A different look at Cyber Security by the Australians


By implementing these TOP 4 “mitigation strategies” as a complete package, you will reduce your risk of successful cyber attack by 85%

  • While no single strategy can prevent malicious activity, the effectiveness of implementing the Top 4 strategies remains very high.
  • At least 85% of the cyber intrusions that ASD responds to involve adversaries using unsophisticated techniques that would have been mitigated by implementing the Top 4 mitigation strategies as a package.
  • Implementing the Top 4 mitigation strategies can be achieved gradually, firstly on workstations of users who are most likely to be targeted by cyber intrusions, and then implementing them on all workstations and servers.
  • Once this is achieved, organisations can selectively implement additional mitigation strategies to address security gaps until an acceptable level of residual risk is achieved
  1. Application White-listing of permitted/trusted programs, to prevent execution of malicious or unapproved programs including DLL files, scripts and installers
  2. Patch Applications E.g. Java, PDF viewers, Flash, web browsers and Microsoft Office. Patch or mitigate systems with ‘extreme risk’ vulnerabilities within two days. Use the latest version of applications
  3. Patch Operating System Vulnerabilities. Patch or mitigate systems with ‘extreme risk’ vulnerabilities within two days. Use the latest suitable operating system.
  4. Restrict Administrative Privileges to operating systems and applications based on user duties. Such users should use a separate unprivileged account for email and web browsing.




Data Sheet – Application White-listing

Data Sheet – Restrict Administrative Privileges  


The Australians know what they’re talking about – Full ASD Top 35 items to fixClick for PDF