The Essential Eight - For Cyber Security
Frances Russell
Managing Director | IT strategy, solutions and support helping businesses achieve their goals
Security is an everyday task. I don’t mean it's routine or low importance, but that it is crucial and needs attention everyday to keep your business, your people and your systems safe.
Security should not be about shutting the stable door after the horse has bolted. It should be proactive so that cyber-attacks don’t work in the first place. That's why the Australian Cyber Security Centre (ACSC) has published The Essential Eight. It's not a standard or a framework, it's a list of practical actions you can take so your systems and your people and your data are safer.
This article explains why The Essential Eight strategies matter and how they should be applied in your business.
Why another set of guidelines?
There are already so many security guidelines, frameworks, standards, why add another one?
Whether you are a large business with demanding security requirements, or a business with very sensitive data, or a small business just starting out, The Essential Eight will help you meet your security requirements. With a clear path to progressive improvement through a maturity model, The Essential Eight can guide you to align at the level you need for your unique business circumstances. A key difference between The Essential Eight and other security guidance is that the strategies are all proactive and practical.
Cyber crime is a real cost to Australian business
Here are some basic facts:
Enter The Essential Eight
It's easy to follow the Essential Eight: it’s a practical list of how to configure your systems so they are a lot tougher on cyber crooks by proactively guarding against many of the most common attacks. There are eight areas to configure:
Here is a nice summary - thanks to Red Gate for the graphic
If you implement all of these – and really do them, not just write them in a policy – then your systems will be much safer from attack. Simple as that.
How to implement The Essential Eight
The Essential Eight is designed for businesses to be able to follow a plan for implementing the strategies. The ACSC has provided a Maturity Model with three levels, using it any business can:
领英推荐
Here is an example
One of the Essential Eight is “Patch Applications”. In summary, this strategy includes:
?Here is what that looks like across the different maturity levels (I have included Level 0):
Each of the strategies has easy to understand guidance for each maturity level. In this example, you can see if you are a company with sensitive data or high needs for uptime, you most likely need to align with Level 3.
Not a do-it-yourself project
All the strategies require technical skills to implement and all of them require proper automation, monitoring and control to roll out and manage across your environment. They highlight the need for a good IT partner to support your business.
To implement the Essential Eight:
What will you get for your trouble?
Of the top 15 most successful types of cyber attack, The Essential Eight covers 10. Here is a list of those top 15:
The majority - first ten on the list can all be made safe by implementing The Essential Eight. The last five relate to websites, networks and people. You can fix these by:
Your business needs to implement The Essential Eight - do it now!
FooForce can help you to do a Maturity Level assessment and assist with implementing The Essential Eight for your business. Contact me for a chat: [email protected] or phone us 1300366367
Managing Director | IT strategy, solutions and support helping businesses achieve their goals
2 年30% of revenue as fines to organisations if a cyber hack steals your data.That’s the proposed legislation announced last week. A good incentive for all organisations to take security seriously. There are tools and partners that can help!