Date: June 11th 2010
Technical Information for Mitigating Targeted Cyber Intrusions
The Defence Signals Directorate (DSD) has developed a list of 35 strategies to mitigate against targeted cyber intrusions. At least 70% of the targeted cyber intrusions that DSD responded to in 2009 could have been prevented if organisations had implemented the first four mitigation strategies listed in this paper.
The strategies are ranked in order of overall effectiveness. Rankings are based on DSD’s analysis of reported security incidents and vulnerabilities detected by DSD in testing the security of Australian Government networks.
Guide for Mitigating Targeted Cyber Intrusions: 35 Strategies to Mitigate Targeted Cyber Intrusions ( PDF 478Kb )
http://www.dsd.gov.au/_lib/pdf_doc/intrusion_mitigations.pdf
Last Updated: 15 March 2010
==============
Supporting Information
Introductory Covering Page ( PDF 834Kb )
http://www.dsd.gov.au/_lib/pdf_doc/intrusion_mitigations_intro.pdf
Further technical information for Mitigating Targeted Cyber Intrusions
http://www.dsd.gov.au/library/infosec/mitigation_related_info.html
Australian Government Information Security Manual (ISM)
http://www.dsd.gov.au/library/infosec/ism.html
==============
CYBER SECURITY OPERATIONS CENTRE 05/2010
17 February 2010
Strategies to Mitigate Targeted Cyber Intrusions
1. Australian computer networks are being targeted by malicious entities seeking access to sensitive data. A commonly used technique is social engineering, in which malicious emails are tailored to entice the reader to open them. Some emails can appear very convincing and unaware users may be tempted to open malicious email attachments or follow embedded links to malicious websites – either action could lead to a compromise of
network security.
MITIGATION STRATEGIES
2. The Defence Signals Directorate (DSD) has developed a list of 35 strategies to mitigate against these types of intrusions. At least 70% of the targeted cyber intrusions that DSD responded to in 2009 could have been prevented if organisations had implemented the first four mitigation strategies listed in this paper.
3. The strategies are ranked in order of overall effectiveness. Rankings are based on DSD’s analysis of reported security incidents and vulnerabilities detected by DSD in testing the security of Australian Government networks.
4. Organisations should conduct a risk assessment and implement as many of the mitigation strategies as required to manage their level of risk. No single strategy can prevent this type of malicious activity. Organisations should also ensure that the strategies selected address all three stages of a targeted cyber intrusion.
• Stage 1 – Malicious code is executed on the user’s workstation, enabling the adversary to access any data accessible to the user.
• Stage 2 – The malicious code propagates through the network, enabling the adversary to access data on other workstations and servers.
• Stage 3 – The adversary exfiltrates data from the network.
5. Information on implementation costs and user acceptance has also been provided to enable organisations to select the best set of strategies for their requirements.
6. The mitigation strategies complement the advice in the Australian Government Information Security Manual for the protection of information that is processed, stored and communicated by government systems. A copy of the manual is available at http://www.dsd.gov.au/library/infosec/ism.html
|
<< Previous: [INFOCON] NIST Special Publication 800-34 Revision 1 Contingency Planning Guide for Federal Information Systems |
| Archive Index | |
)
INFOCON Mailing List - Daily News on Cybersecurity & Homeland Security Issues
Go back to IWS - The Information Warfare Site