Appearance
Understanding system security
The Australian Cyber Security Centre (which is part of the Australian Signals Directorate) has released a series of articles around the “Essential Eight” security principles.
The following table describes how each of these principles is applied to the secure operation of MVOW.
Essential measures for data security
| Measure | Purpose | Responsibility | Comments |
|---|---|---|---|
| Application whitelisting | To control the execution of unauthorised software | Contractor | This should be handled by your IT policies because it relates to your desktop environment. |
| Patching applications | Remediate known security vulnerabilities | Contractor / Pagaros | Your desktop systems need to be kept up to date, as do the MVOW web servers. |
| Configuring MS Office macro settings | To block untrusted macros | Contractor | This should be handled by your IT policies because it relates to your desktop environment. |
| Application hardening | To protect against vulnerable functionality | Contractor | This should be handled by your IT policies because it relates to your desktop environment. |
| Restricting administrative privileges | To limit powerful access to systems | Contractor / Pagaros | While this relates to your desktop environment, MVOW allows you to restrict functionality based on user roles. See Understanding users and roles. |
| Patching operating systems | To remediate known security vulnerabilities | Contractor / Pagaros | Your desktop systems need to be kept up to date, as do the MVOW web servers. |
| Multifactor authentication | To protect against risky activities | Pagaros | MVOW uses two-factor authentication to provide additional security surrounding login. See Understanding authentication. |
| Daily backups | To maintain the availability of critical data | Pagaros | Pagaros does this, retaining daily backups for a week, weekly backups for a month, monthly backups for a year, and annual backups indefinitely. |
For more about each measure, I’d encourage you to read the strategy document to understand the why of each principle. Also see the maturity model to understand what to do in detail.