The Australian Cyber Security Centre threat report 2015

Introduction: The number, type and sophistication of cyber security threats to Australia and Australians are increasing. Due to the varied nature of motivations for cyber adversaries targeting Australian organisations, organisations could be a target for malicious activities even if they do not think the information held on their networks is valuable, or that their business would be of interest to cyber adversaries. This first unclassified report by the ACSC describes the range of cyber adversaries targeting Australian networks, explains their motivations, the malicious activities they are conducting and their impact, and provides specific examples of activity targeting Australian networks during 2014. This report also offers mitigation advice on how organisations can defend against these activities. The ACSC’s ability to detect and defend against sophisticated cyber threats continues to improve. But cyber adversaries are constantly improving their tradecraft in their attempts to defeat our network defences and exploit the new technologies we embrace. There are gaps in our understanding of the extent and nature of malicious activity, particularly against the business sector. The ACSC is reaching out to industry to build partnerships to improve our collective understanding. Future iterations of the Threat Report will benefit from these partnerships and help to close gaps in our knowledge

Malicious email mitigation strategies

Introduction Socially-engineered emails containing malicious attachments and embedded links have been observed by the Australian Signals Directorate (ASD) being used in targeted cyber intrusions against organisations. This document has been developed by ASD in collaboration with local and international partners to provide mitigation strategies for the security risk posed by malicious emails. It should be read in conjunction with the advice on email security and content filtering contained in the Australian Government Information Security Manual (ISM). Not every mitigation strategy within this document will be suitable for all organisations. Organisations should consider their unique business requirements and risk environment when deciding which mitigation strategies to implement. Furthermore, before any mitigation strategy is implemented, comprehensive testing should be undertaken to minimise any unintended disruptions to the organisation’s business

Governing cyber security through networks : an analysis of cyber security coordination in Belgium

While governments develop formal and informal structures or 'networks' to promote collaboration between governmental departments and agencies, there remains uncertainty on how to set up and develop cyber security networks. The latter is demonstrated when taking recent developments in the field of cyber security in Belgium into consideration. The 2012 decision to create the Belgian cyber security centre seems to entail a move towards a 'Weberian' hierarchical network coordination approach rather than the development of a cyber security network organisation. This article claims that - as the threats of cyber are becoming more complex - there is a growing need for governmental agencies to expand horizontal coordination mechanisms. From this follows, the growing demand for criminological research into the managerial aspects of cyber security networks. Generating knowledge on how to manage networks is required as the latter is not only decisive for the effectiveness and efficiency of cyber security networks but also contributes to the overall network cyber security governance

Governing cyber security through networks : an analysis of cyber security coordination in Belgium

While governments develop formal and informal structures or 'networks' to promote collaboration between governmental departments and agencies, there remains uncertainty on how to set up and develop cyber security networks. The latter is demonstrated when taking recent developments in the field of cyber security in Belgium into consideration. The 2012 decision to create the Belgian cyber security centre seems to entail a move towards a 'Weberian' hierarchical network coordination approach rather than the development of a cyber security network organisation. This article claims that - as the threats of cyber are becoming more complex - there is a growing need for governmental agencies to expand horizontal coordination mechanisms. From this follows, the growing demand for criminological research into the managerial aspects of cyber security networks. Generating knowledge on how to manage networks is required as the latter is not only decisive for the effectiveness and efficiency of cyber security networks but also contributes to the overall network cyber security governance