Security managers guide

Security considerations for return-to-work arrangements

www.asio.gov.au
Release history

Issue no. Issue date Description

1.0 June 2020 First Release

Handling instructions
This document is not classified. It is approved for public release: distribution unlimited.

Disclaimer
The information provided in this document is intended to be used as general guidance
material only and is not provided for any other purpose. In particular, it is not intended to
provide comprehensive advice on its subject matter or in relation to any particular product,
and should not be relied on as providing such advice. Organisations or individuals using or
relying on the information contained in this document are deemed to do so in conjunction with
their own judgement and assessment of the information in light of their particular needs and
circumstances. The Australian Security Intelligence Organisation has taken every care in the
preparation of this document to ensure the information is accurate at the time of publication.
The Commonwealth, its officers, employees and agents exclude all liability for loss or damage
(including in negligence) suffered or incurred by any precinct or individual as a result of their
use of or reliance on the information contained in this document.
© Commonwealth of Australia 2020

FOI statement
This document, and any information, extract or summary from this document, is exempt under
the Freedom of Information Act 1982.
Contents
Introduction 1
Recovery and resumption 1
Reassess risks 2
People and personnel security 4
Mitigations to reduce the insider threat 5
Indicators of espionage, foreign interference or sabotage 5
Facility inspections 6
Security systems and hardware 7
Cyber security 8
Reporting cyber security incidents 10
Returning to work 10
Deterrence communications 11
Supply chain protective security 12
Destruction of information and assets 13
Visitor management 13
Lessons learned 13
Conclusion 14
References and further reading 15

Security managers guide: Security considerations for return-to-work arrangements i

ii Security managers guide: Security considerations for return-to-work arrangements
Introduction
This guide provides security staff with guidance on return-to-work arrangements and the
adjustments to security policies and procedures needed to minimise vulnerabilities, where
existing security measures at an organisation may have changed. The COVID-19 pandemic
has dramatically affected Australian lives and businesses. The full impact of the crisis may
not be immediately evident, but security managers can help their organisation to resume
its objectives, and prepare for any new threats, risks and impacts. Organisations should be
aware of how existing security measures at the site have changed and what they can do to
minimise vulnerabilities. If a business has put its operations on hold, or most of its staff have
been working from home, changes may have been made to offices and facilities.
These changes may require attention from security staff, and adjustments to security
policies, procedures and infrastructure.

This guide supplements the advice provided in other Australian Security Intelligence
Organisation (ASIO) security manager guides and handbooks available through ASIO’s
Outreach website—www.outreach.asio.gov.au.

Recovery and resumption

Business as usual—when an organisation can operate again in an unrestricted manner—
may not be the same as the operating environment at the end of 2019. This means that an
organisation’s security posture also needs to change. Permanent changes may need to be
made to the way that certain duties are carried out, as people and organisations embrace
the new work practices they have developed during the crisis. Organisations need to work
closely with all stakeholders to conduct a proper risk assessment of their new ways of
working, and to put in place proportional security measures and policies to support the new
ways of delivering key organisational outputs.

When assessing the impact of the crisis on an organisation and its security, organisations
should assign priorities to their business processes and create a schedule for the scaled
resumption of services. When setting priorities, organisations should assess the criticality of
each process, and the interdependencies of each process with other operations, processes
and requirements. Once the critical processes have resumed, a timeline for resuming the
remaining processes can be implemented. The security function should return to operation
where it supports an organisation to achieve its business objectives. If this is not possible,
the security function should communicate with organisation stakeholders that, while there
may still be changes and challenges in the workplace, operations are headed in a direction
that will eventually facilitate business objectives.

