Frequently Asked Questions

Cyber Security Frameworks and Compliance

Australian Signals Directorate Essential 8

What is the ASD Essential 8?

The Australian Signals Directorate (ASD) Essential 8 is a set of baseline mitigation strategies designed to protect organisations against cyber threats. These eight strategies are considered essential by the Australian Cyber Security Centre (ACSC) for all organisations to implement.

The Essential 8 strategies are:

Application control
Patch applications
Configure Microsoft Office macro settings
User application hardening
Restrict administrative privileges
Patch operating systems
Multi-factor authentication
Regular backups

Implementing these strategies can significantly reduce the risk of cyber incidents and is often a requirement for organisations working with government agencies.

How can Net Raptor help with Essential 8 implementation?

Net Raptor offers comprehensive Essential 8 implementation and assessment services:

Conducting gap analyses to identify where your organisation stands against the Essential 8
Developing tailored implementation roadmaps
Assisting with technical implementation of each strategy
Performing maturity assessments to measure your progress
Providing ongoing support and guidance to maintain compliance

Our team of certified professionals has extensive experience in helping organisations achieve and maintain Essential 8 compliance across various maturity levels.

NSW Digital Information Security Policy

What is the NSW Digital Information Security Policy?

The NSW Digital Information Security Policy is a mandatory policy for NSW Government agencies. It establishes a framework for managing information security risks and protecting government information assets.

The policy is based on the ISO 27001 information security standard and incorporates the ASD Essential 8 as mandatory baseline controls. It requires agencies to:

Implement an Information Security Management System (ISMS)
Conduct regular risk assessments
Apply the Essential 8 mitigation strategies
Implement security controls appropriate to their risk profile
Report cyber security incidents
Undergo regular security assessments

How can Net Raptor assist with NSW Digital Information Security Policy compliance?

Net Raptor provides comprehensive support for organisations needing to comply with the NSW Digital Information Security Policy:

Conducting compliance gap assessments against the policy requirements
Developing and implementing Information Security Management Systems (ISMS)
Performing risk assessments and developing risk treatment plans
Implementing technical controls including the Essential 8
Offering customized security awareness training programs
Implementing robust incident response and business continuity plans
Assisting with the attainment of relevant certifications (e.g., ISO 27001)
Providing ongoing support and monitoring to ensure continued compliance

Our expertise in both Cyber Security and compliance frameworks positions us to help organizations navigate the complexities of the NSW Digital Information Security Policy effectively.

Email Security

What are SPF, DKIM, and DMARC?

SPF, DKIM, and DMARC are email authentication protocols that work together to prevent email spoofing and phishing:

SPF (Sender Policy Framework): Specifies which mail servers are authorized to send email on behalf of your domain
DKIM (DomainKeys Identified Mail): Adds a digital signature to your emails, verifying they haven't been tampered with in transit
DMARC (Domain-based Message Authentication, Reporting, and Conformance): Builds on SPF and DKIM to provide reporting and policy enforcement

Implementing these protocols significantly reduces the risk of your domain being used for phishing attacks and improves email deliverability.

Password Security and Management

How does password length relate to password strength?

Password length is a crucial factor in password strength. Generally, longer passwords are stronger than shorter ones, even if the shorter password uses a mix of character types. Here's why:

Each character added to a password exponentially increases the number of possible combinations
Longer passwords are more resistant to brute-force attacks and take significantly longer to crack
A long passphrase (e.g., "correct horse battery staple") can be both secure and easy to remember

While complexity (using a mix of uppercase, lowercase, numbers, and symbols) is still important, length is the most critical factor in password strength.

How often should passwords be changed according to current guidelines?

Current Cyber Security guidelines have shifted away from mandatory regular password changes. The latest recommendations include:

Change passwords only when there's a reason to believe they may have been compromised
Focus on creating strong, unique passwords for each account instead of changing them frequently
Use multi-factor authentication (MFA) wherever possible to add an extra layer of security

This approach is based on research showing that frequent password changes often lead to weaker passwords and password reuse across multiple accounts.

What are password managers and why should I use one?

Password managers are secure applications that store and manage your passwords. Here's why they're beneficial:

They allow you to use strong, unique passwords for each account without having to remember them all
Many can generate complex passwords for you
They encrypt your password database, protecting it from unauthorized access
Some offer features like secure password sharing and breach monitoring

Using a password manager significantly improves your overall online security by eliminating the need for password reuse and making it easy to use strong passwords everywhere.

Can you recommend any free password managers?

There are several reputable free password managers available. Here are a few options:

Bitwarden: Open-source, with free cross-platform syncing
KeePass: Open-source and completely free, but requires manual syncing

While these password managers offer free tiers, they may also have paid versions with additional features. We recommend researching each option to find the one that best suits your needs.

Note: When choosing a password manager, consider factors like ease of use, device compatibility, and security features. It's crucial to use a strong, unique master password for your password manager account.

Cyber Security Resources and References

Where can I find more information about the topics discussed?

Here are some authoritative sources for further reading on the topics we've covered:

Australian Signals Directorate Essential 8: ACSC Essential Eight
NSW Digital Information Security Policy: NSW Cyber Security Policy
Email Security (SPF, DKIM, DMARC):
Password Security:
- NIST Password Guidelines
- UK NCSC Password Guidance
Cyber Security Best Practices:
- CISA Cyber Security Tips
Phishing and Email Security:

These resources provide in-depth information and are regularly updated to reflect the latest in Cyber Security standards and best practices.