The Australian Signals Directorate (ASD) has
urged Departments and Agencies to report computer-based security
incidents to assist it in managing risk across the APS as well as
developing
policies, procedures and techniques for avoiding similar incidents
in future.
Also known as the Defence Signals Directorate, ASD defines cyber security incidents as a single or series of unwanted or unexpected cyber security events that had a significant probability of compromising business operations and threatening information security.
ASD uses cyber security incident reports as the basis for identifying and responding to cyber security incidents across government.
ASD said reporting cyber security incidents helped the Directorate to develop a threat environment picture for Government systems and assist other Agencies who might also be at risk.
Cyber security incident reports were also used for developing new policies, procedures, techniques and training measures to help prevent future incidents.
According to ASD, incident reports were only used for investigative purposes and the identification of the reporting agency would not be disclosed.
ASD said the types of cyber security incidents Agencies should report to CSOC included: suspicious or seemingly targeted emails with attachments or links; any compromise or corruption of information; unauthorised access or intrusion into an ICT system; data spills; and theft or loss of electronic devices that have processed or stored Australian Government information.
Other incidents that should be reported included: intentional or accidental introduction of malware to a network; Denial of Service attacks; suspicious or unauthorised network activity on a control system; control or monitoring systems; and tampering with ICT equipment while travelling.
The Cyber Security Incidents and the Information Security Documentation chapters of the Information Security Manual contain information on planning for, detecting, reporting and managing cyber security incidents.
The Manual can be found at this PS News link.
Also known as the Defence Signals Directorate, ASD defines cyber security incidents as a single or series of unwanted or unexpected cyber security events that had a significant probability of compromising business operations and threatening information security.
ASD uses cyber security incident reports as the basis for identifying and responding to cyber security incidents across government.
ASD said reporting cyber security incidents helped the Directorate to develop a threat environment picture for Government systems and assist other Agencies who might also be at risk.
Cyber security incident reports were also used for developing new policies, procedures, techniques and training measures to help prevent future incidents.
According to ASD, incident reports were only used for investigative purposes and the identification of the reporting agency would not be disclosed.
ASD keeps watch on cyber security
ASD said examples of incidents reported to CSOC included: repeated
domain administrator accounts being locked out due to too many failed
authentication
attempts; and unusual authentication events on VPN/remote access
systems such as users being logged in from local workstations and VPN
simultaneously or a
number of log-in attempts from geographically disparate or overseas
locations within a short time frame. ASD said the types of cyber security incidents Agencies should report to CSOC included: suspicious or seemingly targeted emails with attachments or links; any compromise or corruption of information; unauthorised access or intrusion into an ICT system; data spills; and theft or loss of electronic devices that have processed or stored Australian Government information.
Other incidents that should be reported included: intentional or accidental introduction of malware to a network; Denial of Service attacks; suspicious or unauthorised network activity on a control system; control or monitoring systems; and tampering with ICT equipment while travelling.
The Cyber Security Incidents and the Information Security Documentation chapters of the Information Security Manual contain information on planning for, detecting, reporting and managing cyber security incidents.
The Manual can be found at this PS News link.
No comments:
Post a Comment