Manuel Basiri

Manuel Basiri

Application Architecture and Development

  • .NET Developer and Solution Architect
  • Database Design and Optimisation
  • Cloud Architect

Our Team

Bella Gomrokchi

Bella Gomrokchi

Frontend Developer / UX / UI Designer

  • UX and UI designer
  • Front end / Blazor developer
  • Graphic and motion designer
Grace Colville

Grace Colville

Operations / Legal and Compliance

  • Operations and Administration
  • Legal & Regulatory compliance
  • Finance research
Sim Singh Nanda

Sim Singh Nanda

Cloud Infrastructure / Security & Availability

  • Application security
  • Cloud security architecture
  • Monitoring & Availability
Amir Gomrokchi

Amir Gomrokchi

Data Analyst / AI Research & Implementation

  • Data analysis & Research
  • AI integration & Optimisation
  • Machine Learning / Generative AI

Office Security Best Practices

The Australian Signals Directorate (ASD) “Essential Eight” is a set of baseline cybersecurity strategies to mitigate cyber threats in an organisation. These recommendations are designed to provide effective, prioritized guidance to enhance their security posture of a business. 

Our development studio and procedures are currently compliant with Level One of the Australian Signals Directorate Essential Eight recommendations. We’re actively improving and investing in our development environment to achieve compliance with higher levels of this security framework.

The Essential Eight consists of the following strategies:

APPLICATION WHITELISTING:

Only allow approved applications to execute on systems to prevent unauthorized or malicious software from running.

CONFIGURE MICROSOFT OFFICE MACRO SETTINGS:

Configure Microsoft Office to block macros from the internet, and only allow vetted macros either in ‘trusted locations’ with limited write access or digitally signed with a trusted certificate.

PATCH APPLICATIONS:

Regularly update and patch applications to address vulnerabilities that attackers may exploit. 

 

Essential Eight

USER APPLICATION HARDENING:

Configure web browsers and Microsoft Office to block malicious websites and macros, ensuring the secure configuration of PDF viewers.

RESTRICT ADMINISTRATIVE PRIVILEGES:

Restrict administrative privileges to essential users only to prevent unauthorised access and reduce the impact of successful attacks.

MULTI-FACTOR AUTHENTICATION:

Implement multi-factor authentication for all users, particularly for remote access to critical systems, to enhance authentication security.

PATCH OPERATING SYSTEMS:

Regularly update and patch operating systems to address vulnerabilities and minimize the risk of exploitation.

DAILY BACKUPS:

Regularly back up important data and ensure backups are stored securely offline to facilitate recovery in case of data loss or ransomware attacks.

Application Development Security Standards

Modern applications require security awareness at the code, infrastructure, and runtime levels to ensure deployed applications are hardened against all potential attack vectors. Gemma is designed and developed closely following the Guidelines for Software Development chapter of the Information Security Manual (ISM) published and updated by the Australian Signals Directorate (ASD). The ISM is considered the Intelligence Services Act 2001-designated best practices document of the Australian Signals Directorate (ASD). You can access the full text of ISM from this link.

Below is the summary list of each specific guideline and the current state of our development practice, software code and infrastructure with respect to compliance with that guideline. CLICK on each item for further details.