The Australian Signals Directorate (ASD) Essential 8 are strategies to mitigate cyber security incidents.
The strategies have been battle-tested and prioritised by the ASD.
ASD Essential 8 List
Mitigation Strategies to Prevent Malware Delivery and Execution
Application control to prevent execution of unapproved/malicious programs including .exe, DLL, scripts
Applications Patching e.g. Flash, web browsers, Microsoft Office, Java and PDF viewers. Patch/mitigate computers with ‘extreme risk’ vulnerabilities within 48 hours. Use the latest version of applications
Harden Microsoft Office to block macros from the internet, and only allow vetted macros either in ‘trusted locations’ with limited write access or digitally signed with a trusted certificate
User application hardening by configuring web browsers to block Flash (ideally uninstall it), ads and Java on the internet. Disable unneeded features in Microsoft Office (e.g. OLE), web browsers and PDF viewers
Mitigation Strategies to Limit the Extent of Cyber Security Incidents
Restrict administrative privileges to operating systems and applications based on user duties. Regularly revalidate the need for privileges. Don’t use privileged accounts for reading email and web browsing.
Patch operating systems with ‘extreme risk’ vulnerabilities within 48 hours. Use the latest operating system version. Don't use unsupported versions.
Multi-factor authentication including for VPNs, RDP, SSH and other remote access, and for all users when they perform a privileged action or access an important (sensitive/high-availability) data repository.
Mitigation Strategies to Recover Data and System Availability
Daily backups of important new/changed data, software and configuration settings, stored disconnected, retained for at least three months. Test restoration initially, annually and when IT infrastructure changes.
Essential Eight Maturity Model
To assist organisations in determining the maturity of their implementation of the Essential Eight, ACSC offers three maturity levels for each mitigation strategy. The maturity levels are defined as:
Maturity Level One: Partly aligned with the intent of the mitigation strategy
Maturity Level Two: Mostly aligned with the intent of the mitigation strategy
Maturity Level Three: Fully aligned with the intent of the mitigation strategy
Implementation Pain Points
Implementing strong cybersecurity controls in enterprise or government networks, with thousands of machines, can be incredibly challenging.
Some of the common pain points include:
Insufficient dedicated cybersecurity budget
Insufficient support from upper management to receive authority to make changes to ICT systems
Insufficient number of skilled IT professionals to deliver uplift projects
Legacy operating systems and applications that must be maintained for business purposes, but cannot be properly secured
Organisational red tape which significantly delays projects, dilutes results and increase costs
Furthermore, some technical controls such as Application Whitelisting, Multi-Factor Authentication and Restricting Administrative Privileges can be very challenging to implement safely, particularly in complex and dynamic business environments.
Mossé Security works with IT directors, Chief Information Security Officers and Heads of Information Security to develop a viable security strategy that will achieve compliance with the ASD Essential 8.
Our expertise include:
Identifying opportunities to reduce expenditures
Development of business cases to obtain funding for cybersecurity initiatives
Recruitment of talent IT engineers and system administrators
Creation of metrics to measure and demonstrate the Return on Investment (ROI) on cybersecurity spending
Providing support in managing key stakeholders
Mentoring executives and technical stakeholders on cybersecurity
We have experience uplifting the security of networks with 200,000+ machines. When necessary, our team members are also trained on securing production systems that are at risk of a cyber attack, or that have been compromised and now need to be recovered.
This specifically includes solving challenges such as:
Sourcing free application whitelisting software
Developing group policy application whitelisting
Deploying application whitelisting on Windows 7, Windows 8.1, and Windows 10
Mossé Security provides world-class cyber security solutions and strategic security advice to government, private sector clients, and security minded individuals. We operate around the world and our head office is located in Melbourne, Australia.