Cyber Ethos

Facebook Linkedin Instagram

Governance Risk and Compliance

Essential 8

The Australian Cyber Security Centre (ACSC) recommends eight essential strategies to prevent malware delivery, limit the impact of cybersecurity attacks and improve recovery. The ACSC developed prioritised mitigation strategies, in the form of the Strategies to Mitigate Cyber Security Incidents, to help organisations mitigate cyber security incidents caused by various cyber threats. The most effective of these mitigation strategies are known as the Essential Eight.

essential 8

The Essential 8 Cybersecurity Strategies

This refers to the level of control and constraints you have over users’ applications. It involves stopping software libraries, scripts, installers, and other executables from running on workstations.

This guideline refers explicitly to updating third-party applications. It focuses on applying security updates and patches as quickly as feasible. The strategies require frequent usage of vulnerability scanners to detect missing patches and updates, as well as removing solutions that are no longer supported by their vendors.

Privileges :This strategy involves managing users with administrative privileges. It involves validating requests for privileged access to systems and applications, blocking privileged accounts from accessing the internet, and using separate operating environments for privileged and unprivileged users.

This strategy focuses on keeping operating systems up to date. The main outcome is to ensure that OS patches, updates, and security mitigations for internet-facing services are applied within two weeks of release – or within 48 hours if an exploit exists. Vulnerability scanners should be used to identify any missing patches, and any OS that is no longer vendor supported should be replaced.

Macro Settings: This refers to the amount of freedom your users have to run macros in Microsoft Office applications. Most users would have macros blocked as default – unless they have a demonstrated business requirement.

This refers to the limitations in place on users’ applications. At its most basic, web browsers should not be able to process ads or Java content from the internet, Internet Explorer 11 should be disabled, and users should not be able to change these settings.

This section involves enforcing MFA for all privileged access. Maturity starts by enforcing MFA for all user before they access internet-facing services and third-party providers.

This strategy involves ensuring critical systems and information is securely backed up and readily available. This flexible strategy requires organisations to back up important data, software, and configuration settings “in accordance with business continuity requirements”. All backup and restoration systems are tested, and unprivileged accounts restricted to their own backup environments.

What is an
Essential 8

security
assessment?

As part of Essential 8 security assessment, Cyber Ethos will provide you with a clear view of your organisation’s security posture:

  • A comprehensive review of existing technical information security controls against the ACSC Essential Eight Mitigation Strategies
  • A ranked Maturity Level (from 0 to 3) for each of the mitigation strategies
  • A report highlighting key areas of improvement, corrective actions, and estimated budgets
essential 8

What is the ACSC maturity model?

The ACSC Essential Eight maturity model provides organisations guidance in relation to the ACSC Essential Eight strategies implementation. It uses a scoring system from 0-3 to help identify what is the security posture for a particular organisation. It also provides the next logical steps to enhance that security posture.

This takes away organisations ability to cherry-pick strategies from the Essential Eight and provides them with a wholistic and sustainable model. What do I need to do next?

One size does not fit all. Your organization’s Risk Management Framework and Risk Appetite will determine what solutions and strategies must be implemented. The consultants at Cyber Ethos can conduct an Essential 8 security assessment for you. Get in touch with us immediately by clicking Contact us.

cybersecurity

Further Information

The Essential Eight Maturity Model is part of a suite of related publications:

  • Answers to questions about this maturity model are available in the Essential Eight Maturity Model FAQ publication.
  • Additional mitigation strategies are available in the Strategies to Mitigate Cyber Security Incidents publication.
  • Further information on additional mitigation strategies is available in the Strategies to Mitigate Cyber Security Incidents – Mitigation Details publication.
  • Further Information on implementing application control is available in the Implementing Application Control publication.
  • Answers to questions about this maturity model are available in the Essential Eight Maturity Model FAQ publication.
  • Additional mitigation strategies are available in the Strategies to Mitigate Cyber Security Incidents publication.
  • Further information on additional mitigation strategies is available in the Strategies to Mitigate Cyber Security Incidents – Mitigation Details publication.
  • Further Information on implementing multi-factor authentication is available in the Implementing Multi-Factor Authentication publication.

Want to know more about Essential 8?

Click Here

Get in touch with us

Subscribe to Newsletter

Follow Us

Facebook Linkedin Instagram

Contact Us

As an Australian headquartered company, at Cyber Ethos, we recognise the Aboriginal and Torres Strait Islander peoples as the First People of the nation. We recognise that Aboriginal and Torres Strait Islander people’s history and cultures are the foundation of our collective history and culture. We acknowledge and pay our respects to the Elders past, present and emerging as the Traditional Custodians of the land on which, we live and work.

About

Resources

Get In Touch

Facebook Linkedin Instagram

Copyright © Cyber Ethos 2024

Contact Us