ACSC Essential Eight | Data#3 (2024)

Overview

What is the ACSC Essential Eight?

While no set of mitigation strategies are guaranteed to protect against all cyber threats, organisations are recommended to implement eight essential mitigation strategies from the ACSC’s  Strategies to Mitigate Cyber Security Incidents  as a baseline.

This baseline, known as the Essential Eight, makes it much harder for adversaries to compromise systems. Released in 2017, the Essential Eight is an evolution of the Australian Signals Directory’s (ASD) Top Four recommendations.

What are the Essential Eight strategies?

ACSC Essential Eight | Data#3 (1)

1. Application control

ACSC Essential Eight | Data#3 (2)

2. Application patching

ACSC Essential Eight | Data#3 (3)

3. Restrict administrative privileges

ACSC Essential Eight | Data#3 (4)

4. Patch operating systems

ACSC Essential Eight | Data#3 (5)

5. Configure Microsoft Office macro settings

ACSC Essential Eight | Data#3 (7)

7. Multi-factor authentication

ACSC Essential Eight | Data#3 (8)

8. Regular backups
Maturity model

What is the ACSC maturity model?

The newACSC Essential Eight maturity modelbecame available in July 2021, giving Australian organisations guidance as to how to implement the ACSC Essential Eight strategies. The maturity model uses a scoring system from 0-3 to help you identify what your organisation’s security posture is and the logical next steps to enhance your defenses.

Previously, organisations were left to cherry-pick strategies from the Essential Eight, but the current model prioritises implementing all eight as a package because of their complementary attributes and broader focus on the evolving threat landscape.

Common challenges

Overcoming common security challenges

ACSC Essential Eight | Data#3 (9)

Do you know your weakest links?

It can be hard to find direction and know what best practice looks like when building a security strategy.

As an insider, faced with a costantly changing threat environment, it can be difficult to assess your environment objectively in order to identify risks. With limited time and resources, knowing where to begin and what to prioritise when building and implementing a security strategy can be challenging.

Pro Tip:Have an external expert assess your environment to understand your security posture.

ACSC Essential Eight | Data#3 (10)

How many security tools are you managing?

Many businesses have adopted ‘productised’ security solutions that often overlap with each other or leave gaps in your security stack. These point solutions lack the integration with your broader IT environment to make sure your organisation is secure.

Managing security across many tools creates a complex environment, making it difficult to notice red flags among numerous notifications. This leads to challenges with promptly remediating issues, amplifying room for error.

Pro Tip:Don’t over-engineer your security strategy – simplicity is the ultimate sophistication.

ACSC Essential Eight | Data#3 (11)

What is the status quo costing you?

Customers without a standardised approach to security have a higher risk of attack, increased impact of attack and slower recovery.Breaches can incur heafty financial and legal penalties for non-compliance.

88% of reported breaches involve contact information, such as an individual’s name, home address, phone number or email address. This is distinct from identity information, which was exposed in 60% of breaches and includes an individual’s date of birth, passport details and driver licence details.

Pro Tip:Standardise your approach to security, to better manage your defensive strategy.

Assessment

What is an Essential Eight Assessment?

Using the ACSC recommendations as a framework, Data#3 has built an Essential Eight Assessment to help organisations understand and improve their security posture.

The Essential Eight Assessment will help you understand your current security maturity and defensive posture, in alignment with the ACSC Essential Eight.

The engagement will begin with a discovery session to understand your business, technology environment and key objectives. Technical workshops will follow, focusing on application whitelisting, patching applications, patching operating systems, multi-factor authentication, managing administrator rights, daily backups, managing Microsoft Office macros and application hardening.

The Data#3 Information Assurance Specialist will gather data and analyse your adoption of each of the above controls. Detailed findings will be compiled into a report providing evidence of your current security state, as well as expert recommendations for optimisation. A high-level roadmap will be shared outlining the projects recommended to be undertaken, indicative costs, timelines and the recommended software, hardware and services required. The report will be shared with you for review, followed by a presentation lead by the assessor to discuss your results in-depth.

Contact us to find out more about you can undertake an Essential Eight Assessment.

Assessment Outcomes

What will you achieve?

