The Australian Defence Signals Directorate (DSD) has made its top four 'essential' information security mitigation strategies mandatory for all Australian government agencies.
The change means that Australian government agencies must now implement the ICT protective security controls as detailed in the Australian government's information security manual, in order to meet the requirements of DSD's top four strategies to mitigate targeted cyber intrusions.
The effectiveness of using these top four strategies is very high, according to the group, with the DSD saying that at least 85 per cent of the intrusions they responded to in 2011 would have been mitigated with the use of the top four strategies as a package.
The four strategies involve employing application whitelisting, patching applications, patching operating system vulnerabilities and minimising the number of users that have administrative rights.
According to the DSD, whitelisting – a technical measure that only allows specifically authorised applications to run on a given system – can make it harder for an organisation's ICT systems to be compromised.
On the other hand, patching involves small pieces of software being released to fix problems or update a computer program, which can be very beneficial in strengthening an organisation's IT system.
The DSD also recommends controlling the amount of administrative privileges and restricting the amount of users who have access to these high-level privileges, in order to lessen the risk of an information breach occurring.
While the changes initiated by the DSD involve Australian government agencies, the news may serve as a timely reminder to many Australian businesses of the importance of strengthening their information security policies.
Security breaches, particularly those that involve sensitive data such as financial records or customer information, can be very harmful for an organisation.
To help rectify any issues that may be present in your own organisation's information security policy, you may want to consult a trusted security solutions provider to help with vulnerability management.
By undertaking a thorough assessment of your security policy through measures like a security audit or penetration testing, a security solutions provider can help to identify the potential flaws and gaps in your ICT system before they can be exploited by other individuals.
A breach in information security can not only be costly to deal with, it can also have lasting effects on the public reputation of your organisation.
For this reason, it is important to make sure that your company's security policy is as strong as it can be.