Unravelling the Essential Eight: Your First Steps in Cyber Security
The Australian Cyber Security Centre (ACSC) has put together some top strategies to help your organisation stay safe online. Among these, the Essential Eight stand out as the most effective.
The Essential Eight were designed for Microsoft Windows-based, internet-connected networks. While they can be used for cloud services and other operating systems, they’re not tailor-made for these. So, in these cases, you may need to consider some other strategies.
Understanding the Essential Eight Maturity Model
The Essential Eight Maturity Model was first published back in 2017, and it’s been regularly updated since, with the last revision in November 2022. This model is like a roadmap to help you implement the Essential Eight in your organisation.
When using the Essential Eight, you’ll want to target a specific maturity level that suits your needs and then work towards that level. All eight strategies are designed to work together, so you should aim to reach the same maturity level across all of them before moving onto the next level.
And remember, the Essential Eight are just a starting point. You’ll likely need additional security measures, depending on your specific environment and the threats you face.
The Importance of Maturity Levels
There are four maturity levels in the Essential Eight, from Level Zero to Level Three. Each level is designed to counteract different levels of cyber threat sophistication, which we refer to as adversary tradecraft. These are the tools, tactics, techniques and procedures used by cyber attackers.
You don’t need an independent party to certify your Essential Eight implementation unless it’s required by government policy, a regulator, or a contract.