Strategies for Mitigating Denial-of-Service Attacks
Discuss with cloud providers how to handle costs and actions for denial-of-service attacks to maintain service continuity.
Plain language
A denial-of-service attack happens when someone floods your online systems with too much traffic, making them slow or unavailable to your customers. This control is about planning with your cloud provider to handle such attacks, so your business can keep running smoothly, avoid unexpected costs, and maintain customer trust.
Framework
ASD Information Security Manual (ISM)
Control effect
Proactive
Classifications
NC, OS, P, S, TS
ISM last updated
May 2023
Control Stack last updated
19 Mar 2026
E8 maturity levels
N/A
Guideline
Guidelines for networkingOfficial control statement
Denial-of-service attack mitigation strategies are discussed with cloud service providers, specifically: - their capacity to withstand denial-of-service attacks - costs likely to be incurred as a result of denial-of-service attacks - availability monitoring and thresholds for notification of denial-of-service attacks - thresholds for turning off any online services or functionality during denial-of-service attacks - pre-approved actions that can be undertaken during denial-of-service attacks - any arrangements with upstream service providers to block malicious network traffic as far upstream as possible.
Why it matters
Without agreed DoS capacity, alert thresholds and pre-approved actions with the cloud provider, attacks may cause prolonged outages, unexpected costs and reputational harm.
Operational notes
Agree with the cloud provider on DoS alert thresholds, service shutoff triggers, pre-approved response actions, and upstream traffic blocking; review these arrangements regularly.
Implementation tips
- Business owners should meet with their cloud provider to discuss service capacity: Set up a meeting with your provider to understand how much traffic your system can handle before it starts to slow down. Make sure they can manage a sudden spike in usage without interruptions.
- IT managers should establish cost estimates with the provider: Discuss potential financial impacts if a denial-of-service attack occurs. Have the cloud provider give you a detailed report of expected costs and possible savings if prevention plans are in place.
- Office managers should set up availability monitoring alerts: Work with your IT provider to set up tools that alert you when your service starts to slow down due to unusual activity, so you can respond quickly.
- System administrators should agree on limits for shutting down services: Collaborate with your provider to establish specific conditions under which certain services would be temporarily turned off to protect the entire system, without affecting all operations.
- Business owners should approve pre-planned defensive actions: Pre-approve actions with your provider that they can take during an attack, such as using upstream providers to block bad traffic at the earliest point possible. Ensure these actions are documented and you are notified when they are used.
Audit / evidence tips
- AskThe service capacity agreement: Request the document outlining your cloud provider's capability to handle large volumes of traffic GoodHas clear metrics showing the provider's resilience against high traffic
- AskCost estimation reports: Request documentation of the expected costs associated with denial-of-service attacks. Review the details of cost structures and protective measures discussed GoodIncludes cost figures and agreed protective scenarios
- AskAvailability monitoring logs: Request the logs that show alerts and response times related to service slowdowns GoodIncludes timely alerts sent before full service disruption
- AskThe shut-off thresholds documentation: Request the criteria defining when services might be temporarily disabled. Check for clear definitions and conditions under which these rules are applied GoodIncludes specific thresholds and clear authorisation steps
- AskThe pre-approved actions list: Request the documented procedures and actions approved for use during attacks GoodIncludes detailed steps that match what your cloud provider implements
Cross-framework mappings
How ISM-1431 relates to controls across ISO/IEC 27001, ISO/IEC 42001, Essential Eight, and ASD ISM.
ISO 27001
| Control | Notes | Details |
|---|---|---|
| sync_alt Partially overlaps (2) expand_less | ||
| Annex A 8.6 | ISM-1431 requires discussions with cloud service providers about DoS resilience, including capacity to withstand attacks and thresholds t... | |
| Annex A 8.16 | ISM-1431 requires organisations to agree denial-of-service (DoS) mitigation arrangements with cloud service providers, including monitori... | |
| link Related (1) expand_less | ||
| Annex A 5.30 | Annex A 5.30 requires organisations to ensure ICT readiness for business continuity through planning, implementation, maintenance and tes... | |
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.