Why Essential 8 implementation is important in organisation?
ACSC Essential 8 is a set of mitigation strategies developed to reduce cyber security risk in organisation and establish best security practices. Essential 8 is now a mandatory requirement from Federal Government and NSW Governments which came in effect from 2019. The ASD Essential 8 is equally applicable and appropriate for private sector too. The Essential 8 can help organisation saving time, money, cyber risk as cost and time to mitigate a risk after exploitation can be more after compromise. Essential 8 Framework Breakdown: Prevent Attack:
- Application Whitelisting – Allowing only selected and appropriate applications to run on computer
- Patch Applications – Path Application vulnerabilities for the software that are deployed in organisation
- Configure Microsoft Office Macros – Automated tasks of Microsoft “Macros” should be disable i.e. it is allowed to execute but only after prompting user for the approval.
- User Application Hardening – Web browser configuration, to block flash players, java applets and ads etc.
Limit Extent of Attack:
- Restrict Administrative Privileges – Managing access privilege for users and allowing only admin to manage systems.
- Patching Operating Systems – Patching vulnerabilities is operating system and keeping system up to date.
- Multi-Factor Authentication – Multi factor authentication is used to authenticate user of remote access solution.
Recover Data and System Availability:
- Daily Backup of Important Data – Backup of important documents, software and information are performed every month. Backup should be saved offline in secure environment.