Content written for

Small & medium business
Large organisations & infrastructure

These resources have been developed to help improve your organisation’s cybersecurity.

Australian critical infrastructure networks regularly experience targeted and opportunistic malicious activity. Data from the Annual Cyber Threat Report 2023-24 indicates critical infrastructure are an attractive target for malicious actors.

The 3 most common activity types leading to critical infrastructure-related incidents are:

  • compromised account or credentials
  • malware infection (other than ransomware)
  • compromised asset, network or infrastructure.

By utilising the following resources, your organisation can reduce the potential financial and reputational damages associated with a cybersecurity incident.

Resources for critical infrastructure

Essential Eight

Implement these 8 essential mitigation strategies to protect your organisations’ internet-connected information technology networks.

Information security manual

A cybersecurity framework to protect your organisation’s systems and data from cyberthreats.

Strategies to mitigate cybersecurity incidents

Prioritised strategies to help mitigate cybersecurity incidents caused by various cyberthreats.

Operational technology environments

A range of publications to help mitigate security risks to operational technology environments.

Secure by Design

A proactive, security-focused approach to the development of digital products and services that aligns with an organisation’s cybersecurity goals.

Cyber supply chains

A range of publications on cyber supply chain risk management and identification.

Identifying and Mitigating Living Off the Land Techniques

Guidance to help your organisation understand common LOTL techniques and gaps in cyber defence capabilities.

Artificial intelligence

A range of guidance to assist organisations to engage with AI systems in a secure way.

Preparing for and responding to denial-of-service attacks

Guidance to help your organisation to prepare, respond and avoid contributing to denial-of-service attacks.

Cybersecurity incident response planning: Practitioner guidance

ASD defines a cybersecurity incident as an unwanted or unexpected cybersecurity event, or a series of such events, that has either compromised business operations or has a significant probability of compromising business operations.

Maintaining devices and systems

Was this information helpful?

Thanks for your feedback!


Tell us why this information was helpful and we’ll work on making more pages like it