Essential Eight Audit
Secure your organisation by ensuring compliance with the government mandated Essential Eight framework.
Who is it For?
An Essential Eight audit is a process of evaluating an organisation’s cyber security posture to ensure compliance with the Australian Cyber Security Centre’s (ACSC) Strategies to Mitigate Cyber Security Incidents.
The Essential Eight were designed to help organisations protect themselves against various cyber threats. All organisations that deal with confidential information or maintain critical systems should conduct an Essential Eight audit. This includes small, medium, and large enterprises, government departments, non-profit organisations, and any other type of organisation.
The 3-phase approach can be customised to suit your timeframe and requirements, however, it will typically be a 4-week timeframe with the following breakdown of tasks:
Week 1: Initial consultation
Meet with stakeholders in the organisation to understand the organisation’s business and its information security infrastructure.
Gather information and contact details on any key stakeholders, third-party companies, or platforms used.
Week 2-3: Engage & Gather Evidence
Conduct a thorough review of the organisation’s information security systems and practices.
Review documentation, observe processes, and test systems and controls.
Gather data and evidence to help evaluate the organisation’s compliance with the Essential Eight.
Conduct workshops with key stakeholders to develop a greater understanding of the organisation’s systems and processes.
Weeks 3-4: Analyse & Assess
Evaluate the current state of the organisation’s security posture against each of the Essential Eight controls.
Develop a report that summarises the findings and highlights any recommendations for improvement.
Meet with key stakeholders in the organisation to discuss the findings and recommendations in the report.
Present the final report and walkthrough recommendations for improving the organisation’s Essential Eight maturity ratings.
What it Encompasses
During an Essential Eight audit, our consultants will review the organisation’s compliance against each of the Essential Eight strategies to mitigate cyber security incidents. These include:
The process of controlling which applications can be installed and used on an organisation’s network. This control ensures that only approved applications are installed, and that they are regularly updated and patched.
The process of regularly updating applications to the latest version to ensure the security of the organisation’s systems. This control patches applications to fix any known vulnerabilities and prevent cyber attacks.
Configure MS Office Macro Settings
The process of controlling if macros are disabled for users that do not have a demonstrated business requirement. This control protects against malicious macros that can be used to spread malware and gain access to systems.
User Application Hardening
The process of restricting a user’s access to certain applications. This control help ensure that applications are sufficiently hardened with particular functions that could allow malicious activities being disabled or removed.
Restrict Administrative Privileges
The process of controlling privileged access to applications and systems and ensuring that access is validated upon request. This control helps organisartions restrict access to sensitive data and prevent malicious activity on the network.
Patch Operating Systems
The process of regularly deploying patches to the organisation’s operating systems. This control ensures the operating system in updated to the latest version to fix any known security vulnerabilities.
The process of requiring users to provide additional authentication methods, such as a PIN or biometric, when accessing the organisation’s network. This control ensures that only authorised users have access to sensitive data.
The process of regularly performing backups of important data, software and configuration settings and retaining them in a resilient manner. This control ensures that any data can be recovered in the event of a cyber attack.
The Benefits for Your Organisation
The Risks of Not Doing an Audit
Talk to a cyber security expert today and secure your systems & data
Talk to one of our leading cyber security experts today, about how we can help you mitigate threats and safeguard your business.
30 min. consult with a trusted security expert