Useful cyber security resources

Cyber Security Risk Self-Assessment Tool

An interactive tool for use by anyone in management in a small or medium sized business. The tool determines whether your business is a likely target for cyber attacks and the maturity of your current cyber security practices by asking you a number of plain language questions about your business and providing you with a report about the next steps and resources. The tool takes approximately 20 minutes to complete.

Defence Industry Security Program

The Defence Industry Security Program (DISP), launched in April 2019, is the system for managing industry security practices. Businesses wanting to be Defence-ready can self-nominate to join the DISP without the need for a Defence contract. Existing DISP members have 24 months to re-apply for membership under the new DISP.

cyber.gov.au

The Australian Cyber Security Centre’s (ACSC) coordinated end-to-end advice, reporting and response platform. Resources for individuals and businesses will be available on the site. A number of key resources from the site are highlighted below.

Stay Smart Online

The Australian Government’s online safety and security website. There are a number of resources and guides for small business, including a cyber security alert service.

Cyber security webinars

This five-part webinar series is designed for small to medium enterprises and covers:

  • Cyber security for small to medium enterprises
  • The cyber threat landscape for small to medium enterprises
  • Cyber security operational basics
  • Developing an effective incident response capability
  • Cyber security in the cloud and outsourcing.

Strategies to Mitigate Cyber Incidents

The ACSC provides advice and assistance on information and communications security. Their Strategies to Mitigate Cyber Incidents (including ASD’s Top 4 and Essential Eight) contains useful advice for businesses to protect themselves against targeted cyber intrusions.

Information Security Manual (ISM)

The Australian Government’s ISM is the standard that governs the security of government ICT systems. It contains three documents:

  • ISM Executive Companion
  • ISM Principles
  • ISM Controls, which contains guidance to implement controls within the ISM.

NIST Special Publications 800 - 171—Protecting Controlled Unclassified Information

The National Institute of Standards and Technology (NIST) establishes measurements and standards for use of technologies. The 800 - 171 provides guidance for Protecting Controlled Unclassified Information (CUI) in non-US Government Information systems and organisations. It is focused on protecting the confidentiality of CUI. Many US primes are requesting suppliers to demonstrate compliance against the CUI security requirements. This link also contains resources to supporting materials and publications.

NIST Cyber Security Framework

A US-based framework used by many organisations. It is a prioritised, flexible, repeatable and cost-effective framework to help manage cyber security-related risks. Although initially written for critical infrastructure, it is a useful reference for defence businesses.

NIST Small Business Information Security: The Fundamentals

Written for small business owners not experienced in cybersecurity, this guide uses non-technical language to explain basic steps you can take to improve information security.

UK Cyber Essentials

This UK Government initiative is aimed at helping organisations protect themselves against common cyber attacks.

UK 10 Steps to Cyber Security

In addition to the Cyber Essentials initiative, the UK Government has provided a guide detailing 10 simple steps for businesses to improve their cyber security capability.

Thanks for your feedback. If you have any ideas on how we can improve, we'd love to hear them.

Please provide your comments in the feedback form.

You might also be interested in