A recent statement from U.S. Department of Homeland Security’s Cyber+Infrastructure’s (CISA) National Cyber Awareness System noted that the Australian Cyber Security Centre (ACSC) has updated its “Essential Eight Maturity Model.” Though all this sounds like alphabet soup or bureaucratic gobble-de-gook, the Maturity Model consists of eight important mitigation strategies you should be employing to protect your computing systems. The Model then provides methods to gauge the level of maturity you’ve taken in each area.
In brief, the essential eight strategies are: whitelisting applications, patching applications, configuring Microsoft Office macro settings, hardening user applications, restricting administrative privileges, patching operating systems, using multi-factor authentication and performing daily backups.
For each of the eight strategies, ACSC then provides a method to determine whether you’ve done the bare minimum to protect your systems (Maturity Level One) or have taken the most thorough precautions to keep your systems safe (Maturity Level Three).
What’s convenient about this method of measuring your cybersecurity efforts is that it’s simple to understand and apply. Of course, some of the advanced steps needed to reach Maturity Level Three will require the participation of your IT department’s experts and coordination with your control engineers. But with some dialog with your IT/controls people, you can determine what your company still needs to do to become as cyber secure as possible.
To get a deeper understanding of this eight-step maturity model, visit Australia’s Essential Eight Maturity Model.