Security managers guide: Security considerations for return-to-work arrangements 1

Reassess risks
The COVID-19 pandemic and the flow-on effects may have affected an organisation and its
facilities in a variety of ways. Security managers should review and reassess their site-specific
security risk assessments to:
▶▶ understand the threats, and how they may have changed;
▶▶ confirm the criticality, nature and location of key functions, sensitive information and
physical assets;
▶▶ anticipate how these functions and assets might be at increased (or decreased) risk;
▶▶ assess whether existing security measures are performing as expected, and are
appropriate to the new risk environment; and
▶▶ if required, adjust existing measures or introduce new measures to reduce security risks
to an acceptable (tolerable) level.

Physical assets are tangible items that are valuable to an entity and require protection;
these can be described as follows.
▶▶ Valuable—the asset’s monetary value.
▶▶ Sensitive—the asset is sensitive in its own right or is sensitive because of the
confidentiality requirements of the information held on the asset—for example,
information and communications technology equipment.
▶▶ Important—the asset’s integrity or availability is significant to an organisation’s
operations.
▶▶ Attractive—the asset is not necessarily valuable but is desired—for example, an iPad.
▶▶ Significant—the asset has cultural or national significance, regardless of monetary
value.
▶▶ Dangerous—the asset is likely to inflict harm—for example, firearms and explosives.

Potential risk scenarios for assessment include the following.

▶▶ Malicious insider threats—malicious insiders (such as disgruntled employees with access to
information, systems and assets) causing damage to an organisation through espionage or
sabotage. For further information, refer to COVID-19-specific ASIO analytical reports.1
▶▶ Terrorism—threat actors using or threatening violence to advance a political goal, with
new tactics related to the pandemic (such as COVID-19 hoaxes or malicious coughing).
For further information, refer to COVID-19-specific ASIO analytical reports.
1 Organisations can subscribe to ASIO’s Outreach website to access these reports under the COVID-19 tab.

2 Security managers guide: Security considerations for return-to-work arrangements

▶▶ Violent protest—groups or individuals promoting an ideology through the use of pre-planned
or premeditated violence or disruption, or damage or destruction directed at property.
▶▶ Communal violence—an increase in communal violence as escalating financial impacts
and a reducing supply of critical goods affect vulnerable communities around the globe.
▶▶ Crime environment—a changing crime environment as financial impacts or social
distancing requirements affect how a precinct is occupied.

Around the world, different regions have different timelines for easing COVID-19 restrictions,
which provides an opportunity to learn from the experiences of other organisations.
We recommend that security teams investigate the experiences of similar organisations
overseas. This could be achieved by conducting open-source research, communicating
with professional networks or liaising with partner organisations to answer the following
questions.
▶▶ How have they responded?
▶▶ Are they still responding to the pandemic or moving to recovery?
▶▶ How has their threat environment changed?
▶▶ How have their risk mitigations changed?

Organisations need to be aware of, and to understand, the changing threat environment.
For example, in the United Kingdom, communications infrastructure was vandalised and
workers harassed, following an online misinformation campaign that alleged 5G technology
is linked to COVID-19. Organisations should consider how such a threat could affect their
operations, especially if local communications infrastructure could be a single point of
failure.

Security managers guide: Security considerations for return-to-work arrangements 3

