Security Operations https://www.cyber.gov.au/resources-business-and-government/essential-cyber-security/strategies-mitigate-cyber-security-incidents/strategies-mitigate-cyber-security-incidents)
Prior to implementing any of the mitigation strategies, organisations need to identify their assets and perform a risk assessment to identify the level of protection required from various cyber threats. Furthermore, organisations require motivation to improve their cyber security posture, supportive executives, access to skilled cyber security professionals and adequate financial resources. Motivators can include a significant cyber security incident, a penetration test, mandatory data breach reporting, mandatory compliance, and evidence of a lower cyber security posture or higher threat exposure than previously realised.
NOTE
No set of mitigation strategies is guaranteed to prevent all cyber security incidents. However, properly implementing the eight mitigation strategies with an ‘essential’ effectiveness rating is so effective at mitigating targeted cyber intrusions and ransomware, that ASD considers these to be the new cyber security baseline for all organisations.
NOTE
The following page provides mitigation strategies and a suggested implementation order for:
- targeted cyber intrusions and other external adversaries who steal data
- ransomware denying access to data for monetary gain, and external adversaries who destroy data and prevent computers/networks from functioning
- malicious insiders who steal data such as customer details or intellectual property
- malicious insiders who destroy data and prevent computers/networks from functioning.
When implementing a mitigation strategy, first implement it for high risk users and computers such as those with access to important (sensitive or high-availability) data and exposed to untrustworthy internet content, and then implement it for all other users and computers. Organisations should perform hands-on testing to verify the effectiveness of their implementation of mitigation strategies.