Backround

The Australian Signals Directorate (ASD) has released the Essential 8 – which are considered by ASD as the most effective strategies to mitigate targeted cybersecurity intrusions. The ASD Essential 8 strategies build on previous ASD guidance on cybersecurity and incorporate the Top 4 Mandatory Requirements. ASD considers the Essential 8 to be an important part of an organisation’s security baseline.

While no single mitigation strategy is guaranteed to prevent cyber security incidents, organisations are recommended to implement eight essential mitigation strategies as a baseline. This baseline, known as the Essential Eight, makes it much harder for adversaries to compromise systems. Furthermore, implementing the Essential Eight proactively can be more cost-effective in terms of time, money and effort than having to respond to a large-scale cyber security incident. Before implementing any of the mitigation strategies, organisations should perform the following activities:

  • identify which systems require protection (i.e. which systems store, process or communicate sensitive information or other information with a high availability requirement)
  • identify adversaries most likely to target their systems (e.g. nation-states, cybercriminals, or malicious insiders)
  • identify what level of protection is required (i.e. selecting mitigation strategies to implement based on the risks to business activities from specific adversaries).

There is a suggested implementation order for each adversary to assist organisations in building a strong cyber security posture for their systems. Once organisations have implemented their desired mitigation strategies to an initial level, they should focus on increasing the maturity of their implementation such that they eventually reach full alignment with the intent of each mitigation strategy.

The Australian Government Information Security Manual (ISM) assists in the protection of information that is processed, stored or communicated by organisations’ systems. This publication can be found at https://www.acsc.gov.au/infosec/ism/

The Strategies to Mitigate Cyber Security Incidents complements the advice in the ISM. The complete list of mitigation strategies and supporting publications can be found at  https://www.acsc.gov.au/infosec/mitigationstrategies.htm.

The Essential Eight Maturity Model complements the advice in the Strategies to Mitigate Cyber Security Incidents. It can be found at https://www.acsc.gov.au/publications/protect/Essential_Eight_Maturity_Model.pdf.


Essential 8 Controls

  • patch applications
  • patch operating systems
  • multi-factor authentication
  • restrict administrative privileges
  • application control
  • restrict Microsoft Office macros
  • user application hardening
  • regular backups.



Cybra’s Essential 8 Approach

Cybra will sit down with you and walk through the ASD Essential 8 and how it relates to your business and your specific requirements. Cybra can assist with developing your Essential 8 strategy and technical implementation.

If you have already aligned with Essential 8, Cybra can also help you to understand the maturity of your Essential 8 implementation by performing technical reviews and identifying any potential gaps.

Cybra is known as an Essential 8 consulting firm in Melbourne, Sydney, Brisbane, and Australia-wide. Reach out to learn how Essential 8 can help secure your business. Cybra can conduct Essential 8 services remotely over video conferencing, or in-person at your chosen office location.


Book a free Cyber Security consultation today