DSD: Four mitigation strategies prevent 85% of intrusions

Shocking new advice: Patch apps, patch operating systems, limit access

Research by Australia's Defence Signals Directorate (DSD) reinforces what information security specialists have been saying forever. Most intrusions could be prevented by paying attention to the basics.

At least 85 percent of targeted intrusions would be defeated by these clever new strategies:

• Patch applications such as PDF readers, Microsoft Office, Java, Flash Player and web browsers.
• Patch operating system vulnerabilities.
• Minimise the number of users with administrative privileges.
• Use application whitelisting to help prevent malicious software and other unapproved programs from running.

These are the first items in DSD's Top 35 Mitigation Strategies, based on analysis of reported incidents and problems discovered during vulnerability assessments and penetration testing in 2010.

"Implementing the top four strategies can be achieved gradually, starting with computers used by the employees most likely to be targeted by intrusions, and eventually extending them to all users," the agency wrote. "Once this is achieved, organisations can selectively implement additional mitigation strategies based on the risk to their information."

DSD is responsible for the information security of Australian government military and civilian agencies.


Contact Stilgherrian at stil@stilgherrian.com, or follow him on Twitter at @stilgherrian.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Follow our new CSO Australia LinkedIn
Follow our new social and we'll keep you in the loop for exclusive events and all things security!
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

Tags governmentnewsapplication whitelistingnetwork intrusionmitigation strategiesAustralia's Defence Signals Directorate (DSD)

More about Microsoft

Show Comments

Featured Whitepapers

Editor's Recommendations

Brand Page

Stories by Stilgherrian

Latest Videos

More videos

Blog Posts