People and personnel security
Organisations should provide ongoing support and guidance to staff during the return-to-work
phase—especially to staff who have been working from home. This support and guidance
could address concerns about security, wellbeing, and cyber and technical security
threats—which can improve workforce morale and minimise risk to an organisation from
malicious insider threats. Organisations may use all or a combination of the staff support
and guidance strategies listed below.
▶▶ Provide ongoing, varied and regular security awareness updates; remind staff of the
continued and evolving security threat, and the physical and technical security measures
they should adopt; and provide guidance (for example, through posters, desktop
quick-reference guides, intranet prompts and security awareness presentations) on when
and how to report security concerns.
▶▶ Ensure that security policies and procedures are still consistent with—and support—
an organisation’s objectives.
▶▶ Conduct face-to-face meetings with staff (for example, new staff) who were given virtual
personnel security briefings during the working-from-home period.
▶▶ Conduct face-to-face meetings with staff who had virtual interviews for employment
screening, ongoing human resources (HR) matters or security investigations.
▶▶ Encourage line managers to engage with staff through face-to-face team meetings
and one-on-one meetings—this will assist with business objectives and improve staff
wellbeing.
▶▶ For line managers, be aware of changes in personal circumstances that put additional
stress on employees—such as financial concerns, ill health, leave arrangements,
and operating during prolonged periods of high anxiety. Line managers should report
these concerns, and manage them in collaboration with their organisation’s security and
HR areas.
▶▶ Ensure that the workforce has face-to-face access to work health and safety and
employee counselling services, if required, during prolonged periods of high anxiety.
▶▶ Remind staff frequently of the importance of reporting security concerns, and how to do so.
▶▶ Reassess your organisation’s security culture, and provide ongoing education and
awareness-raising information to staff on their security responsibilities—long-term
working from home may have eroded an organisation’s shared security culture.

4 Security managers guide: Security considerations for return-to-work arrangements

▶▶ Recognise signs of staff disgruntlement—specifically where staff are being put on
temporary absence arrangements, receiving reduced pay, required to continue working
while covering for absent staff, or being directed to return to work in the facility.
▶▶ Ensure your organisation’s security officers are aware of any changes to security policy
on entry and exit procedures; removal of sensitive material from the site; and vigilance
towards those breaching the rules, either accidentally or deliberately.

Mitigations to reduce the insider threat

Organisations should consider the following measures to reduce the potential for increased
malicious and non-malicious insider activity.
▶▶ Organisations should maintain physical security and information and communications
technology (ICT) security policies, structures and resourcing.
▶▶ Where possible, organisations should maintain centralised records on increased
numbers of ICT accesses, permissions and justifications; access to facilities; and removal
of information and assets. Sufficient data should be collected to enable meaningful
analysis of access to information, facilities and assets, should an insider investigation be
required.
▶▶ Staff working from home, on less secure systems, or under different working arrangements,
should be reminded of their ongoing requirement to maintain the security of information.
▶▶ Staff (including those working from home) should be reminded of ongoing contact
reporting requirements (suspicious, unusual, ongoing or persistent—SOUP), and made
aware of the potential for online approaches.
▶▶ Staff should be encouraged to remain alert and report any real or potential breaches of
security—including those by other staff members—to their security area.

Indicators of espionage, foreign interference or sabotage

To report signs of espionage, foreign interference or sabotage, industry partners and
Australian Government entities should use the Australian Government Contact Reporting
Scheme (CRS) by emailing cr@asio.gov.au. ASIO uses the CRS to identify hostile activity
directed against Australia and its interests, government employees and contractors,
and people with an Australian Government security clearance. ASIO also uses the CRS to
identify trends, including:
▶▶ what information is of interest to foreign intelligence services;
▶▶ who is interested in the information; and
▶▶ which methods foreign intelligence services are prepared to use to collect information.

Security managers guide: Security considerations for return-to-work arrangements 5

ASIO uses this information to formulate threat assessments and security intelligence advice,
which helps organisations understand threats to their resources and formulate appropriate
countermeasures to manage risks.

Facility inspections
Access to some facilities may have been unmonitored during the restrictions period,
allowing adversaries to bypass the security measures that are usually in place. Security staff
should assess existing security measures at facilities that have either put their operations on
hold, or been operating with skeleton staff:
▶▶ at the site perimeter;
▶▶ across the intervening space between the perimeter and the building façade;
▶▶ from the perimeter into public access, reception and delivery areas; and
▶▶ in controlled access areas.

Consider conducting a suspect item search routine (white-level inspection)—both inside

and outside the facility—to assess changes in the environment. All staff members can
complete white-level inspections of their respective workplaces for any articles that are
unusual, suspicious or unable to be accounted for. The people in the best position to
conduct these inspections are those who know and work in an area. A white-level inspection
is not a search for bombs.2

Further information is available in ASIO’s security managers guide Protective security

assessment inspections.