ACSC Essential Eight | Data#3 (12)

Matured cyber security practices

  • Gain clear insight into your defensive posture and best practice advice for an integrated, Microsoft-based security platform.
  • Understand which tools, technical controls, business systems and people processes to implement in order to mature your cyber security practices.
  • Be confident that your organisation is protected using widely accepted mitigation strategies.
  • Improve your cyber security policies and procedures, including the governance of information systems throughout the enterprise.

ACSC Essential Eight | Data#3 (13)

Improved budget allocation

  • Standardise on one integrated platform, understand its full functionality, simplify your security stack and get better use of your currently investments.
  • Eliminate the unnecessary costs of point products that often overlap in functionality.
  • Simplify your team’s training and product knowledge requirements.
  • Increase efficiency and save valuable IT time and resources, with less systems to manage, fewer risks, faster detection of threats and enhanced ability to action remediation for a faster recovery.

ACSC Essential Eight | Data#3 (14)

Managable compliance

  • Discover and identify your gaps and overlaps, and learn how to secure them with administrative and technical controls.
  • Ensure compliance with business and industry information security requirements leveraging the wealth of proactive controls in the Microsoft platform.
  • Assist in achieving compliance with industry standards such as ISO27001, NIST and PCI.
Solutions

Partner solutions

ACSC Essential Eight | Data#3 (15)

Microsoft

Secure the modern workplace with Microsoft

Many of the controls needed to make an immediate difference and improve your cyber security posture may be available via your existing Microsoft investments.

By leveraging the Microsoft security portfolio across identity and access management, threat protection, cloud and network defence, information protection, endpoint security and compliance, you can achieve the desired results and reduce complexity in your environment.

Contact us

ACSC Essential Eight | Data#3 (16)

Cisco

Cisco security solutions addressing the Essential Eight

Cisco Duo, a leading multi-Factor authentication (MFA) solution, directly addresses four of the Essential Eight security basics. Duo addresses security pitfalls painlessly, with easy integration to other security solutions and limited disruption to modern work environments.

Layer Duo with otherCisco security solutions, such asCisco UmbrellaandCisco SecureX, for a comprehensive security architecture that addresses all eight of the security foundations.

Contact us

Why Data#3?

Data#3 for your best defence

Combining the experience of a dedicated strategic consulting team, as well as hands-on cyber security specialists, Data#3 has one of the most mature and highly accredited security teams in Australia. Leveraging a breadth of security solutions and a strong vendor portfolio Data#3 can help you design, implement and maintain superior security measures, tailormade to protect your business. Having conducted countlesssecurity assessments, we have developed a proven model to strengthen resilience, incident response and recovery.

AsMicrosoft’s largest Australian partner, and aMicrosoft Gold Security PartnerData#3’s expert team are globally recognised as leaders in securing your environment with the Microsoft security portfolio. Additionally, asCisco Security Architecture SpecialistswithCisco Master Security Specialisation, Data#3 implements best-in-class Cisco security solutions.

Related resources

Mitigating cyber risk starts here

ACSC Essential Eight | Data#3 (17)

eBook

ACSC Essential Eight Explained

Authored by an Information Assurance Specialist at Data#3, this collection of works deep dives into the practical actions organisations can take to stay secure in an era of ever-changing threats.

Download eBook

ACSC Essential Eight | Data#3 (18)

Solution overview

Solution Overview of the Essential Eight Adoption Roadmap Service

An Essential Eight Adoption Roadmap will guide you in risk and cost reduction, but providing specific, actionable recommendations leveraging your existing investment in the Microsoft Security portfolio.

Download asset

ACSC Essential Eight | Data#3 (2024)
Top Articles
Latest Posts
Recommended Articles
Article information

Author: Patricia Veum II

Last Updated:

Views: 5950

Rating: 4.3 / 5 (64 voted)

Reviews: 95% of readers found this page helpful

Author information

Name: Patricia Veum II

Birthday: 1994-12-16

Address: 2064 Little Summit, Goldieton, MS 97651-0862

Phone: +6873952696715

Job: Principal Officer

Hobby: Rafting, Cabaret, Candle making, Jigsaw puzzles, Inline skating, Magic, Graffiti

Introduction: My name is Patricia Veum II, I am a vast, combative, smiling, famous, inexpensive, zealous, sparkling person who loves writing and wants to share my knowledge and understanding with you.