Defence cyber security chief pushes intrusion prevention

Powered by SC Magazine
 

Leaves negativity out of IT risk assessments.

Over 70 percent of IT security-related intrusions that were brought to the attention of the Defence Signals Directorate (DSD) in 2009 could have been prevented by simple patching or administrative rights, leading government security adviser Mike Burgess said.

Speaking at a cyber security summit in Canberra this week, Burgess said that there were well established measures available to defend against many cyber intrusions.

He cited the lastest version of a DSD guide that offered agencies 35 strategies to mitigate against intrusions as proof that the word was spreading throughout government and industry.

Burgess said that the top four strategies were to patch applications, patch operating systems, minimise the number of users with domain or local administrative priveleges, and application whitelisting.

Had organisations implemented those top four strategies in 2009, almost three in four call-outs for intrusions could have been prevented, he said.

Burgess said that, when combined with advances in IT security technology, adhering to the top four strategies would repel up to 85 percent of intrusion attempts.

The top four strategies remain unchanged between versions of the DSD document. Some changes introduced in the latest document included user education, which had moved up in priority from #31 to #8.

"We now recommend education in a number of areas such as stronger passwords, thinking about the websites you visit on your work computer, and not using media such as USB drives that are not Corporate-supported," Burgess said.

Changing approach

The DSD was changing its approach to security, Burgess said.

"Traditionally information security - like physical security - has been informed by a conservative prescriptive mindset," he said.

One example of this was DSD's recent advice on cloud computing. The Directorate had avoided being negative about the introduction of cloud compute, where in the past it may have been more against its introduction to environments.

"We can’t stop people from musing the latest technology. What we can do is enable them to use it in the least risky ways," he said.

He also said DSD was open to a more collaborative approach.

"This is why for the first time, our next release of the Information security manual will be available for comment on Onsecure, DSD’s online security portal, in early August for three weeks," Burgess said.

"This will allow agencies time to provide online feedback on the document before its next official update."

Copyright © iTnews.com.au . All rights reserved.


Defence cyber security chief pushes intrusion prevention
Toy knight defending against instrusions
 
 
 
Top Stories
IBM, NEC picked for major NSW Transport deals
Final contract negotiations begin.
 
Govt proposes crackdown on ISPs over piracy
Wants new legal powers for copyright industry.
 
Westpac interim CIO resigns
Group CIO yet to be appointed.
 
 
Toy knight defending against instrusions
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
What is delaying adoption of public cloud in your organisation?







   |   View results
Lock-in concerns
  30%
 
Application integration concerns
  3%
 
Security and compliance concerns
  27%
 
Unreliable network infrastructure
  9%
 
Data sovereignty concerns
  21%
 
Lack of stakeholder support
  3%
 
Protecting on-premise IT jobs
  4%
 
Difficulty transitioning CapEx budget into OpEx
  3%
TOTAL VOTES: 1002

Vote