2 Refer to ANZCTC’s publication Improvised explosive device (IED) guidelines for places of mass gathering for further
information.

6 Security managers guide: Security considerations for return-to-work arrangements

Security systems and hardware
We recommend that organisations conduct a health check of their protective security systems
and hardware to ensure they are working, are not vulnerable to attack, and have not been
compromised, and that audits are reviewed. Health checks could include the following.
▶▶ Check the audit logs of the electronic access control system and security alarm system
for intruder alarms, tamper alarms, alarm response actions, alarm points in isolation,
access to areas outside core hours, attempts to access restricted areas, and other
suspicious activity.
▶▶ Ensure any regular maintenance that was postponed is completed, and any maintenance
issues with the systems are actioned.
▶▶ Ensure the latest operating system and application patches are applied to your
organisation’s security systems, as these may have been postponed with reduced staff
on site.
▶▶ Update access control privileges—staff may have left your organisation at a time when
only critical updates were being performed on the system.
▶▶ Ensure that access credentials that may have been lost or stolen are removed from the
system.
▶▶ Check any escalated privileges required for crisis response are de-escalated when no
longer required.
▶▶ Reinstate dual authentication systems that may have been deactivated to reduce
the spread of the virus, such as personal identification number (PIN) pads or contact
biometric solutions.
▶▶ Audit keys against the key register, and investigate any discrepancies. We recommend
that the security team sights all keys, and that staff re-sign for keys in their possession.
▶▶ Review CCTV footage to ensure perimeter or sensitive areas have not been compromised.
▶▶ Set aside some time for security staff training, especially if your organisation returns with
new contracted staff, or if staff have not used the systems for an extended period of time.

Key questions to ask about the current status of an organisation’s security systems are as
follows.
▶▶ Functionality:
Does the system have any new functional requirements?
Is the system able to perform the existing and/or new functional requirements?
Is the system still operating as intended?

Security managers guide: Security considerations for return-to-work arrangements 7

▶▶ Operators
Are system operators still fully trained on the correct use of the system?
Do operators have access to manufacturer reference material?
Are standard operating procedures current, in place and easily accessible?
Have incident response procedures been recently tested?
Is the emergency point of contact in the event of system failure up to date?

▶▶ Maintenance
Has the system been tested for functionality recently?
Has the preventive maintenance schedule been completed in accordance with
manufacturer specifications?
Is a comprehensive maintenance schedule from a new provider required?

▶▶ Redundancy
Has the stock of replacement equipment (to enable quick replacement of faulty
items) been exhausted?
How long will it take to renew the stock of replacement equipment from the current
supply chain?
Does the system have redundancy measures (for example, backup power)?
Are alternative measures in place if the system becomes inoperable?

Cyber security
The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) has developed
prioritised mitigation strategies in the Strategies to mitigate cyber security incidents to help
security professionals in all organisations mitigate the threat of security incidents
caused by various cyber actors. This guidance addresses targeted cyber intrusions
(that is, those executed by advanced persistent threats such as foreign intelligence services),
ransomware, external adversaries with destructive intent, malicious insiders, ‘business
email compromise’, and industrial control systems. Refer to https://www.cyber.gov.au/
publications/strategies-to-mitigate-cyber-security-incidents.

We recommend that organisations review their systems against the Strategies to mitigate
cyber security incidents, to assess whether their system security risk has changed because of
pandemic crisis responses.

