for IRAP, version 3.5 (PDF) (Word version), 2011

Media room

• Jan 2013: Prime Minister visits DSD, announces Australian Cyber Security Centre to be established (Defence News and Media)
• Oct 2012: Simple steps to avoid cyber intrusions
• Oct 2012: Launch of Catch, Patch, Match by the Minister for Defence
• Oct 2012: Rules to Protect the Privacy of Australians Made by the Minister for Defence
• Aug 2012: Speech by FASCIS to Parliamentary Library
• Apr 2012: Speech by FASCIS to Old Crows Association 2012
• Mar 2012: iPhones and iPads now certified for classified government use (Defence News and Media)
• Dec 2011: Changes to DSD’s Policy on Cryptographic Hash Function SHA-1
• Aug 2011: Speech by FASCIS to 2011 Technology in Government and Public Sector Summit
• Jul 2011: Speech by FASCIS to 2011 Security in Government Conference
• Feb 2010: Speech by Director DSD to 2010 National Security Australia Conference (PDF)
• Feb 2010: Speech by FASCIS to 2010 National Security Australia Conference (PDF)
• Jul 2009: Threats We Face video

Careers

Brochures

• Cyber operations careers brochure for industry professionals (PDF), 2011
• Cyber operations careers brochure for university students (PDF), 2011
• Cyber operations careers brochure for high school students (PDF), 2011

Videos

• Cyber Operations: Discover a New Frontier video, 2011