Upload File

top 35 mitigations 2012

prev
next
out of 3
Download Top 35 Mitigations 2012

Upload: stewatia

Post on 04-Jun-2018

218 views

Category:

Documents


0 download

Report

TRANSCRIPT

  • 8/13/2019 Top 35 Mitigations 2012

    1/3

    OCTOBER2012

    Strategies to Mitigate Targeted Cyber Intrusions

    Introduction

    1. Australian computer networks are being targeted by adversaries seeking access to sensitiveinformation.

    2. A commonly used technique is social engineering, where malicious spear phishing emails aretailored to entice the reader to open them. Users may be tempted to open malicious email

    attachments or follow embedded links to malicious websites. Either action can compromise the

    network and disclose sensitive information.

    3. The Defence Signals Directorate (DSD) has developed a list of strategies to mitigate targetedcyber intrusions. The list is informed by DSDs experience in operational cyber security, including

    responding to serious cyber incidents and performing vulnerability assessments and penetration

    testing for Australian government agencies.

    Mitigation Strategies

    4. DSDs list of mitigation strategies, first published in February 2010, is revised for 2012 based onDSDs most recent analysis of incidents across the Australian Government. Further details on the

    mitigation strategies are available at the DSD web page http://www.dsd.gov.au.

    5. While no single strategy can prevent malicious activity, the effectiveness of implementing theTop 4 strategies remains very high. At least 85% of the intrusions that DSD responded to in 2011

    involved adversaries using unsophisticated techniques that would have been mitigated by

    implementing the Top 4 mitigation strategies as a package.

    6. Implementing the Top 4 strategies can be achieved gradually, starting with computers used bythe employees most likely to be targeted by intrusions, and eventually extending them to all users.

    Once this is achieved, organisations can selectively implement additional mitigation strategies based

    on the risk to their information.

    7. This document provides information about mitigation implementation costs and user resistanceto help organisations select the best set of strategies for their requirements.

    8. These strategies complement the guidance provided in the Australian Government InformationSecurity Manual(ISM) available on DSDs web site.

    CYBER SECURITY OPERATIONS CENTRE

  • 8/13/2019 Top 35 Mitigations 2012

    2/3

  • 8/13/2019 Top 35 Mitigations 2012

    3/3


Calculating Cybersecurity Risk and Selecting Mitigations

Exploit Mitigations - exploit.courses Mitigations Best Exploit Mitigation: (Security relevant-) Bugs should not exist at all Write secure code! Use secure libraries

Sjt risks and mitigations of releasing data

IPv6 Security Threats Mitigations Apricot v4

Welfare Reform Mitigations Working Group Report: Next ... · The Welfare Reform Mitigations Working Group Report (the “Evason report”) proposes mitigations that will make a significant

HACKING TECHNIQUES and Mitigations Brady Bloxham

Defeat Exploit Mitigations - PIE

Attacks and their mitigations

Cybersecurity and Mitigations and Mitigations Susan J. M. Cabler Manager , Design, Manufacturing and Airworthiness Division, AIR-100 . FAA Aircraft Certification

Debt Settlement LOSS MITIGATIONS LLC. Loss Mitigations LLC Debt Settlement Program Overview 01

National geographic top 35 photos of 2009

Architectural Risks and Mitigations in IPv6

BRKSEC-2003 - IPv6 Security Threats and Mitigations

risks and mitigations of releasing data

Top 35 IT Staffing and Recruiting Websites

Ransomware Threats and Mitigations

Mechanisms and Mitigations for Failure Propagation in

Exploits & Mitigations - Memory Corruption Techniques

Windows Exploit Mitigations - exploit.courses Exploit Mitigations Some statements:

Top Notch Fundamentals 2E 28-35

The Evolution of Microsoft’s Exploitation Mitigations

Breaking XSS mitigations - Black Hat · Breaking XSS mitigations via Script Gadgets Sebastian Lekies (@slekies) Krzysztof Kotowicz (@kkotowicz) Eduardo Vela Nava (@sirdarckcat)

BALANCING MITIGATIONS - California Preservation

Must Follow Top 35 Google Ranking Factors

Agenda Item Wind Turbine Interference – Possible Mitigations

Calosc top warsaw 35 issue

Threats and their mitigations

BABAR Risks and Mitigations

Anonymity in MANETs Threats and Mitigations

Managed Runtime Speculative Execution Side Channel Mitigations

Top 35 SEO Interview Questions & Answers Guide

Refinery Power Outage Mitigations - 2014 · Refinery Power Outage Mitigations - 2014 Hydrocarbon Publishing Company

Environmental Impacts (and Mitigations)

Satellite Constellations: Impact, Mitigations, and

Top 35 Dodgers Pitchers