I’ve been a big fan of some of the simple yet effective advice the Australian Signals Directorate (ASD) has given over the years. Key among them are the Top 35 strategies for mitigating threats posted each October. But some of these suggestions they are no longer optional … that is … if you are a Australian agency. Due to a new law the government will require all agencies to adopt the ASD’s top four recommendations. As of their most recent version the top four strategies include:
- Application Whitelisting
- Patching Applications
- Patching the Operating System, and
- Minimizing Administrative Privileges.
In response to this new law ASD released a definitive how-to technical guide last month for implementing these top strategies. Of the 42 pages the document dedicates about 15 to technical guidance and another 15 to implementation notes. It closes with a few quick tests to verify the recommendations were implemented correctly. Although very Microsoft focused, it’s not a bad little tech document to have in your back pocket.
The ASD (Australian Signals Directorate, formerly the Defense Signals Directorate) has taken a more prescriptive approach to the advice it has been giving Australian departments and agencies by stepping up the technical advice it has made available.
As part of recent changes to the Australian government’s Protective Security Policy Framework, all government agencies are now required to put in place the ASD’s Top 4 Strategies. ASD believes that if agencies do so, they will mitigate at least 85 percent of all intrusions that it sees via the Cyber Security Operations Centre.
While the strategies were updated in October last year, agencies have had to rely on their own expertise to implement them.
However, ASD has now released a more definitive technical guide for agencies to follow to meet their mandatory security requirements.
What do you think of ASD’s new guidance? Let us know in the comments below. Today’s post pic is from tuaw.com. See ya!