Assign a 'primary' menu

Category Archives for ACSC E8

Improve your Cyber Maturity with Eight Essential Controls

The Australian Cyber Security Centre (ACSC) maintains a guideline called ‘The Essential Eight: Strategies to Mitigate Cyber Security Incidents’.  Government departments’ cyber resilience is measured against these controls.   Research shows that successful implementation of the Essential Eight fends off 85% of targeted cyber-attacks, so it’s a very sound security strategy to follow.

Let’s explore the ACSC’s Cyber Maturity Model[1] for Essential Eight compliance to understand how it works, what to look out for and why you should apply it within your organisation.

Read More

Identity Management: The Key to SOC Success or Failure

Whether an attacker is breaking into your organisation or a malicious insider is trying to exfiltrate data using legitimate access, there is little argument that both attacks require a level of system identity to act on the target. Modern enterprise ICT systems leverage a variety of technologies to attest to the identity of users, but understanding the when and how is equally important.

Read More

Privileged Account Management: Essential Cyber Security Measures

Privileged user accounts, such as those used by administrators, application developers and even the security team themselves are prime targets for attackers. Typically, once an attacker has the credentials for a privileged account, they are free to move around the business as they please.  For this reason, constructing a secure privileged account management capability is a critical building block in your enterprise security architecture.

Read More

Digital Transformation: The Cyber Security Catalyst

The adoption of cloud services is core to the Australian Government’s digital transformation strategy. Cloud services yield faster service delivery for agencies and ensure organisations only pay for what they consume. Yet, this shift to cloud introduces a degree of risk and uncertainty that needs addressing, so let’s look at this risk in terms of merging the Government’s foremost cyber security advice with the Digital Transformation Agency’s cloud-first strategy.  Read more to understand how the ASD’s Essential Eight supports the Australian Government’s move to Cloud.

Read More

How Mature Are Your Cyber Security Controls? 6 Steps to Reporting on the Essential Eight Model

The imminent changes to the Australian Privacy Act (22 Feb 2018) requires businesses report eligible data breaches.  Consequently, executives are asking how they can determine their preparedness and ensure they reduce the risk of potential fines. The Australian Signals Directorate’s (ASD) Essential Eight has received considerable airtime, and for good reason, as it provides a no-nonsense approach for organisations to improve their security posture by focusing on eight cyber security controls.

Read More

Inequity in Multi-Factor Authentication – choosing the right implementation for your organisation

The Australian Signals Directorate (ASD) recommends the use of multi-factor authentication (MFA) within their general security control guidance known as the Essential Eight. They claim, “it is one of the most effective cyber security controls an organisation can implement,” yet, not all implementations of MFA are equally effective, so choosing which one is right for your organisation is essential. Furthermore, adversaries know about inherent weaknesses and have begun targeting organisations that use particularly weak implementations. This blog looks at some of the issues and pitfalls with modern MFA solutions and offers some guidance that supports ASD’s claim that it’s one control not to overlook.

Read More
1 2