Does your organisation comply with the ACSC (ASD) Essential 8?

The Australian Cyber Security Centre’s has developed a prioritised migration strategy list for security controls that can help organisations to project their systems against various types of cyber-attacks. We at ShadowLens can help your organisation to achieve maturity of the implementation of Essential Eight and other three maturity levels which are defined by ACSC:

  • Maturity Level One: Partly aligned with the intent of the mitigation strategy
  • Maturity Level Two: Mostly aligned with the intent of the mitigation strategy.
  • Maturity Level Three: Fully aligned with the intent of the mitigation strategy.

Read More… Contact us to schedule in a meeting and continue reading below for detailed information on the ASD security framework.

Essential Eight

Why Essential 8 implementation is important in organisation?

ACSC Essential 8 is a set of mitigation strategies developed to reduce cyber security risk in organisation and establish best security practices. Essential 8 is now a mandatory requirement from Federal Government and NSW Governments which came in effect from 2019. The ASD Essential 8 is equally applicable and appropriate for private sector too. The Essential 8 can help organisation saving time, money, cyber risk as cost and time to mitigate a risk after exploitation can be more after compromise. Essential 8 Framework Breakdown: Prevent Attack:

  • Application Whitelisting – Allowing only selected and appropriate applications to run on computer
  • Patch Applications – Path Application vulnerabilities for the software that are deployed in organisation
  • Configure Microsoft Office Macros – Automated tasks of Microsoft “Macros” should be disable i.e. it is allowed to execute but only after prompting user for the approval.
  • User Application Hardening – Web browser configuration, to block flash players, java applets and ads etc.

Limit Extent of Attack:

  • Restrict Administrative Privileges – Managing access privilege for users and allowing only admin to manage systems.
  • Patching Operating Systems – Patching vulnerabilities is operating system and keeping system up to date.
  • Multi-Factor Authentication – Multi factor authentication is used to authenticate user of remote access solution.

Recover Data and System Availability:

  • Daily Backup of Important Data – Backup of important documents, software and information are performed every month. Backup should be saved offline in secure environment.