Tuesday, January 19, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

ACSC tightens access controls for Australian government systems

February 28, 2019
in Internet Security
ACSC tightens access controls for Australian government systems
586
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

Tighter yet more flexible controls for user authentication have been set for Australian government agencies in the new Essential Eight Maturity Model published by the Australian Cyber Security Centre (ACSC).

“The ACSC is de-emphasising a number of vulnerable authentication factors within our maturity model, such as the use of SMS,” an ACSC spokesperson told ZDNet.

You might also like

Google Cloud: We do use some SolarWinds, but we weren’t affected by mega hack

Singapore tightens cyber defence guidelines for financial services sector

Multiple backdoors and vulnerabilities discovered in FiberHome routers

“A recent example of the vulnerable nature of SMS was highlighted by the compromise of Reddit accounts in mid-2018, where SMS tokens were captured as part of the attack.”

The Maturity Model measures an organisation’s compliance with the Australian Signals Directorate (ASD) Essential Eight strategies for mitigating cyber attacks. This new version brings the model into line with the new version of the Australian government’s Information Security Manual (ISM), which was also just released, following major update in December 2018.

Maturity level three means that the organisation’s implementation of the Essential Eight is in full compliance with ISM requirements. The lower maturity levels “provide stepping stones for organisations to reach a compliant state”.

Previously, multi-factor authentication required the use of a passphrase plus one other factor. At maturity levels one and two, the allowed factors included SMS messages, emails, voice calls, or software certificates, but at level three they were banned, and the only acceptable options were U2F security keys, physical one-time password (OTP) tokens, biometric, or smartcards.

Now, those first four are only permitted at level one, the most immature implementation level recognised.

“We are also moving from a ‘password plus additional authentication factor’ approach, to any two suitable, different authentication factors. For example, biometrics plus a U2F security key,” the ACSC said.

“This supports the broader industry direction to move beyond the use of passwords and look at other, more effective protection measures such as biometrics and U2F security keys.”

Further changes include:

  • Application whitelisting is now mandatory at maturity level two as well as level three.
  • Blocking of risky web content such as Flash content, Java apps, Microsoft Office macros and Object Linking and Embedding (OLE) packages, and web advertisements is now mandatory at maturity level three, as per the current version of the Essential Eight.
  • Mandatory technical security controls to prevent privileged users from reading emails and browsing the web must now also prevent them obtaining files via online services.
  • There must be an “automated mechanism” to “confirm and record that deployed operating system and firmware patches or updates have been installed, applied successfully and remain in place”.

While the ACSC doesn’t mandate timelines for government agencies to reach specific maturity levels, the Attorney-General’s Department does prescribe compliance with the Top 4 as part of its Protective Security Policy Framework (PSPF).

While maturity level 3 represents compliance with the Essential Eight, previous versions of the model included a fourth level, for “higher risk environments”. That’s been dropped.

“Where the ACSC believes an organisation requires a maturity level above that provided by maturity level 3, the ACSC would provide tailored advice to meet the specific needs of the organisation,” the ACSC said.

“The ACSC recommends that all organisations implement the Essential Eight as a baseline, and additional mitigation strategies from the 37 Strategies beyond that, based on risk exposure and cybersecurity threats of most concern to their business.”

Related Coverage

Australian political parties also hit by state actor in parliamentary network attack: PM

Prime Minister Scott Morrison has said a sophisticated state actor also hit the networks of Australia’s political parties when it attacked the parliamentary network.

Australian government gives Amazon Web Services protected level certification

The cloud giant can now store highly sensitive workloads for Australian government entities.

ACSC dumps annual conference, partners with AISA for cyber events

Australia’s cybersecurity agency joins the nation’s peak body for cyber professionals to deliver development programs through the government’s Joint Cyber Security Centres.

ASD Director-General hits out at encryption Bill fake news

Claims that the new laws will drive tech companies offshore are flawed, according to ASD Director-General Mike Burgess.

5G stakes couldn’t be higher so we advised Huawei ban: ASD

High-risk vendors could previously be confined to the edge of networks, but 5G changes that, the Australian Signals Directorate has said.

Credit: Source link

Previous Post

Machine Learning, Deep Learning, and AI Terminology for the Layman

Next Post

PUBG Hackers Alert: The Battle Royale Game Using Machine Learning to Look For Cheaters

Related Posts

Oracle takes a new twist on MySQL: Adding data warehousing to the cloud service
Internet Security

Google Cloud: We do use some SolarWinds, but we weren’t affected by mega hack

January 19, 2021
Singapore tightens cyber defence guidelines for financial services sector
Internet Security

Singapore tightens cyber defence guidelines for financial services sector

January 18, 2021
Multiple backdoors and vulnerabilities discovered in FiberHome routers
Internet Security

Multiple backdoors and vulnerabilities discovered in FiberHome routers

January 18, 2021
Xiaomi denies any ties with Chinese military
Internet Security

Xiaomi denies any ties with Chinese military

January 18, 2021
WhatsApp delays take it or leave it privacy terms update until May
Internet Security

WhatsApp delays take it or leave it privacy terms update until May

January 18, 2021
Next Post
PUBG Hackers Alert: The Battle Royale Game Using Machine Learning to Look For Cheaters

PUBG Hackers Alert: The Battle Royale Game Using Machine Learning to Look For Cheaters

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

Oracle takes a new twist on MySQL: Adding data warehousing to the cloud service
Internet Security

Google Cloud: We do use some SolarWinds, but we weren’t affected by mega hack

January 19, 2021
Google is Rethinking its Business – What About You?
Data Science

Google is Rethinking its Business – What About You?

January 18, 2021
Covalent and IBM partnership looks to fashion sustainability through blockchain
Blockchain

Covalent and IBM partnership looks to fashion sustainability through blockchain

January 18, 2021
Get the machine learning for beginners overview bundle for under $20
Machine Learning

Get the machine learning for beginners overview bundle for under $20

January 18, 2021
Singapore tightens cyber defence guidelines for financial services sector
Internet Security

Singapore tightens cyber defence guidelines for financial services sector

January 18, 2021
FairML: Auditing Black-Box Predictive Models
Data Science

FairML: Auditing Black-Box Predictive Models

January 18, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • Google Cloud: We do use some SolarWinds, but we weren’t affected by mega hack January 19, 2021
  • Google is Rethinking its Business – What About You? January 18, 2021
  • Covalent and IBM partnership looks to fashion sustainability through blockchain January 18, 2021
  • Get the machine learning for beginners overview bundle for under $20 January 18, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates