logo

Evaluating Essential 8 Maturity

In 2017 the Australian Cyber Security Centre released the Essential 8 Maturity model, a series of strategies to Mitigate Cyber Security Incidents. This model was developed by looking at the most common threat vectors that are used to breach the security of the organisations. Taking these vectors and then using them to identify the most effective set of controls that can be implemented, a set of 8 basic controls were laid out. A maturity model was defined in order to allow organisations a pathway to acheiving a sustainable level of protection.

Maturity levels

To assist organisations in determining the maturity of their current environment and progress towards a full implementation of the Essential Eight, three maturity levels have been defined for each mitigation strategy.

The maturity levels are defined as:

  • Maturity Level One: Partly aligned with the intent of the mitigation strategy.
  • Maturity Level Two: Mostly aligned with the intent of the mitigation strategy.
  • Maturity Level Three: Fully aligned with the intent of the mitigation strategy.

What maturity level to aim for

While as a baseline organisations should aim to reach Maturity Level Three for each mitigation strategy an organisation may get more value from focusing on the mitigation strategies that align closest with the threat vectors they are most at risk from.

Mitigation Strategies

There are 8 seperate mitigation strategies that make up the essential 8 Maturity model.

Application control

Control which applications are allowe to run on any system.

Application Patching

Regular and timely patching of applications to minimise the amount of time a vulnerability is available to exploit.

System patching

Regular and timely patching of Systems to improve reliability and to minimise the amount of time a vulnerability is available to exploit.

Configure Microsoft Office macro settings

Restrict Macros in Office applications to only those that are essential and approved.

User application hardening

Removal of dangerous settings in applications known to allow malicious attack vectors, e.g. flash and Java Applets.

Administration privilege restriction

Restricting Administration privileges to not just appropriate people but also minimise access to applications and services using those accounts.

Multi Factor Authentication

Implementing Multi factor authentication to minimise the ability for malicious actors to utilise stolen credentials.

Daily Backups

Ensuring that not only are regular daily backups of all essential systems being completed but that those backups are useful for recovery as well as protected from modification.

Cyberz

Arrange an Essential 8 Maturity assessment.

Covering the 8 most effective areas your organisation can target to minimise potential cyber security incidents, Have us perform an Essential 8 Maturity Assessment on your organisation and get a head start on defending your organisation.