8 Security managers guide: Security considerations for return-to-work arrangements

We recommend that organisations act as follows.
▶▶ Ensure that the organisation’s systems and applications—including virtual private
networks, firewalls and remote desktop clients—are up to date, with the most recent
security patches installed.
▶▶ Revert any system changes that were created in response to the crisis, if they are no
longer required.
▶▶ Review any new or additional accounts that were created to facilitate working from
home, and remove if no longer required.
▶▶ Assess individual access to systems and information that may have been escalated to
respond to the crisis. Assess whether it should be returned to previous conditions, or the
opportunities, threats and risks allow for it to continue.
▶▶ Use mobile device management software to ensure that loaned devices are returned,
and that lost or stolen devices are remotely erased.
▶▶ Audit access to information over the working-from-home period that does not fit normal
working patterns.

One of the biggest cyber threats to emerge during the pandemic is that of hostile actors
using online phishing techniques to exploit concerns about COVID-19. By educating staff to
follow these simple steps provided by the ACSC, you can help to protect your organisation
from phishing emails.
▶▶ Before opening an email, consider who is sending it to you and what they’re asking you
to do. If you’re unsure, call the organisation you suspect the suspicious message is from,
using contact details from a verified website or other trusted source.
▶▶ Do not open attachments or click on links in unsolicited emails or messages.
▶▶ Do not provide personal information to unverified sources, and never provide remote
access to your computer.
▶▶ Remember that reputable organisations locally and overseas—including banks,
government departments, Amazon, PayPal, Google, Apple and Facebook—will not call or
email to verify or update your personal information.
▶▶ Use email, SMS or social media providers that offer spam and message scanning.
▶▶ Use two-factor authentication (2FA) on all essential services such as email, bank and
social media accounts, as this way of ‘double-checking’ identity is stronger than a simple
password. 2FA requires you to provide two things—your password and something else
(such as a code sent to your mobile device or your fingerprint)—before you, or anyone
pretending to be you, can access your account.

Security managers guide: Security considerations for return-to-work arrangements 9

Hostile actors and criminals may act anonymously online in an attempt to connect with
people with access to valuable or sensitive information. Organisations should provide
advice to staff on the security risks of putting too much information about their employment
on social media.

Reporting cyber security incidents

The ACSC encourages large businesses and Australian Government entities to report cyber
security incidents—including cyber security vulnerabilities that are discovered and not yet
publicly known—and data breaches.

Cyber security incidents to be reported include suspicious system and network activities
such as:
▶▶ domain administrator accounts being locked out due to failed authentication attempts;
▶▶ unusual authentication events on remote access systems;
▶▶ service accounts communicating with internet-based infrastructure;
▶▶ compromise of sensitive and security-classified information;
▶▶ unauthorised access or attempts to access a system;
▶▶ emails with suspicious attachments or links;
▶▶ denial-of-service attacks; and
▶▶ suspicion that electronic devices have been tampered with.

An organisation may have legal obligations under the Notifiable Data Breaches scheme if it
experiences a data breach likely to result in serious harm to any individuals whose personal
information is involved in the breach. For further advice, refer to the Office of the Australian
Information Commissioner website at https://oiac.gov.au.

Returning to work
As restrictions begin to be lifted and business starts to increase beyond baseline operations,
people will inevitably return to work, and business outputs will start to return to normal.
As an organisation transitions staff from working-at-home arrangements back to office-based
or facility-focused work, security teams should consider the following points.
▶▶ Plan ahead, to ensure the supply of equipment or services critical to your organisation’s
operation is not interrupted, given that many organisations will be taking similar steps at
the same time as restrictions are relaxed.

