This resource updates information on prudential considerations and key principles issued to APRA-regulated entities in July 2015. It has been developed in response to the growing use of the cloud by APRA-regulated entities for higher inherent risk activities, and observed areas of weakness in how...
With around 50,000 ships at sea or in port at any one time, the maritime transport industry is highly exposed to cyberattacks. The International Maritime Organisation (IMO) reacted quickly in introducing guidelines in response to terrorist attacks on shipping, but has arguably been slower in...
This paper forms part of a research project that examines cybercrime laws in the member countries of the Gulf Cooperation Council (GCC). Its aim is to assess whether these laws are fit for purpose, and to gauge their impact on the economy, security and civil...
Cyberattacks initiated by nation states have become the new normal, and countries including Australia have struggled with the challenge of how to respond to them. Far too often they’re considered a low priority. This paper offers a way forward, presenting a framework for deterrence -...
The ANAO chose to undertake this audit because effective personnel security arrangements underpin the protection of the Australian government’s people, information and assets, and the previous audit had identified deficiencies in the Australian Government Security Vetting Agency's performance.
The aim of this document is to outline Australia’s current national security science and technology priorities and coordination of efforts, to best take advantage of investment in science and technology and address gaps in immediate and future national security capability.
This resource argues that due to the incompatibility of current technologies and legislation, Australian law enforcement and intelligence agencies may need to operate in a grey area which lacks legislative direction. Regardless of their professionalism, this introduces risks for information security and human rights.
The Internet of Things (IoT) is the term used to describe the growing number of devices being connected to the internet. This issues paper aims to give a broad overview of IoT issues to increase awareness and public discussion.
This guide aims to assist you in developing and implementing an effective data breach response. It outlines the requirements relating to data breaches in the Privacy Act 1988 (Cth) (Privacy Act), including personal information security requirements and the mandatory data breach reporting obligations of the...
In 2017, the Enterprise Strategy Group (ESG) and the Information Systems Security Association (ISSA) teamed up for the second year in a row to look at the lives and experiences of cybersecurity professionals. This year’s report is based on data from a survey of 343...
The 2017 threat report includes insights into how the Australian Cyber Security Centre (ACSC) works and highlights some of the ways in which we have both proactively and reactively responded to cyber threats.
This resource outlines Australia's cyber affairs agenda for the next three years, with the hope of creating the environment for digital trade to generate economic growth and opportunities for Australia.
This report examines the existing limited research on women in the cyber security industry, and women in science, technology, mathematics, and engineering (STEM) and information and communication technology (ICT) to identify barriers to women’s labour market participation.
An interdisciplinary exercise generated three overarching policy recommendations to improve cyber security in Australia: create and enforce technology security standards, craft international agreements to address cyber security challenges, and improve risk awareness to keep users safe online.
This article argues that there needs to be more transparency, oversight and strong steps toward developing a robust framework of accountability for both the government and private spyware companies.
The Australian government has released this comprehensive cyber security survey, published by the Australian Cyber Security Centre (ACSC), of Australian government and major businesses of national significance.
This report should be viewed as a companion to the ACSC 2016 Threat Report . Both reports...
The inaugural Australia–US Cyber Security Dialogue held in Washington DC in September 2016 examined cybersecurity issues and how best to manage them in a cooperative manner.
The dialogue was facilitated by ASPI and the Center for Strategic and International Studies (CSIS).
This article argues that the Australian Depertment o Defence needs to urgently conduct operationally-focused cyber-survivability trials that leverage its alliance with the United States.
When the Australian Signals Directorate (ASD) released its Top Four Strategies to Mitigate Targeted Cyber Intrusions in 2011, it was revolutionary, because it cut to the chase. Do these four things first, before anything else, and you'll repel 85 percent of targeted...