This guide is an overview of security measures all organisations can do to best protect themselves from threats to the security of their business and customer information and systems. It contains a list of security mitigations that organisations can use to assist in securing their data to prevent data breaches and other events that could damage their organisation financially, operationally and reputationally. It is in no way a complete or exhaustive list, but includes some of the most important measures documented by the Australian Signals Directorate (ASD). They are ranked in an order from the most to the least important.
None of the below recommendations is an ultimate security solution in and of itself, but should be used in conjunction with other measures to take a defence-in-depth security stance.
A lot of these may be of limited value without the appropriate information security and acceptable use policies in place. This guide discusses the ‘what’ and ‘why’ of security measures recommended for organisations. For information on the ‘how’, please refer to the specific guide which provides information on implementing them.