10 Security managers guide: Security considerations for return-to-work arrangements

▶▶ Make preparations to ensure that security equipment not used during the lockdown
period can be recommissioned in a timely manner, taking into account that many other
organisations will be doing this at the same time.
▶▶ Engage with your organisation’s supply chain to understand what level of service they
can guarantee—to ensure your organisation can return to normal operations in a safe
and secure way.
▶▶ Engage with your crisis management and HR teams to plan how many members of staff
return to work, and when. This will ensure that security resources can support individuals
as they return to work with tasks including reset of passwords or PINs, or provision of new
passes where they have been lost or cancelled.
▶▶ Reaffirm current security policies and procedures with staff before they return to work,
as they may have changed or been forgotten, or relaxed to allow greater productivity
while working from home.
▶▶ Where possible, conduct inspections and audits of higher-risk staff residences to ensure
that sensitive material or assets are returned to the facility.
▶▶ Remind staff of the process by which information and assets can be returned to secure
facilities once the need for working-from-home arrangements has passed. Conduct audits
to ensure that all material and assets are located.
▶▶ Remind staff to return all equipment and furniture they may have borrowed from
your organisation to facilitate working from home. If a record was kept of assets being
removed from the facility, audit this against the items being brought back in.

Deterrence communications
An organisation can review, promote and communicate its security measures using
deterrence communications. These communications can discourage an adversary from
targeting a location if they perceive it is too difficult to attack. Deterrence communications
aim to:
▶▶ deny access to information needed to plan an attack; and
▶▶ create a perception that an attack will fail because effective security measures are in place.

We recommend that organisations audit the open-source information they are producing
to ensure it isn’t creating or exposing new security vulnerabilities—therefore denying an
adversary access to the information they require.

Security managers guide: Security considerations for return-to-work arrangements 11

As restrictions start to lift, an organisation’s security managers and communications
professionals can produce deterrence communications about their organisation’s
return-to-work situation.

Further information can be found in ASIO’s security managers guide Deterrence

communications.

Supply chain protective security

Reassess and maintain control of supply chain protective security measures, particularly if
any providers had to be changed at short notice to meet your organisation’s demand;
or your downstream partner organisations had issues with their own supply chain; or your
providers are no longer exist because of financial hardship.

Supply chain protection does not stop with securing a facility through gates and locks—
it extends to the protection of products and people involved in supply chain activities,
as well as the internal and external information flows across the supply chain. Supply chain
defence is not only a matter of ensuring the safety of these assets, but also of preventing
theft, damage and unintentional intrusions that could disrupt supply chain operations.

If you have engaged a provider at short notice to respond to the crisis, make sure
appropriate background and security checks have been completed. We recommend you
revisit your supply chain protective security by:
▶▶ updating the supply chain security risk assessment;
▶▶ identifying what needs to be protected and whether it has changed;
▶▶ assessing existing supply chain security measures and whether they have decreased or
increased;
▶▶ improving existing security measures;
▶▶ re-engaging with your organisation’s service providers;
▶▶ ensuring previously mutually agreeable solutions still work for both parties;
▶▶ providing support;
▶▶ maintaining security measures;
▶▶ maintaining contact; and
▶▶ building relationships.

Further advice can be found in ASIO’s security managers guide Supply chain security,
available on ASIO’s Outreach website—www.outreach.asio.gov.au.

12 Security managers guide: Security considerations for return-to-work arrangements

Destruction of information and assets
As staff transition from working at home to returning to work, they should be reminded
that sensitive information and physical assets—including removable media and mobile
devices—may need to be sanitised or destroyed before disposal. Staff should be reminded
of the appropriate sanitisation and destruction processes. Sanitisation and destruction
could take place at staff members’ residences, or on return to the organisation’s secure
facilities.

If there is a large amount of material for destruction, consider a secure temporary storage
space, additional outsourced destruction and sanitisation services, or a staged approach to
information sanitisation and destruction.

Visitor management
Visitor management processes and systems can be adapted to aid health and safety best
practices and to reduce exposure to employees and other visitors. For example, visitors could
be security screened to ensure they meet entry requirements, and entry refused if they have:
▶▶ travelled out of the country in the past 14 days;
▶▶ experienced symptoms such as cough, shortness of breath or fever; and/or
▶▶ recently had contact with any person(s) who is confirmed as, or suspected of,
having COVID-19.

Screening should start before a visitor arrives at the facility so that, if they do not meet the
criteria to enter the building, an organisation can refuse entry.

