Guides: Information Technology, Integrated Technologies &amp; Automation: Cyber Security

Cyber Attack help & experiences

Sownage: Cyber Security and Business Continuity The case details events from April to June 2011, when an attack to the PlayStation Network (PSN) occurred. As a consequence of this incident the PSN systems shut down and personal information about users was stolen by hackers. Students should analyze the facts and then present action paths, putting themselves in the role of a PlayStation team member in charge of the situation. They should also present a business continuity plan for the future.
Australian Cyber Security Centre The Australian Cyber Security Centre (ACSC) leads the Australian Government’s efforts to improve cyber security. Our role is to help make Australia the most secure place to connect online.
Small Business Cyber Security Guide For a small business, even a minor cyber security incident can have devastating impacts. This guide includes basic security measures to help protect your business against common cyber security threats
What to do if your business email has been compromised or attacked Government advice on the simple steps to follow if you are a victim of an email attack - whether that attack is hacking your email account or impersonating you by another method. The first section will teach you how to react if you have already been hacked and how to limit damage. The second part will help you protect yourself in the future.

Websites

idCare IDCARE is Australia and New Zealand’s national identity and cyber support service. It is a not-for-profit Australian charity that was formed to address a critical support gap for individuals confronting identity and cyber security concerns. This gap requires specialist Identity & Cyber Security Counsellors and Analysts that apply a human-centred approach to identity and cyber security.
Institute for Cyber Security The UNSW Institute for Cyber Security replaces UNSW Canberra Cyber and spans both the Canberra and Sydney campuses. Whilst Canberra is the hub, we are an active online community – going beyond campuses. We have over 60 members, placing Australia as a leader in conducting excellence in multidisciplinary cyber security research, education, innovation and commercialisation.
Internet Security Threat Report The 2019 Internet Security Threat Report takes a deep dive into the latest trends in cyber security attacks, including ransomware, formjacking, and cloud security.
Protect yourself against cyber crime Ransomware attacks are on the rise in Australia
WA ScamNet Have you received a scam? Have you received a phone, text or email which seems unusual or suspicious? Please report it to us using our new form and learn how to avoid their traps.

Free standards available through the library

The library has a subscription to SAI Global which provides access to Australian standards as well as selected international (ISO) standards.

These standards are freely available to North Metropolitan TAFE students and staff, and can be downloaded for individual use. To access Australian standards please use the link below.

Standards Australia Help and Access > NMT This link opens in a new window A complete listing of all the Australian and New Zealand Standards that you require for your work and study. FAQ's to assist you are also to be found here.

ISO standards relevant to cyber security, and available to North Metropolitan students and staff, are listed below:

AS ISO/IEC 38500 : 2016 Information technology - governance of IT for the organisation

AS ISO/IEC 27001 : 2015 Information technology - Security techniques - Information security management systems - requirements

AS ISO/IEC 27001 and 27002ITSecuritySet - Information technology - Security techniques

AS ISO 31000 : 2018 Risk management - Guidelines

CSA ISO/IEC 27005 : 2019 Information technology - Security techniques - Information security risk management 3rd Edition.

DS ISO/IEC 27005 : 2018 Information Technology - Security Techniques - Risk Management in Information Security

CSA ISO/IEC 27002 :R2019 Information technology - Security techniques - Code of practice for information security controls

