The Australian Cyber Security Centre (ACSC) has strengthened the implementation guidance for the Essential Eight, a series of mitigation strategies to help organisations make it harder for adversaries to compromise their systems.
The ACSC said the Essential Eight series was taken from the Australian Signals Directorate’s Strategies to Mitigate Cyber Security Incidents and includes guidance changes that reflect its experience in producing cyber-threat intelligence; responding to cyber-security incidents; conducting penetration testing; and assisting organisations to implement the Essential Eight.
“The Essential Eight Maturity Model now prioritises the implementation of all eight mitigation strategies as a package due to their complementary nature and focus on various cyber threats,” the ACSC said.
“Organisations should fully achieve a maturity level across all eight mitigation strategies before moving to achieve a higher maturity level,” it said.
“In addition, there is also an increased emphasis on risk management, which includes better enabling organisations to manage risks associated with legacy systems.”
The ACSC said the changes followed an Agency review which included consultation with Government and industry partners.
“Essential Eight are the most effective mitigation strategies organisations can adopt to protect themselves against cyber threats, with the Essential Eight Maturity Model designed to assist organisations to implement them,” it said.
The Agency said the mitigation strategies could be customised based on each organisation’s risk profile and the adversaries they were most concerned about.
The ACSC’s 18-page updated Essential Eight Maturity Model can be accessed at this PS News link.