Lessons learned
To enhance organisational resilience and improve policies and procedures, security
managers should consider reviewing their organisation’s pandemic response plan, crisis
management plan, business continuity plan and working-from-home policy, where relevant.
The results could be incorporated into an ‘After action report’ for your organisation’s senior
leadership. Topics could include:
▶▶ what worked well, and why;
▶▶ what didn’t work, and why;

Security managers guide: Security considerations for return-to-work arrangements 13

▶▶ what resource capabilities were before and after the crisis;
▶▶ how your organisation’s crisis response could be improved;
▶▶ which resources are needed to respond better to future crises;
▶▶ how recommendations could be implemented;
▶▶ how your organisation’s response compared with others in your sector or industry; and
▶▶ how adequately prepared your organisation was to continue its operations, support its
employees, and achieve its business objectives.

Identify areas where the security function could be better prepared or add significant
value to a business’s operations, such as providing a backup ability to remotely access and
monitor security systems during disruptive events.

Conclusion
In the face of the global COVID-19 pandemic, Australian organisations have had to manage
a dispersed workforce with staff working from home. The information, assets and personnel
of organisations were suddenly exposed to a less controlled and frequently changing
environment. As organisations return to their facilities, the uncertainty of the new operating
environment will have an impact on their business objectives.

What will endure—and potentially develop in unexpected ways—is the volatile, uncertain,
complex and ambiguous environment caused by the crisis.

Organisations should be prepared to adapt and respond to changing threats, vulnerabilities

and risks on a continuing basis.

14 Security managers guide: Security considerations for return-to-work arrangements

References and further reading
ASIS International, Business continuity guideline: a practical approach for emergency
preparedness, crisis management, and disaster recovery, https://www.asisonline.org/
publications/sg-asis-business-continuity-guideline/

Australian Cyber Security Centre, Cyber security is essential when preparing for COVID-19,
March 2020, https://www.cyber.gov.au/news/cyber-security-essential-when-preparing-
covid-19

Australian Cyber Security Centre, Threat update: COVID-19 malicious cyber activity, 20 April 2020,
https://www.cyber.gov.au/threats/threat-update-covid-19-malicious-cyber-activity

Australian Cyber Security Centre, Web conferencing security, https://www.cyber.gov.au/

publications/web-conferencing-security

Australian Cyber Security Centre, COVID-19: cyber security tips when working from home,
https://www.cyber.gov.au/advice/covid-19-cyber-security-tips-when-working-home

Australian Cyber Security Centre, Windows event logging and forwarding,

https://www.cyber.gov.au/publications/windows-event-logging-and-forwarding

Australian Cyber Security Centre, COVID-19: protecting your small business,

https://www.cyber.gov.au/advice/covid-19-protecting-your-small-business

Australian Security Intelligence Organisation, Security managers guide, Supply chain security,
2017, https://www.outreach.asio.gov.au

Australian Security Intelligence Organisation, Security managers guide, Protective security

assessment inspections, 2017, https://www.outreach.asio.gov.au

Australian Security Intelligence Organisation, Security managers guide, Deterrence

communications, 2018, https://www.outreach.asio.gov.au

United Kingdom Centre for the Protection of National Infrastructure, Personnel security in
remote working: a good practice guide, February 2012, https://www.cpni.gov.uk/system/
files/documents/af/05/personnel-security-in-remote-working-a-good-practice-guide.pdf

United Kingdom National Cyber Security Centre, Home working: preparing your organisation
and staff, 17 March 2020, https://www.ncsc.gov.uk/guidance/home-working

Williams, Don, ‘Why your security risk review is out of date’, Security Solutions, 30 April 2020,
https://www.securitysolutionsmedia.com/2020/04/30/why-your-security-risk-review-is-out-of-date/

Security managers guide: Security considerations for return-to-work arrangements 15

JN 20-11803