Useful cyber security resources
An interactive tool for use by anyone in management in a small or medium sized business. The tool determines whether your business is a likely target for cyber attacks and the maturity of your current cyber security practices by asking you a number of plain language questions about your business and providing you with a report about the next steps and resources. The tool takes approximately 20 minutes to complete.
The Defence Industry Security Program (DISP), launched in April 2019, is the system for managing industry security practices. Businesses wanting to be Defence-ready can self-nominate to join the DISP without the need for a Defence contract. Existing DISP members have 24 months to re-apply for membership under the new DISP.
The Australian Cyber Security Centre’s (ACSC) coordinated end-to-end advice, reporting and response platform. Resources for individuals and businesses will be available on the site. A number of key resources from the site are highlighted below.
The Australian Government’s online safety and security website. There are a number of resources and guides for small business, including a cyber security alert service.
This five-part webinar series is designed for small to medium enterprises and covers:
- Cyber security for small to medium enterprises
- The cyber threat landscape for small to medium enterprises
- Cyber security operational basics
- Developing an effective incident response capability
- Cyber security in the cloud and outsourcing.
The ACSC provides advice and assistance on information and communications security. Their Strategies to Mitigate Cyber Incidents (including ASD’s Top 4 and Essential Eight) contains useful advice for businesses to protect themselves against targeted cyber intrusions.
The Australian Government’s ISM is the standard that governs the security of government ICT systems. It contains three documents:
- ISM Executive Companion
- ISM Principles
- ISM Controls, which contains guidance to implement controls within the ISM.
The National Institute of Standards and Technology (NIST) establishes measurements and standards for use of technologies. The 800 - 171 provides guidance for Protecting Controlled Unclassified Information (CUI) in non-US Government Information systems and organisations. It is focused on protecting the confidentiality of CUI. Many US primes are requesting suppliers to demonstrate compliance against the CUI security requirements. This link also contains resources to supporting materials and publications.
A US-based framework used by many organisations. It is a prioritised, flexible, repeatable and cost-effective framework to help manage cyber security-related risks. Although initially written for critical infrastructure, it is a useful reference for defence businesses.
Written for small business owners not experienced in cybersecurity, this guide uses non-technical language to explain basic steps you can take to improve information security.
This UK Government initiative is aimed at helping organisations protect themselves against common cyber attacks.
In addition to the Cyber Essentials initiative, the UK Government has provided a guide detailing 10 simple steps for businesses to improve their cyber security capability.