Protect
Strategic allocation of defences that enable the business to mitigate current and evolving threats, provides greatest return on investment to business. Effective protection of information assets provides the assurance that information management systems continue to be fit for purpose.
In order to contain the potential impact of a cybersecurity breach it is crucial to prioritise cybersecurity efforts around critical functions.
Often resources are miss-allocated on protecting against threats that are never going to be realised while key vulnerabilities are overlooked.
Prioritising your resources to those things that will deliver the most protection will help minimise your threat exposure.
How are we protecting our assets
While it is vital to understand what it is we are protecting so we can develop an effective strategy, its also vital we understand how we need to protect these assets.
Are we strategic in how we implement protections?
Is our approach effective?
The protect function focuses on implementing effective controls and protections, both at an operational/procedural level and at a policy level. determining and mapping the resources, vulnerabilities, threats and impacts so a full and clear picture of true risk can be determined.
Authentication, Authorisation and Authentication.
Protections for Identity Management and Access Control within the organization including physical and remote access.
Focusing on these provides a level of protection against both internal and external threat actors mis using credentials.
Training
Empowering staff within the organization through Awareness and Training including role based and privileged user training
Expecting our staff to understand the threats and risks that the organisation faces without education plays into the hands of malicious actors.
When staff are not informed they can make poor decisions that will result in risks to the organisation being realised. This impacts not only the livelihood of the employees as a whole but also the viability of the organisation.
Processes and Procedures
Implementing Information Protection Processes and Procedures to maintain and manage the protections of information systems and assets
Not only are good processes and procedures vital for an organisation to operate effectively and with agility they are also vital for a secure operation. When the operations of organisation dont have well defined processes and procedures in place, they cant react quickly, they cant adapt and they cant detect issues that fall outside the normal which are often indications of a threat being realised.
Systemic Data Controls
Establishing Data Security protection consistent with the organization’s risk strategy to protect the confidentiality, integrity, and availability of information.
Having a set of workable controls that protect the data throughout its lifecycle and across the breadth of the organisation allows the organisation to operate efficiently while protecting the data.
Limiting staff to only the information they need to perform their tasks limits the impact of an inadvertent breach
Ensuring data is backed up and protected against malicious modification ensures you can trust the data and recover quicker from an incident.
Maintenance
Protecting organizational resources through Maintenance, including remote maintenance, activities
The longer systems are left without proper maintenance the greater the risk they pose to the organisation. Vendors release patches regularly to fix bugs in their systems, many of these bugs have the potential to be exploited for malicious gain, often resulting in expensive consequences in lost productivity, data loss or even extortion.
Technology
Managing Protective Technology to ensure the security and resilience of systems and assets are consistent with organizational policies, procedures, and agreements
::: card-text
There are an extensive array of tools available that provide reliable protection from threats. The truth is that they are all ineffective when implemented poorly, unaligned with the needs of the organisation and poorly maintained.
The ACSC Essential 8
Covering the 8 most effective areas your organisation can target to minimise potential cyber security incidents, Have us perform an Essential 8 Maturity Assessment on your organisation and get a head start on defending your organisation.