Overview
The Essential Eight is a cyber self-assessment (security) maturity tool “to help organizations
mitigate cyber security incidents caused by various cyber threats” and have been designed to
protect Microsoft Windows-based internet-connected networks.

To assist organizations in protecting themselves from cyber threats, the Australian Cyber
Security Centre (ACSC) developed a three-tier Maturity Model for the Essential Eight:

Maturity Level Zero: Not yet aligned to the intent of the mitigation strategy.
Maturity Level One: Partly aligned with the intent of the mitigation strategy.
Maturity Level Two: Mostly aligned with the intent of the mitigation strategy.
Maturity Level Three: Fully aligned with the intent of the mitigation strategy.

The Essential Eight is seen as the baseline of cyber security maturity and is just one part of a
wider framework that agencies need to have in place.

The mitigation strategies that constitute the Essential Eight are:

Application control.
Patch applications.
Configure Microsoft Office macro settings.
User application hardening.
Restrict administrative privileges.
Patch operating systems.
Multi-factor authentication.
Regular backups.

1 – Application Control
Application control restricts the use of unauthorized software from being present or running
on an ICT system. Application control prevents or restricts the malicious programs that
attackers can utilize to breach your network and achieve their objectives within the
environment.
Application whitelisting technologies stop malware and other unauthorized software and
other unauthorized software from operating and disrupting ICT services. Unlike security
technologies such as antivirus software which block identified bad activity and permit all
other activity, application whitelisting technologies are designed to only permit known good
files and block all others. To be effective, application control should include all network
endpoints.

2- Patch Applications

Patch management is the process for identifying, acquiring, installing, and verifying patches
for products and systems. ‘Patching applications’ is the systematic implementation of
software updates to ensure functionality and security updates/fixes are applied to
applications within your ICT environment. Patching applications prevents attackers from
using known security vulnerabilities to breach your network and achieve their objectives

3- Configure Microsoft Office macro settings

Macros are popular applications which can enable highly efficient repetitive processes.
However, macros can contain malicious code resulting in unauthorised access to sensitive
information as part of a targeted cyber intrusion, including being used to download other
malicious software.
Microsoft Office environments can be configured to prevent macros which have come from
the internet or have not been identified as trusted

4 – User Application Hardening
User application hardening reduces the ‘attack surface’ malicious cyber actors can use to
deploy malicious software onto user systems (e.g., workstations). Blocking or removing
common software used to download or run malicious software prevents malicious software
from running on organization networks and disrupting ICT services.

5 – Restrict Administrative Privileges

Access to privileged functions is on a need to use basis. Users may be assigned admin
privileges for specific functions within their role; however, these roles should be reviewed
regularly to ensure the admin privileges are still required.
6 – Patch Operating Systems
All workstations should be scanned regularly for Windows updates and applied when
available. Any operating that it no longer supported must be replaced.
7 – Multi-factor Authentication
Requiring at least two forms of authentication (password/PIN, biometric, hardware keys, etc.)
makes it much more difficult for adversaries to gain access to sensitive information and
systems—in fact according to Microsoft’s research it can stop up to 99.9% of identity-based
attacks.
8 – Regular Backups
Backups of important data, software and configuration settings are required. Data needs to
be restored regularly to test the integrity of the backups.
Unprivileged accounts can only access their own backups and cannot delete or modify them.

For more information, Give us a call at: 0883630371