Update 2: IT Security Technology Checklist from the Australian CERT

Document created by wkandek on Jun 7, 2011Last modified by wkandek on Oct 26, 2011
Version 10Show Document
  • View in full screen mode

SANS awarded their 2011 US National Cybersecurity Innovation Award to this project. Click here for details.


---- Update: -----


The Australian Defence Signal Directorate has published an update to this document. In their experience 85% of all incidents could have been avoided by the implementation of the top 4 recommendations:


  1. Patch applications e.g. PDF viewer, Flash Player, Microsoft Office and Java. Patch or mitigate within two days for high risk vulnerabilities. Use the latest version of applications.
  2. Patch operating system vulnerabilities. Patch or mitigate within two days for high risk vulnerabilities. Use the latest operating system version.
  3. Minimise the number of users with domain or local administrative privileges. Such users should use a separate unprivileged account for email and web browsing.
  4. Application whitelisting to help prevent malicious software and other unapproved programs from running e.g. by using Microsoft Software Restriction Policies or AppLocker.


The 85% number is derived from incident data within the Australian government in 2010 and represents an increase from the 70% figure for 2009.


The attached "Top 35 Mitigations" provides some implementation guidelines (start small, build incrementally) and the full list of techniques..


----- Old post -----


This document by the CERT Australia from 2010 is an excellent guide to the implementation of security technologies rating them by efficiency, user resistance/impact and cost.


Top recommendations are:

  1. Patch OS, with excellent security effectiveness, low user resistance and medium cost. It prevents intrusions and thwarts malware execution at the earliest possible level
  2. Patch 3rd party apps - same, with a somewhat higher cost due to the additional tools necessary