How is the Essential Eight strategy implemented?

Before implementing the Essential Eight, organisations are advised to identify a target maturity level that is appropriate for their organisation. The ACSC created the Essential Eight Maturity Model to support organisations in the implementation of the Essential Eight. 

By breaking the strategy down into a more graduated process, organisations can identify which maturity level they’d like to aim for. This helps guidelines be built on further, in a way that best suits an organisation’s own operations.

The maturity levels are as follows:

Maturity Level Zero

This level signifies that there are weaknesses in your organisation’s overall cyber security, making you highly susceptible to attack. Opportunistic hackers are likely to be attracted by the ease at which they can retrieve confidential data and compromise your systems.

Maturity Level One

This level signifies that while you might have some cyber security measures in place, they are still vulnerable to opportunistic attack. At this level, hackers seek out opportunities where patches haven’t been applied or systems haven’t been fully secured. Customer data is particularly important for organisations at this level to focus on.

Maturity Level Two

This level signifies that hackers will have a harder time infiltrating your system. That said, it is of course still very possible and your security will still require improvement. Hackers at this level require more time and skill than at previous levels, so organisations with sensitive information or high value operations are more likely to be targeted.

Maturity Level Three

This level signifies that your organisation is a likely target for a more sophisticated cyberattack. Your organisation should focus on securing systems and data from highly skilled hackers. At this level measures to reduce the risk of attacks will follow a more in-depth set of guidelines.

Bonus topic: Did you know that there’s now such a thing as an ‘Ethical Hacker’? Here’s a great video on the subject if you’d like to know more!

Previous
Previous

What level of Maturity is best for my organisation?

Next
Next

Why does my organisation need the Essential Eight?