Australian frameworks & regulations

Cyber Security Incident Response and Coordination Cyber security incident response arrangements in the WA Government Sector are governed by the Western Australian Whole-of-Government Cyber Security Incident Coordination Framework (the framework), which supports Western Australia’s participation in the national Cyber Incident Management Arrangements (CIMA).
Protective security policy framework (PSFP) The Protective Security Policy Framework (PSPF) helps Australian Government entities to protect their people, information and assets, both at home and overseas. It sets out government protective security policy and supports entities to effectively implement the policy across the following outcomes: - Security governance - Information security -- Personnel security -- Physical security.
Information security manual (ISM) produced by the Australian signals directorate (ASD) The Australian Cyber Security Centre (ACSC) produces the Information Security Manual (ISM). The purpose of the ISM is to outline a cyber security framework that organisations can apply, using their risk management framework, to protect their information and systems from cyber threats. The ISM is intended for Chief Information Security Officers, Chief Information Officers, cyber security professionals and information technology managers.
Prudential practice guide CPF 235-managing data risk The management of data and associated risks is important for a broad range of business objectives including meeting financial and other obligations to stakeholders, effective management and proper governance. This prudential practice guide (PPG) provides guidance on data risk management where weaknesses continue to be identified as part of APRA’s ongoing supervision activities.
Prudential practice guide PPG-234 – management of security risk in information and information technology (PDF) Prudential practice guides provide guidance on APRA’s view of sound practice in particular areas. PPGs frequently discuss statutory requirements from legislation, regulations or APRA’s prudential standards, but do not themselves create enforceable requirements. This PPG aims to assist regulated institutions in the management of security risk in information and information technology. It is designed to provide guidance to senior management, risk management and IT security specialists.
ASIC report 429: cyber resilience – health check Cyber resilience is the ability to prepare for, respond to and recover from a cyber attack. Resilience is more than just preventing or responding to an attack—it also takes into account the ability to adapt and recover from such an event.
Report 429 Cyber resilience : Health check (2015) (PDF) It is intended to help our regulated population improve their cyber resilience by increasing their awareness of cyber risks, encouraging collaboration between industry and government, and identifying opportunities for them to improve their cyber resilience. It also aims to identify how cyber risks should be addressed as part of current legal and compliance obligations that are relevant to ASIC’s jurisdiction.
Communications Alliance Ltd : All Industry Publications Includes: Codes Guidelines Specifications Industry Guidance Notes.

eBooks - cybersecurity

Cyber security : threats and responses for government and business. (2019) This comprehensive work focuses on the current state of play regarding cyber security threats to government and business, which are imposing unprecedented costs and disruption.
Routledge companion to global cyber security strategy (2021) Each chapter is written by a leading academic or policy specialist, and contain the following sections: overview of national cybersecurity strategy; concepts and definitions; exploration of cybersecurity issues as they relate to international law and governance and more.
The cyber security handbook: prepare for, respond to and recover from cyber attacks with the IT Governance Cyber Resilience Framework (CRF). (2020) This book is a comprehensive cyber security implementation manual which gives practical guidance on the individual activities identified in the IT Governance Cyber Resilience Framework (CRF) that can help organisations become cyber resilient and combat the cyber threat landscape.
Cloud native security cookbook: recipes for a secure cloud. (2022) With the rise of the cloud, every aspect of IT has been shaken to its core. The fundamentals for building systems are changing, and although many of the principles that underpin security still ring true, their implementation has become unrecognizable.
Practical fraud prevention: fraud and AML analytics for Fintech and eCommerce, using SQL and Python. (2022) Over the past two decades, the booming ecommerce and fintech industries have become a breeding ground for fraud.

Navigating the Cybersecurity Career Path. (2022) Land the perfect cybersecurity role--and move up the ladder--with this insightful resource Finding the right position in cybersecurity is challenging. Being successful in the profession takes a lot of work. And becoming a cybersecurity leader responsible for a security team is even more difficult. In Navigating the Cybersecurity Career Path, decorated Chief Information Security Officer Helen Patton delivers a practical and insightful discussion designed to assist aspiring cybersecurity professionals entering the industry and help those already in the industry advance their careers and lead their first security teams.

Books in the Library

The Information Systems Security Officer's Guide The book outlines how to implement a new plan or evaluate an existing one, and is especially targeted to those who are new to the topic.
ISBN: 9780128021903

Australian Acts relevant to cyber security

The following Australian Acts are available to download via the Australasian Legal Information Institute (Austlii) website (http://www.austlii.edu.au/)

Information Technology, Integrated Technologies & Automation: Cyber Security