ASD Essential Eight Assessment
We provide a comprehensive assessment of your current implementation of the ASD Essential Eight, or if you are just getting started, we will help you on your journey. Whatever your position, we get you to a place of comfort so you can be confident that your organisation has effectively implemented the controls, improved its security posture, and significantly reduced the likelihood of compromise to your business.
What is the ASD Essential Eight?
The ASD Essential Eight are a set of security controls recommended by the Australia Cyber Security Center (ACSC) as being the most effective in preventing cyber attacks.
What Makes up the Essential Eight?
What's involved in an Essential Eight Assessment?
The Essential Eight assessment comprises of 3 distinct phases:
- Consult and prepare – understand scope, desired maturity level, process, policy, and people.
- Engage and gather evidence – interview relevant system and policy owners, review architecture and system documentation, assess a sample of systems that represent the in-scope environment.
- Analyse and assess – analyse findings and provide a detailed report.
Assessment against the Essential Eight are conducted using the Essential Eight Maturity Model and specific criteria for each control taken from the ASD Information Security Manual (ISM).
What are the ASD Essential Eight Maturity Levels?
The ASD's Maturity levels ( 0 - 4 ) play a crucial role in assisting organisations with implementing the Essential Eight. These levels are based on preventing increasing levels of cyber criminal expertise and sophistication, as well as the targeted nature of the attackers' efforts (Tactics, Techniques and Procedures).
Organisations will need to consider the level of expertise of a cybercriminal and how targeted they feel their organisation might be rather than focusing on who the cybercriminal is. As part of our assessment process we assist you in picking the most appropriate maturity level for your organisation.
As a minimum an organisation should be aiming to reach maturity level one to be considered to have effective controls.
Maturity Level Zero
This maturity level signifies that there are weaknesses in an organisation’s overall cyber security posture.
Maturity Level One
The focus of this maturity level is malicious actors who are content to simply leverage commodity tradecraft that is widely available.
Maturity Level Two
The focus of this maturity level is malicious actors operating with a modest step-up in capability from the previous maturity level. These malicious actors are willing to invest more time in a target and, perhaps more importantly, in the effectiveness of their tools.
Maturity Level Three
The focus of this maturity level is malicious actors who are more adaptive and much less reliant on public tools and techniques. These malicious actors are able to exploit the opportunities provided by weaknesses in their target’s cyber security posture, such as the existence of older software or inadequate logging and monitoring.
Benefits
Sign up to receive our cyber security tips and curated global security news.
*Data Privacy
Thanks for subscribing! Please check your email for further instructions.
Lvl 17, Angel Place,
123 Pitt Street,
Sydney
NSW 2000
(02) 7230 1350